I am currently trying to create my own private docker registry with token authorization enabled. However I am having issues when I try to authorize the token created by the authorization server.
I implemented these block to my docker run command configuration as follows (on https://myregistry.com):
docker run -p 5000:5000 --restart=always --name registry \ -v `pwd`/docker/registry/config.yml:/etc/docker/registry/config.yml \ -v `pwd`/nginx/fullchain.pem:/etc/docker/registry/fullchain.pem \ -v `pwd`/nginx/privkey.pem:/etc/docker/registry/privkey.pem \ -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data \ -e REGISTRY_STORAGE_DELETE_ENABLED=true \ -e REGISTRY_AUTH=token \ -e REGISTRY_AUTH_TOKEN_REALM=https://auth.mysite.com/api/docker_success \ -e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \ -e REGISTRY_AUTH_TOKEN_ISSUER="Auth service" \ -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/etc/docker/registry/fullchain.pem \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/privkey.pem \ registry:2
After the registry starts, I run
docker login myregistry.com:5000 from some another random PC and it asks Username and Password. When I enter random username and the right token which is generated by https://auth.mysite.com/api/docker_success, it throws 401 Unauthorized and I can see
msg="error authorizing context: authorization token required" entry on the registry’s logs. I don’t understand what type of token it expects I return a token from
https://auth.mysite.com/api/docker_success to the client as a response using flask. What type of information should I return from the