Docker Community Forums

Share and learn in the Docker community.

Private Docker Registry Token Authorization

Hello all,

I am currently trying to create my own private docker registry with token authorization enabled. However I am having issues when I try to authorize the token created by the authorization server.

I implemented these block to my docker run command configuration as follows (on https://myregistry.com):

docker run -p 5000:5000 --restart=always --name registry \
-v `pwd`/docker/registry/config.yml:/etc/docker/registry/config.yml \
-v `pwd`/nginx/fullchain.pem:/etc/docker/registry/fullchain.pem \
-v `pwd`/nginx/privkey.pem:/etc/docker/registry/privkey.pem \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data \
-e REGISTRY_STORAGE_DELETE_ENABLED=true \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://auth.mysite.com/api/docker_success \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Auth service" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/etc/docker/registry/fullchain.pem \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/fullchain.pem \
-e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/privkey.pem \
registry:2

After the registry starts, I run docker login myregistry.com:5000 from some another random PC and it asks Username and Password. When I enter random username and the right token which is generated by https://auth.mysite.com/api/docker_success, it throws 401 Unauthorized and I can see msg="error authorizing context: authorization token required" entry on the registry’s logs. I don’t understand what type of token it expects I return a token from https://auth.mysite.com/api/docker_success to the client as a response using flask. What type of information should I return from the https://auth.mysite.com/api/docker_success?