Docker Community Forums

Share and learn in the Docker community.

Trouble setting up private registry behind Apache proxy on subpath

I am trying to setup private registry on subpath, docker version 18.9.5-ce, build e8ff056dbc on Arch Linux.

My goal is to have it at adress https://192.168.77.1/docker-registry.

Apache is configured with self-signed SSL certificate. This is a configuration for docker-registry:

<Location /docker-registry>
  ProxyPreserveHost on
  ProxyPass http://127.0.0.1:5500
  ProxyPassReverse http://127.0.0.1:5500

  Header set "Docker-Distribution-Api-Version" "registry/2.0"

  RequestHeader set X-Forwarded-Proto "https"

  LimitRequestBody  0

  Order deny,allow
  Allow from all
</Location>

And my docker-compose.yml for registry:

services:
  registry:
    image: registry:2
    ports:
    - "5500:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Docker registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - ./auth:/auth
      - ./data:/data

Authentication works from browser, I can test it with curl:

[zork@serenity]$ curl --user 'zork:**********'  --insecure https://192.168.77.1/docker-registry/v2/
{}

But when I try to login with docker I get:

zork@serenity backend]docker login 192.168.77.1/docker-registry
Username: zork
Password: ********** 
Error response from daemon: login attempt to http://192.168.77.1/v2/ failed with status: 404 Not Found

The path to registry is missing /docker-registry/ subpath.
I started docker daemon with debug enabled and here are logs:

May 24 12:13:04 serenity dockerd[7017]: time="2019-05-24T12:13:04.484021614+02:00" level=debug msg="Calling GET /_ping"
May 24 12:13:04 serenity dockerd[7017]: time="2019-05-24T12:13:04.484378721+02:00" level=debug msg="Calling GET /v1.39/info"
May 24 12:13:09 serenity dockerd[7017]: time="2019-05-24T12:13:09.856990253+02:00" level=debug msg="Calling POST /v1.39/auth"
May 24 12:13:09 serenity dockerd[7017]: time="2019-05-24T12:13:09.857073314+02:00" level=debug msg="form data: {\"password\":\"*****\",\"serveraddress\":\"192.168.77.1\",\"username\":\"zork\"}"
May 24 12:13:09 serenity dockerd[7017]: time="2019-05-24T12:13:09.857144505+02:00" level=debug msg="attempting v2 login to registry endpoint https://192.168.77.1/v2/"
May 24 12:13:09 serenity dockerd[7017]: time="2019-05-24T12:13:09.862254578+02:00" level=info msg="Error logging in to v2 endpoint, trying next endpoint: login attempt to https://192.168.77.1/v2/ failed with status: 404 Not Found"
May 24 12:13:09 serenity dockerd[7017]: time="2019-05-24T12:13:09.862287990+02:00" level=debug msg="attempting v2 login to registry endpoint http://192.168.77.1/v2/"
May 24 12:13:09 serenity dockerd[7017]: time="2019-05-24T12:13:09.863528262+02:00" level=info msg="Error logging in to v2 endpoint, trying next endpoint: login attempt to http://192.168.77.1/v2/ failed with status: 404 Not Found"

It seems that docker daemon is ignoring /docker-registry/ subpath when trying to login.

Is there any way to configure daemon to use http://192.168.77.1/docker-registry when trying to contact my endpoint?

Thanks,
Lukasz