Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Private Docker registry in pull through cache mode return "invalid authorization credential"

I'm using the official Docker registry image, and have configured it as a pull though cache.

My clients can log in and push/pull local images, such as this:

docker login -u username -p secret docker.example.local:5000
docker pull docker.example.local:5000/myImage

I've configured my clients to use the Docker registry server as a proxy:

root@server:/# cat /etc/docker/daemon.json
  {
     "registry-mirrors": ["https://docker.example.local:5000"]
  }

But when my clients tries to pull images not already present on the registry server, I get an error. Example pull command:

docker pull alpine

The registry server then responds with this message in its log file:

error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential

I came across this SO post suggesting putting a Nginx proxy server in front, but this seems like a hack and I'd prefer some cleaner way of doing this if possible.

How have others set up their registry server in a pull through cache mode - did you find a better solution than setting up an Nginx proxy in front of the registry server?

like image 561
protoken Avatar asked Apr 30 '18 09:04

protoken


People also ask

Can we secure a private Docker registry?

Summary. Securing the registry is important. The Docker team made it pretty easy to host your own private docker registry by providing Open Source, Python, and web applications for doing that.

What is pull through cache?

Pull through cache repositories provide the benefits of the built-in security capabilities in Amazon Elastic Container Registry (Amazon ECR), such as AWS PrivateLink enabling you to keep all of the network traffic private, image scanning to detect vulnerabilities, encryption with AWS Key Management Service (AWS KMS) ...


1 Answers

You are using wrong name of registry-server-name.
Do not use https:// prefix

#>docker login -u username -p secret docker.example.local:5000
like image 88
fly2matrix Avatar answered Sep 29 '22 02:09

fly2matrix