Skip to content
This repository has been archived by the owner on Sep 12, 2018. It is now read-only.

I'm not able to auth on private registry #1080

Open
jeusdi opened this issue Jul 18, 2016 · 4 comments
Open

I'm not able to auth on private registry #1080

jeusdi opened this issue Jul 18, 2016 · 4 comments

Comments

@jeusdi
Copy link

jeusdi commented Jul 18, 2016

I've create an htpasswd file and a certificate (a .crt + .key files).

After that I start my registry:

docker run -d -p 5000:5000 -p 444:443 --restart=always --name registry
    -v /root/docker-registry/auth/:/auth 
    -e "REGISTRY_AUTH=htpasswd"
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Restricted"
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/docker-registry.htpasswd
    -v /root/docker-registry/certs/:/certs
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt
    -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key registry:2

So, I'm trying to login on registry, but I'm receiving this response:

docker login -u XXX -p PPP -e [email protected] localhost:5000

Response:

Warning: '-e' is deprecated, it will be removed soon. See usage.
Error response from daemon: login attempt to https://localhost:5000/v2/ failed with status: 401 Unauthorized

I've took a look on logs (docker logs registry):

172.17.0.1 - - [18/Jul/2016:07:49:16 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))"
time="2016-07-18T07:49:16Z" level=error msg="error authenticating user "jordi": authentication failure" go.version=go1.6.2 http.request.host="localhost:5000" http.request.id=209842a5-2d5c-468b-a444-2b960c2fb696 http.request.method=GET http.request.remoteaddr="172.17.0.1:58953" http.request.uri="/v2/" http.request.useragent="docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))" instance.id=74445728-3e01-4ef6-9027-109b5fcfd135 version=v2.4.1
time="2016-07-18T07:49:16Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Restricted": authentication failure" go.version=go1.6.2 http.request.host="localhost:5000" http.request.id=209842a5-2d5c-468b-a444-2b960c2fb696 http.request.method=GET http.request.remoteaddr="172.17.0.1:58953" http.request.uri="/v2/" http.request.useragent="docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))" instance.id=74445728-3e01-4ef6-9027-109b5fcfd135 version=v2.4.1
172.17.0.1 - - [18/Jul/2016:07:49:16 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))"

I've been working on this issue for a long time, but I'm quite able to figure out waht I'm doing wrong...

@dmp42
Copy link
Contributor

dmp42 commented Jul 18, 2016

@jeusdi can you copy paste the command you ran to create your htpasswd file?

@jeusdi
Copy link
Author

jeusdi commented Jul 19, 2016

You given me a clue. I've dug out a bit and I've realised I used htpasswd command tool without -B option:

htpasswd -Bbn user passwd > docker-registry.htpasswd

It works fine now using this command:

docker login -u user -p passwd -e [email protected] localhost:5000

Login Succeeded

However, as you can see before I've configured registry with TLS certificates.

docker login -u user -p passwd -e [email protected] https://localhost:443

I'm comming up with this message each time:

Error response from daemon: Get http://localhost:443/v1/users/: read tcp [::1]:58076->[::1]:443: read: connection reset by peer

registry is listening on 443 and 5000:

# docker port registry
443/tcp -> 0.0.0.0:443
5000/tcp -> 0.0.0.0:5000

So, I'm trying to connect to it using only secured connection...

@testzlx
Copy link

testzlx commented Feb 23, 2017

I have the same problem,please help

@aaronisme
Copy link

aaronisme commented Jan 2, 2018

facing the same issue and -B is worked for me as well. but got a question about it. I have read the document for htpasswd.

'-B' seems like use bcrypt encryption method.

is it the only encryption method supported ?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants