-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unable to login to private v2 registry #842
Comments
We need a bit more information to debug this. Please follow the steps here: |
Using Apache 2.4.6 to proxy registry error when tried to login
|
Thanks @natarajanv What is your authentication setup? What do the registry logs output when you try to login? |
LDAP authentication
[root@r10a-venkat-docker my_apache]# |
Is a call to a v1 registry. Something is amiss with your setup. Rerun the daemon in debug mode and trace the calls after you issue the login command. |
[venkat@r10a-venkat-docker compose_test]$ docker --debug=true login -u venkat -e venkat@mitre.org https://r10a-venkat-docker.mitre.org:8443 ########### [venkat@r10a-venkat-docker compose_test]$ docker --debug=true info |
Those are not the daemon logs. Run the daemon in debug mode and trace the calls after you issue the login command. |
time="2015-08-10T14:54:40-04:00" level=debug msg="Calling POST /auth" |
these are the apache configurations:
|
@natarajanv your apache is returning a 500 error.
Can you provide your apache error log? |
I recreated the error after cleaning out the log files. here are the logs from apache [root@r10a-venkat-docker my_apache]# cat error_log [root@r10a-venkat-docker my_apache]# cat ssl_request_log [root@r10a-venkat-docker my_apache]# cat ssl_access_log |
Hi, I'm having the same error after just trying to set up a private registry with htpasswd auth. The version of docker I'm trying to sign in with is I was following the instructions here: https://docs.docker.com/registry/deploying/ There's a big wall of output coming (I hope it is helpful) so firstly, thanks for your time. From the server:
I ran
I start the container with registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/star.small.mu.crt
REGISTRY_HTTP_TLS_KEY: /certs/star.small.mu.key
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /var/lib/registry/data:/var/lib/registry
- /etc/registry/certs:/certs
- /etc/registry/auth:/auth Container log output:
|
I mentioned I was following https://docs.docker.com/registry/deploying/ for the process. There was one deviation, I was unable to get:
working correctly. It would claim |
My issue, #860 might be a duplicate of this (though I used native and not apache server). Also I like Bockit had to install apache utils since it was not in the image. Perhaps this is related to issue (perhaps the cause) |
environment NG? Tentatively...
config.yml
|
Everybody: if you cannot run Please make sure you Confirm you have the latest version by issuing a:
Should output:
|
@Bockit you are likely missing an entry in your compose file:
Sorry for the documentation was inaccurate on this, and this is fixed by #865 Finally: everybody, people here are reporting various different issues. One of you is trying to use Apache. In the name of maintainers sanity, I would ask you if you can to create separate tickets for separate issues: if your setup is different from the original poster, please create a separate ticket. Thanks. |
@dmp42 apologies for the noise, and thanks for the help. If I'm still having problems I'll create a new issue. |
[venkat@r10a-venkat-docker compose_test]$ docker run registry:2 --version |
@natarajanv your apache config is the problem here. Also, can you confirm you successfully followed the steps described in deploying.md, and you can successfully pull and push from your registry directly (without Apache in front). Then you should review https://github.com/docker/distribution/blob/master/docs/nginx.md and figure out what's missing in Apache, without trying to add authentication. Thanks. |
We are under the impression that Apache ProxyPassReverse does it automatically, based on this http://wiki.nginx.org/LikeApache Thanks From: Olivier Gambier [mailto:notifications@github.com] @natarajanvhttps://github.com/natarajanv your apache config is the problem here. Also, can you confirm you successfully followed the steps described in deploying.md, and you can successfully pull and push from your registry directly (without Apache in front). Then you should review https://github.com/docker/distribution/blob/master/docs/nginx.md and figure out what's missing in Apache, without trying to add authentication. Thanks. — |
Yes, I can pull/push successfully without Apache. Thanks From: Olivier Gambier [mailto:notifications@github.com] @natarajanvhttps://github.com/natarajanv your apache config is the problem here. Also, can you confirm you successfully followed the steps described in deploying.md, and you can successfully pull and push from your registry directly (without Apache in front). Then you should review https://github.com/docker/distribution/blob/master/docs/nginx.md and figure out what's missing in Apache, without trying to add authentication. Thanks. — |
Can you mail me your complete Apache configuration? (just tar |
These are the custom configuration which gets loaded via the include into the main configuration: authnz_ldap.conf file: AuthBasicProvider ldap AuthLDAPUrl "ldap://validname.org:3268/DC=mitre,DC=org?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "DC=MITRE,DC=ORG" AuthLDAPBindPassword "validpassword" AuthType Basic AuthName "APACHE Login"
registry_header.conf file: Header set Docker-Distribution-Api-Version "registry/2.0"rev_proxy.conf file ProxyPreserveHost On ProxyRequests Off ProxyPass /v2/ http://registry:5000/v2/ ProxyPassReverse /v2/ http://registry:5000/v2/This is the output I get when I login using the above config: [venkat@r10a-venkat-docker compose_test]$ docker login -u venkat -e venkat@mitre.org r10a-venkat-docker.mitre.org:8443 These are the corresponding entries in the apache logs for this login: ==> ssl_access_log <== ==> ssl_request_log <== ==> ssl_access_log <== ==> ssl_request_log <== ==> ssl_access_log <== ==> ssl_request_log <== BTW, I have tried with ‘<Location / >’ and ‘ProxyPass / / http://registry:5000/’ as well…. With <Location / > in the configuration, this is what I get for login: [venkat@r10a-venkat-docker compose_test]$ docker login -u venkat -e venkat@mitre.org r10a-venkat-docker.mitre.org:8443 Log entries: ==> ssl_access_log <== ==> ssl_request_log <== ==> ssl_access_log <== ==> ssl_request_log <== ==> ssl_access_log <== ==> ssl_request_log <== ==> ssl_access_log <== ==> ssl_request_log <== This is the registry version: [venkat@r10a-venkat-docker compose_test]$ docker run registry:2 --version This is my compose file: [venkat@r10a-venkat-docker compose_test]$ cat apache_and_registry2.yml Thanks From: Olivier Gambier [mailto:notifications@github.com] @natarajanvhttps://github.com/natarajanv Can you mail me your complete Apache configuration? (just tar /etc/apache or whatever contains the config). — |
@natarajanv we just put together an Apache recipe. Can you give this a spin: https://github.com/dmp42/distribution/blob/5.all-ur-proxy-are-belong-to-us/docs/apache.md Then let us know if this is working? From there you should be able to just hook in LDAP auth. |
Oliver, Thanks From: Olivier Gambier [mailto:notifications@github.com] @natarajanvhttps://github.com/natarajanv we just put together an Apache recipe. Can you give this a spin: https://github.com/dmp42/distribution/blob/5.all-ur-proxy-are-belong-to-us/docs/apache.md Then let us know if this is working? From there you should be able to just hook in LDAP auth. — |
@natarajanv then all that is remaining is plugging in the ldap auth. Someone achieved it using nginx here: docker-archive/docker-registry#1026 |
@natarajanv : is this still an issue for you? |
Closing for bookkeeping. Please state so if this is still an issue. |
So thank you for your feed back, doing the exact same thing 4 years later, got the exact same problem, only difference is that I managed to have Feedback 1
|
I get the following error message during login:
I am using docker v 1.6.2
Any idea why it is failing. I have all the certs in the right place.
The text was updated successfully, but these errors were encountered: