You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Perhaps it would be a nice idea to increase the documentation under https://docs.docker.com/registry, and especially the examples under recipes/nginx / apache.
Simplest enhancement would be a link to the specification at one of these points.
More advanced, would be the information that the v2 endpoint is used as health endpoint, and would always called without the given credentials from docker clients, what results in expected 401 on secured registries and can be irritate intrusion detection systems, that should be have configured exceptions or the proxy configuration should have only authorization under the /v2/ endpoint, not for the endpoint self.
In my eyes it is an inconsistency, but easy to work around.
Description
A docker swarm have services with containers from a private registry.
The registry is saved with basic auth.
The credentials are saved local after the docker login command.
The first call to the registry root is always unauthorized, because the stored credentials are not used.
As a result fail2ban can block the swarm at updates, redeploys etc.
Always the first get request
GET https://registry.equeo.de/v2/ HTTP/1.1
receives a 401, because the user is missedSteps to reproduce the issue:
Describe the results you received:
It looks like the first request, has the function is the registry accessible and answers, is always unauthorized.
Describe the results you expected:
Every http access to a registry with given credentials, should use these credentials.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: