Make auth type configurable if auto detection fails

[riedel]

Describe the bug

We are running sonatype nexus behind a reverse proxy and GetChallengeURL returns an URL, which has totally different auth requirements than the actual image.

Since the autodetection fails there should be a way to tell watchtower to ignore basic auth

It would be expected that watchtower works if docker pull works for the same image.

Could the GetChallengeURL maybe just remove the last 1 or 2 path elements of the image url?

Steps to reproduce

1. configure a docker repo on https://yourrepo/v2/repository/
2. publish an image publically https://yourrepo/v2/repository/my/image/
3. return 401 on https://yourrepo/v2/
4. try to update yourrepo/repository/my/image:latest via watchtower

Expected behavior

It would be expected if the image is publically readable there is nofaiure.

Screenshots

No response

Environment

Docker version 27.3.1, build ce12230
Linux 5.15.0-131-generic #141-Ubuntu SMP Fri Jan 10 21:18:28 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Your logs

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Got image name: yourrepo/repository/your/image:latest"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Credentials loaded"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Checking if pull is needed" container=/ubuntu-1 image="yourrepo/repository/your/image:latest"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Built challenge URL" URL="https://yourrepo/v2/"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Got response to challenge request" header="BASIC realm=\"Sonatype Nexus Repository Manager\"" status="401 Unauthorized"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Parsing image ref" host=yourrepo image=repository/your/image normalized=yourrepo/repository/your/image tag=latest

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Doing a HEAD request to fetch a digest" url="https://yourrepo/v2/repository/your/image/manifests/latest"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Could not do a head request for \"yourrepo/repository/your/piveau-hub-ui:latest\", falling back to regular pull." container=/ubuntu-1 image="yourrepo/repository/your/image:latest"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Reason: registry responded to head request with \"401 Unauthorized\", auth: \"BASIC realm=\\\"Sonatype Nexus Repository Manager\\\"\"" container=/ubuntu-1 image="yourrepo/repository/your/image:latest"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Pulling image" container=/ubuntu--1 image="yourrepo/repository/your/image:latest"

watchtower-1  | time="2025-03-24T15:04:56Z" level=debug msg="Error pulling image yourrepo/repository/your/image:latest, Error response from daemon: unauthorized:"

watchtower-1  | time="2025-03-24T15:04:56Z" level=info msg="Unable to update container \"/ubuntu-1\": Error response from daemon: unauthorized:. Proceeding to next."

Additional context

No response

[github-actions]

Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏