Creating a Private Docker Registry with Authentication

So I am trying to run my own docker registry with authentication so I can access it externally. To do this I am using the docker registry image from the docker hub like so:

docker run -p 5000:5000 -d -v /opt/registry:/tmp/registry registry:0.8.1

I am then using HAProxy to link this to the URL reg.mydomain.com and add the authentication:

  • docker -v and symlinks
  • Kubeadm + flannel , service not accessable
  • Docker php_network_getaddresses error
  • xdebug not working in Docker for Mac
  • How can I gdb attach to a process running in a docker container?
  • Deploy .war on tomcat Docker container
  • userlist auth_list
        group registry users root
        user root password [password]
    
    backend docker-registry
        mode http
        server localhost:5000_localhost localhost:5000 cookie localhost:5000_localhost
    
    frontend web
        mode http
        bind *:80
        bind *:443 ssl crt /path/to/ssl.pem
        acl domain hdr(host) -i reg.mydomain.com
        acl auth_docker_registry http_auth_group(auth_list) registry
        acl registry_ping url_sub _ping
        http-request auth realm Registry if !auth_docker_registry domain !registry_ping
        use_backend docker-registry if domain
    

    Once that was running I logged in using this command:

    root@mydomain:~# docker login https://reg.mydomain.com
    Username: root
    Password:
    Email:
    Login Succeeded
    

    The problem is, when I run a command to either push or pull the the registry I get these errors:

    root@mydomain:~# docker pull reg.mydomain.com/project1
    The push refers to a repository [reg.mydomain.com/project1] (len: 1)
    Sending image list
    Pushing repository reg.mydomain.com/project1 (1 tags)
    511136ea3c5a: Pushing
    2014/11/24 20:40:33 HTTP code 401, Docker will not send auth headers over HTTP.
    
    root@mydomain:~# docker pull reg.mydomain.com/project1
    Pulling repository reg.mydomain.com/project1
    2014/11/24 20:40:38 Could not reach any registry endpoint
    

    My guess at what the problem was is that the HTTPS connection is terminated at HAProxy and the rest of the connection (between HAProxy and Docker Registry container) is HTTP but the authentication header is still present resulting in the error on pushing. To test this I add reqidel ^Authorization to backend section of the HAProxy configuration to no avail.

    It is also worth noting I can navigate https://reg.mydomain.com and sub directories such as /v1/_ping in a web browser and it all works as expected (I have to log in, etc.). Also, at the time of writing, I am using docker registry version 0.8.1 rather than 0.9 as the 0.9 image doesn’t start.

    If there is any additional information required, please let me know.

    Thanks, JamesStewy

  • flink on docker disk full
  • Docker is unable to delete a file when building images
  • Docker swarm - add new worker - re scale the service
  • How to run Google Datalab locally?
  • How to find Docker container's layer ID and reuse it in another container
  • Create container from local file
  • One Solution collect form web for “Creating a Private Docker Registry with Authentication”

    Ok, so it turns out simply telling docker to use HTTPS isn’t enough, you have to force it. To do so I added redirect scheme https if !{ ssl_fc } domain to my frontend to redirect HTTP traffic to HTTPS which stopped the above errors from occurring.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.