Unable to connect to registry with token auth #47
Description
Hi,
I'm unable to connect to my registry using either the static option with URL, with REGISTRY_URL or the dynamic one.
I'm always getting a "toast" with the response from the server:
{
"errors": [
{
"code": "UNAUTHORIZED",
"message": "authentication required",
"detail": null
}
]
}Here's a screenshot:
Things to note:
- Both run inside a company network, not accessible from the internet
- The registry works fine with authentication. I can
docker login stable.registry.example.comwithout any issue. - I tried to use the demo version, it didn't work either. I got an error saying to check my connectivity and set the Access-Control-Allow-Origin header to
https://joxit.github.com(which I did). - Both services are served through Traefik, which handles the routing and the TLS part.
Here's my docker-compose.yml
version: '3.5'
services:
ui:
image: joxit/docker-registry-ui:static
environment:
#- URL=https://stable.registry.example.com
- REGISTRY_URL=http://registry:5000
networks:
- traefik-net
deploy:
placement:
constraints:
- node.role == worker
- node.platform.os == linux
update_config:
order: start-first
labels:
- "traefik.port=80"
- "traefik.docker.network=traefik-net"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:ui.registry.example.com"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.backend.loadbalancer.method=drr"
registry:
image: registry:2
networks:
- traefik-net
volumes:
- /mnt/registry:/var/lib/registry
env_file: env.env # The env file only contains the HTTP secret key
deploy:
placement:
constraints:
- node.role == worker
- node.platform.os == linux
- node.labels.registry == true
update_config:
order: start-first
labels:
- "traefik.port=5000"
- "traefik.docker.network=traefik-net"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:edge.registry.example.com,stable.registry.example.com"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.backend.loadbalancer.method=drr"
configs:
- source: docker_auth.pem
target: /docker_auth.pem
- source: registry_config.yml
target: /etc/docker/registry/config.yml
networks:
traefik-net:
external: true
configs:
docker_auth.pem:
file: ./docker_auth.pem
registry_config.yml:
file: ./registry_config.yml
name: registry_config_v${REGISTRY_CONFIG_VERSION}.ymland my registry_config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['https://ui.registry.example.com']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
auth:
token:
rootcertbundle: /docker_auth.pem
realm: "https://stable.docker-auth.example.com/auth"
service: "Docker registry"
issuer: "example docker auth server"