How to configure proxy host for docker registry #2325
Description
I would like to have my own docker registry behind nginx-proxy-manager. My docker-compose for the registry is below;
version: '3'
services:
registry:
image: registry:2
container_name: registry
restart: unless-stopped
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_HTTP_SECRET: mys3cr3t
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
volumes:
- ./data/registry/config.yml:/etc/docker/registry/config.yml
- registry_data:/var/lib/registry
- ${PWD}/registry.auth.file:/auth/htpasswdI created a proxy host with default settings. I can successfully log in to my private registry via the docker login CLI tool.
docker login registry.mydomain.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /home/username/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login SucceededHowever, when I tried to push some images to my private registry, I got an authentication error.
docker push registry.mydomain.com/hello-world
Using default tag: latest
The push refers to repository [registry.mydomain.com/hello-world]
e07ee1baac5f: Pushing [==================================================>] 14.85kB
unauthorized: authentication required
In the logs of registry, I see that there is no problem with POST requests. But PATCH requests are failing.
172.18.0.13 - - [14/Oct/2022:18:38:32 +0000] "POST /v2/hello-world/blobs/uploads/ HTTP/1.1" 202 0 "" "docker/20.10.19 go/go1.18.7 git-commit/c964641 kernel/5.4.0-128-generic os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.19 \\(linux\\))"
time="2022-10-14T18:38:32.578849941Z" level=info msg="response completed" go.version=go1.16.15 http.request.host=registry.mydomain.com http.request.id=52fa5505-7d84-48dc-b8c6-0979f4725dc3 http.request.method=POST http.request.remoteaddr=172.18.0.1 http.request.uri="/v2/hello-world/blobs/uploads/" http.request.useragent="docker/20.10.19 go/go1.18.7 git-commit/c964641 kernel/5.4.0-128-generic os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.19 \(linux\))" http.response.duration=9.354108ms http.response.status=202 http.response.written=0
172.18.0.13 - - [14/Oct/2022:18:38:32 +0000] "PATCH /v2/hello-world/blobs/uploads/6e3d4c8f-a8c4-4ff2-b3d5-cfccc7bf93e6?_state=58yhM2HEzfKSV1MlfmGc7pGDTgoVooJVZnwWMJj_sn57Ik5hbWUiOiJoZWxsby13b3JsZCIsIlVVSUQiOiI2ZTNkNGM4Zi1hOGM0LTRmZjItYjNkNS1jZmNjYzdiZjkzZTYiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjItMTAtMTRUMTg6Mzg6MzIuNTczNTg5OTlaIn0%3D HTTP/1.1" 401 224 "" "docker/20.10.19 go/go1.18.7 git-commit/c964641 kernel/5.4.0-128-generic os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.19 \\(linux\\))"
time="2022-10-14T18:38:32.715716117Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential" go.version=go1.16.15 http.request.host=registry.mydomain.com http.request.id=6a57c4f4-b99b-4d7e-aed7-d5c1ad449e19 http.request.method=PATCH http.request.remoteaddr=172.18.0.1 http.request.uri="/v2/hello-world/blobs/uploads/6e3d4c8f-a8c4-4ff2-b3d5-cfccc7bf93e6?_state=58yhM2HEzfKSV1MlfmGc7pGDTgoVooJVZnwWMJj_sn57Ik5hbWUiOiJoZWxsby13b3JsZCIsIlVVSUQiOiI2ZTNkNGM4Zi1hOGM0LTRmZjItYjNkNS1jZmNjYzdiZjkzZTYiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjItMTAtMTRUMTg6Mzg6MzIuNTczNTg5OTlaIn0%3D" http.request.useragent="docker/20.10.19 go/go1.18.7 git-commit/c964641 kernel/5.4.0-128-generic os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.19 \(linux\))" vars.name=hello-world vars.uuid=6e3d4c8f-a8c4-4ff2-b3d5-cfccc7bf93e6
I believe I need some Nginx configuration, but I couldn't find what I need. I found this StackOverflow post, but it didn't helped since I didn't figure out how to do.