Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- upstream registry {
- server vm-2:5000 fail_timeout=5s;
- }
- server {
- listen 80;
- server_name my.domain.ch; # server_name ;
- return 301 https://$host$request_uri;
- }
- server {
- listen 443 ssl;
- server_name my.domain.ch; # server_name ;
- charset utf-8;
- keepalive_timeout 5;
- add_header Docker-Distribution-Api-Version registry/2.0 always;
- ssl_certificate /etc/nginx/ssl/cert.pem;
- ssl_certificate_key /etc/nginx/ssl/key.pem;
- ssl_ecdh_curve secp521r1;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCMSHA384:ECDHE-ECDSA-AES256-SHA384:EC$
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $http_host;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header Docker-Distribution-Api-Version registry/2.0;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_read_timeout 900;
- location / {
- auth_basic "Restricted";
- auth_basic_user_file /etc/nginx/htpasswd;
- proxy_pass https://registry;
- }
- }
- registry:
- restart: always
- image: registry:2
- ports:
- - 5000:5000
- environment:
- REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
- REGISTRY_HTTP_TLS_KEY: /certs/key.pem
- REGISTRY_AUTH: "htpasswd"
- REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
- REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
- REGISTRY_LOG_LEVEL: "debug"
- volumes:
- - /opt/docker_registry/data:/var/lib/registry
- - /opt/docker_registry/certs:/certs
- - /opt/docker_registry/auth:/auth
- docker login https://my.domain.ch
- Username: MyUserName
- Password:
- Error response from daemon: login attempt to https://my.domain.ch/v2/ failed with status: 401 Unauthorized
- registry_1 | time="2016-09-22T10:01:00.809076941Z" level=debug msg="authorizing request" go.version=go1.6.3 http.request.host=mydomain.ch http.request.id=f1b0ccda-2d03-4480-aaf8-b7248acaed5f http.request.method=GET http.request.remoteaddr=xxx.xxx.xxx.127 http.request.uri="/v2/" http.request.useragent="docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))" instance.id=59b4a38a-307e-446d-9f8a-3618c35bb6bb service=registry version=v2.5.1
- registry_1 | time="2016-09-22T10:01:00.811894104Z" level=error msg="error authenticating user "MyUserName": authentication failure" go.version=go1.6.3 http.request.host=my.domain.ch http.request.id=f1b0ccda-2d03-4480-aaf8-b7248acaed5f http.request.method=GET http.request.remoteaddr=xxx.xxx.xxx.127 http.request.uri="/v2/" http.request.useragent="docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))" instance.id=59b4a38a-307e-446d-9f8a-3618c35bb6bb service=registry version=v2.5.1
- registry_1 | time="2016-09-22T10:01:00.812631504Z" level=warning msg="error authorizing context: basic authentication challenge for realm "basic-realm": authentication failure" go.version=go1.6.3 http.request.host=my.domain.ch http.request.id=f1b0ccda-2d03-4480-aaf8-b7248acaed5f http.request.method=GET http.request.remoteaddr=83.xxx.xxx.127 http.request.uri="/v2/" http.request.useragent="docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))" instance.id=59b4a38a-307e-446d-9f8a-3618c35bb6bb service=registry version=v2.5.1
- registry_1 | xxx.xxx.xxx.11 - - [22/Sep/2016:10:01:00 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))"
- 2016/09/22 09:14:34 [crit] 13318#0: *8 crypt_r() failed (22: Invalid argument), client: xxx.xxx.xxx.127, server: my.domain.ch, request: "GET /v2/ HTTP/1.1", host: "my.domain.ch"
- I'm not sure if this will help, but we've become tired of dealing with nginx's edge cases for new users, so registry 2.1 will come with htpasswd based basic auth support.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement