API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 22nd, 2016
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.94 KB | None | 0 0
raw download clone embed print report
  1. upstream registry {
  2. server vm-2:5000 fail_timeout=5s;
  3. }
  4.  
  5. server {
  6. listen 80;
  7. server_name my.domain.ch; # server_name ;
  8. return 301 https://$host$request_uri;
  9. }
  10.  
  11. server {
  12. listen 443 ssl;
  13. server_name my.domain.ch; # server_name ;
  14.  
  15. charset utf-8;
  16. keepalive_timeout 5;
  17. add_header Docker-Distribution-Api-Version registry/2.0 always;
  18. ssl_certificate /etc/nginx/ssl/cert.pem;
  19. ssl_certificate_key /etc/nginx/ssl/key.pem;
  20.  
  21. ssl_ecdh_curve secp521r1;
  22.  
  23. ssl_protocols TLSv1.1 TLSv1.2;
  24. ssl_prefer_server_ciphers on;
  25. ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCMSHA384:ECDHE-ECDSA-AES256-SHA384:EC$
  26.  
  27. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  28. proxy_set_header X-Forwarded-Proto $scheme;
  29. proxy_set_header Host $http_host;
  30. proxy_set_header X-Original-URI $request_uri;
  31. proxy_set_header Docker-Distribution-Api-Version registry/2.0;
  32. proxy_set_header X-Real-IP $remote_addr;
  33. proxy_read_timeout 900;
  34.  
  35. location / {
  36. auth_basic "Restricted";
  37. auth_basic_user_file /etc/nginx/htpasswd;
  38. proxy_pass https://registry;
  39. }
  40. }
  41.  
  42. registry:
  43. restart: always
  44. image: registry:2
  45. ports:
  46. - 5000:5000
  47. environment:
  48. REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
  49. REGISTRY_HTTP_TLS_KEY: /certs/key.pem
  50. REGISTRY_AUTH: "htpasswd"
  51. REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
  52. REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
  53. REGISTRY_LOG_LEVEL: "debug"
  54. volumes:
  55. - /opt/docker_registry/data:/var/lib/registry
  56. - /opt/docker_registry/certs:/certs
  57. - /opt/docker_registry/auth:/auth
  58.  
  59. docker login https://my.domain.ch
  60. Username: MyUserName
  61. Password:
  62. Error response from daemon: login attempt to https://my.domain.ch/v2/ failed with status: 401 Unauthorized
  63.  
  64. registry_1 | time="2016-09-22T10:01:00.809076941Z" level=debug msg="authorizing request" go.version=go1.6.3 http.request.host=mydomain.ch http.request.id=f1b0ccda-2d03-4480-aaf8-b7248acaed5f http.request.method=GET http.request.remoteaddr=xxx.xxx.xxx.127 http.request.uri="/v2/" http.request.useragent="docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))" instance.id=59b4a38a-307e-446d-9f8a-3618c35bb6bb service=registry version=v2.5.1
  65.  
  66. registry_1 | time="2016-09-22T10:01:00.811894104Z" level=error msg="error authenticating user "MyUserName": authentication failure" go.version=go1.6.3 http.request.host=my.domain.ch http.request.id=f1b0ccda-2d03-4480-aaf8-b7248acaed5f http.request.method=GET http.request.remoteaddr=xxx.xxx.xxx.127 http.request.uri="/v2/" http.request.useragent="docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))" instance.id=59b4a38a-307e-446d-9f8a-3618c35bb6bb service=registry version=v2.5.1
  67.  
  68. registry_1 | time="2016-09-22T10:01:00.812631504Z" level=warning msg="error authorizing context: basic authentication challenge for realm "basic-realm": authentication failure" go.version=go1.6.3 http.request.host=my.domain.ch http.request.id=f1b0ccda-2d03-4480-aaf8-b7248acaed5f http.request.method=GET http.request.remoteaddr=83.xxx.xxx.127 http.request.uri="/v2/" http.request.useragent="docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))" instance.id=59b4a38a-307e-446d-9f8a-3618c35bb6bb service=registry version=v2.5.1
  69.  
  70. registry_1 | xxx.xxx.xxx.11 - - [22/Sep/2016:10:01:00 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/1.12.1 go/go1.6.3 git-commit/23cf638 kernel/4.4.20-moby os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.1 \(darwin\))"
  71.  
  72. 2016/09/22 09:14:34 [crit] 13318#0: *8 crypt_r() failed (22: Invalid argument), client: xxx.xxx.xxx.127, server: my.domain.ch, request: "GET /v2/ HTTP/1.1", host: "my.domain.ch"
  73.  
  74. I'm not sure if this will help, but we've become tired of dealing with nginx's edge cases for new users, so registry 2.1 will come with htpasswd based basic auth support.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!