Quiq
force insecure local registry access
Hey there, First of all, thanks for all the hard work you put into this project.
I noticed that, if you specified the hostname as xyz.local:5000 it will always assume the protocol as https. using the IP address would fix this, but in some environments like mine, the IP is not fixed and changed with every reboot to my cluster.
I can fix that by using the IP address, but I was wondering if there is a way to change that? and specify which protocol to use?
Thanks
Thanks!
It does not always assume https.
Let's say I set registry.hostname
registry:
hostname: localhost:5000
My local registry is also non-https:
version: 0.1
http:
addr: :5000
storage:
filesystem:
rootdirectory: /var/lib/registry
maxthreads: 100
delete:
enabled: true
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/htpasswd
When I start registry-ui but not registry itself (just a test) I get:
ERRO[2024-06-23T13:14:05+03:00] [RefreshCatalog] Error fetching catalog: Get "https://localhost:5000/v2/": dial tcp 127.0.0.1:5000: connect: connection refused; Get "http://localhost:5000/v2/": dial tcp 127.0.0.1:5000: connect: connection refused logger=registry.client
As you can see at first it tries https, then http which is fine. Finally, when I start registry and then registry-ui no issues using http. May be you are talking about insecure verify option when https enabled? E.g. with self-signed certificate.
Thanks for the reply, I'll retest everything once I rebuild my cluster and update you with what I notice (with more info if I can)
I went and rebuilt my cluster, so the pod which contains the registry can be accessed via http://registry-service:5000
when adding that to the config file for the UI, this is the error message I get before it restart and fail ... etc
____ __
/ __/___/ / ___
/ _// __/ _ \/ _ \
/___/\__/_//_/\___/ v4.11.4
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
O\
time="2024-06-30T09:34:43Z" level=info msg="[RefreshCatalog] Started reading catalog..." logger=registry.client
⇨ http server started on [::]:8000
time="2024-06-30T09:34:43Z" level=error msg="[RefreshCatalog] Error fetching catalog: Get \"https://registry-service:5000/v2/\": http: server gave HTTP response to HTTPS client" logger=registry.client
both pods are running on the same namespace so they can communicate with each other via the services without any problem
if I changed the pod name to its internal IP (or the loadbalancer IP) it will work
Ok, looks like it does not even try "http" in your case unlike my test with localhost:5000. Anyway, I will look into it later to have some option to use http unless you would like to step in and propose a fix sooner :)
I can't promise, as Go is not something I dealt with deeply.
maybe having an option to set the protocol would be nice, default will be https but it can be changed in the config file easily
I'm pretty sure we need to edit this file - https://github.com/Quiq/registry-ui/blob/master/registry/client.go#L111, to add similar lines but for the protocol. I'll try to do in during next weekends if I'll have a time
Hi all, just a +1, as this issue is preventing us from moving to 0.10 in order to support OCI images.
Fixed by @KanagawaNezumi and available with the latest release https://github.com/Quiq/registry-ui/releases/tag/0.10.3