docker-registry-ui icon indicating copy to clipboard operation
docker-registry-ui copied to clipboard

Published 20 hours ago • verified publisher icon jc21

registry with htpasswd not accessible

Open wiryonolau opened this issue 5 years ago • 2 comments

Hi, Is possible to use docker secrets to pass REGISTRY_PASS ?

I got "Internal Error There may be a problem communicating with the Registry" when accessing from browser. registry-ui container can telnet to registry normally on port 5000

Here is my compose file

version: "3.2"

services:
    registry:
        image: registry:2
        ports:
          - 5000:5000
        secrets:
          - registry.crt
          - registry.key
          - registry.htpasswd
        environment:
          - REGISTRY_HTTP_SECRET=my-http-secret
          - REGISTRY_AUTH=htpasswd
          - REGISTRY_AUTH_HTPASSWD_PATH=/run/secrets/registry.htpasswd
          - REGISTRY_AUTH_HTPASSWD_REALM=RegistryRealm
          - REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/registry.crt
          - REGISTRY_HTTP_TLS_KEY=/run/secrets/registry.key
        deploy:
            placement:
                constraints:
                    - node.role == worker
            mode: replicated
            replicas: 1
    ui:
        image: jc21/registry-ui
        ports:
          - 10081:80
        secrets:
          - registry.password
        environment:
          - REGISTRY_SSL=true
          - REGISTRY_HOST=registry:5000
          - REGISTRY_STORAGE_DELETE_ENABLED=true
          - REGISTRY_USER=admin
          - REGISTRY_PASS=/run/secrets/registry.password
        deploy:
            placement:
                constraints:
                    - node.role == worker
            mode: replicated
            replicas: 1
            
secrets:
    registry.crt:
        external: true
    registry.key:
        external: true
    registry.htpasswd:
        external: true
    registry.password:
        external: true

registry last log

time="2019-12-21T02:42:10.6238993Z" level=info msg="listening on [::]:5000, tls" go.version=go1.11.2 instance.id=8e8aab69-6d4d-4003-ba9c-79fc72f0aee4 service=registry version=v2.7.1

docker-registry-ui log when accesing from browser

[12/21/2019] [2:43:19 AM] [Express ] › ⚠  warning Error: getaddrinfo ENOTFOUND admin admin:443  at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)

wiryonolau avatar Dec 21 '19 02:12 wiryonolau

If i use plain text in for REGISTRY_PASS i got this error

[12/21/2019] [2:59:05 AM] [Express ] › ⚠  warning                      URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at Url.parse (url.js:336:19)
    at Object.urlParse [as parse] (url.js:146:13)
    at new Request (/app/node_modules/restler/lib/restler.js:22:18)
    at request (/app/node_modules/restler/lib/restler.js:322:17)
    at Object.get (/app/node_modules/restler/lib/restler.js:329:9)
    at Promise (/app/src/backend/lib/docker-registry.js:44:18)
    at new Promise (<anonymous>)
    at module.exports.getImages (/app/src/backend/lib/docker-registry.js:43:16)
    at Object.getAll (/app/src/backend/internal/repo.js:111:25)

wiryonolau avatar Dec 21 '19 03:12 wiryonolau

I hope this pull request helps you, actually docker secrets didn't work if you don't implement it in your image because secrets are loaded from a file and you are trying to load a file content in a ENV variable but what you are doing is mapping a path not the content itself. So if this pull request gets approved you should use

- REGISTRY_PASS_FILE=/run/secrets/registry.password

instead of

- REGISTRY_PASS=/run/secrets/registry.password

moracabanas avatar Jan 07 '21 13:01 moracabanas