I'm setting up a private Docker registry using the official image. I have started an instance using the following docker-compose file:
registry:
restart: always
image: registry:2.3.1
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
SEARCH_BACKEND: sqlalchemy
SQLALCHEMY_INDEX_DATABASE: sqlite:////opt/sqlitedb/reg.db
volumes:
- /docker/registry/data:/var/lib/registry
- /docker/registry/certs:/certs
- /docker/registry/auth:/auth
- /docker/registry/search:/opt/sqlitedb
I can login fine:
root@domain:/home/foo# docker login registry.domain.com:5000 Username (foo): foo Password: WARNING: login credentials saved in /root/.docker/config.json Login Succeeded
I can push images to the private registry without any problem:
root@domain:/home/foo# docker tag hello-world registry.domain.com:5000/hello-world root@domain:/home/foo# docker push registry.domain.com:5000/hello-world The push refers to a repository [registry.domain.com:5000/hello-world] 5f70bf18a086: Layer already exists b652ec3a27e7: Layer already exists latest: digest: sha256:fea8895f450959fa676bcc1df0611ea93823a735a01205fd8622846041d0c7cf size: 708
What I can't do is search:
root@domain:/home/foo# docker search registry.domain.com:5000/hello Error response from daemon: Unexpected status code 404
The docker instance spits this out:
registry_1 | time="2016-04-04T22:38:59Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.5.3 http.request.host="registry.domain.com:5000" http.request.id=2f158656-545d-4cd0-a0a1-2d18f01843a4 http.request.method=GET http.request.remoteaddr="172.17.0.1:57196" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.5.3 git-commit/20f81dd kernel/4.2.0-27-generic os/linux arch/amd64" instance.id=cc656ad8-63a4-499e-bbde-ad797059e39e version=v2.3.1 registry_1 | 172.17.0.1 - - [04/Apr/2016:22:38:59 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.5.3 git-commit/20f81dd kernel/4.2.0-27-generic os/linux arch/amd64" registry_1 | time="2016-04-04T22:38:59Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.5.3 http.request.host="registry.domain.com:5000" http.request.id=6dcbc494-62b9-4f32-9c70-fece7c61a90b http.request.method=GET http.request.remoteaddr="172.17.0.1:57200" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.5.3 git-commit/20f81dd kernel/4.2.0-27-generic os/linux arch/amd64" instance.id=cc656ad8-63a4-499e-bbde-ad797059e39e version=v2.3.1 registry_1 | 172.17.0.1 - - [04/Apr/2016:22:38:59 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.5.3 git-commit/20f81dd kernel/4.2.0-27-generic os/linux arch/amd64" registry_1 | 172.17.0.1 - - [04/Apr/2016:22:38:59 +0000] "GET /v1/search?q=hellow HTTP/1.1" 404 19 "" "docker/1.10.3 go/go1.5.3 git-commit/20f81dd kernel/4.2.0-27-generic os/linux arch/amd64"
I spent a few hours researching this. The 404 points to the Indexing service sqlalchemy not being deployed. After going through the latest version of registry configuration reference, it seems that the Search Backend section is no longer valid. So maybe the SEARCH_BACKEND env variable on my docker-compose file is being ignored and indexation is not being done (the /opt/sqlitedb folder is empty).
On the other hand, the error suggests this is an authentication issue.
Maybe the problem lies in differences between v1 and v2 of the registry. I have no prior experience with the registry so I think I'm missing something here. What do I need to do to have docker search working on my private registry?
Thanks!
