Cannot delete image and view history
blomsoft opened this issue · comments
Hi, I have the same problem as in #75: it works well, except for showing the history and for deleting images. This is my docker-compose.yml, my server is called testserver.local in my private network at home (it's a Raspberry Pi) and the error that I see in the log of docker-registry-ui, when requesting the history or a delete, is msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential". The certificates of docker-registry are self-signed and I don't use HTTPS for docker-registry-ui yet. The browser that I use for docker-registry-ui asks for credentials and these seem to work.
When I turn off authentication on docker-registry, delete and history work fine.
Can you help?
version: '2.0'
services:
registry:
restart: unless-stopped
image: registry:2.7.1
container_name: docker-registry
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/testserver.local.crt
REGISTRY_HTTP_TLS_KEY: /certs/testserver.local.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://testserver.local:5001]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD, GET, OPTIONS, DELETE]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization, Accept]'
REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: '[1728000]'
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
volumes:
- /storage/registry:/var/lib/registry
- /home/pi/Docker/docker-registry/certs:/certs
- /home/pi/Docker/docker-registry/auth:/auth
networks:
- registry-ui
ui:
restart: unless-stopped
image: joxit/docker-registry-ui:latest
container_name: docker-registry-ui
ports:
- 5001:80
environment:
- REGISTRY_TITLE=My Private Docker Registry
- REGISTRY_URL=https://testserver.local:5000
- DELETE_IMAGES=true
- SINGLE_REGISTRY=true
depends_on:
- registry
networks:
- registry-ui
networks:
registry-ui:
Difference without authentication is in these lines (perhaps less changes will do too):
# REGISTRY_AUTH: htpasswd
# REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
# REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
# REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
# - /home/pi/Docker/docker-registry/auth:/auth
Using joxit/docker-registry-ui:arm32v7 (2 weeks newer than latest) makes no difference.
Hello, thank you for using my project 😄
I suspect this is due to you environments. Can you replace you registry environments by a configuration file ?
See for your docker-compose :
version: 0.1
storage:
delete:
enabled: true
http:
addr: 0.0.0.0:5000
tls:
certificate: /certs/testserver.local.crt
key: /certs/testserver.local.key
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://testserver.local:5001']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
htpasswd:
realm: Registry Realm
path: /auth/htpasswd
I'm afraid that doesn't solve it. I (still) get an endlessly rotating circle when requesting the history and "An error occurred when deleting image. Check if your server accept DELETE methods Access-Control-Allow-Methods: ['DELETE']." when trying to delete an image.
version: '2.0'
services:
registry:
restart: unless-stopped
image: registry:2.7.1
container_name: docker-registry
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
# REGISTRY_HTTP_TLS_CERTIFICATE: /certs/testserver.local.crt
# REGISTRY_HTTP_TLS_KEY: /certs/testserver.local.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
# REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://testserver.local:5001]'
# REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
# REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD, GET, OPTIONS, DELETE]'
# REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization, Accept]'
# REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: '[1728000]'
# REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
volumes:
- /storage/registry:/var/lib/registry
- /home/pi/Docker/docker-registry/certs:/certs
- /home/pi/Docker/docker-registry/auth:/auth
- /home/pi/Docker/docker-registry/credentials.yml:/etc/docker/registry/config.yml
networks:
- registry-ui
ui:
restart: unless-stopped
image: joxit/docker-registry-ui:arm32v7
container_name: docker-registry-ui
ports:
- 5001:80
environment:
- REGISTRY_TITLE=My Private Docker Registry
- REGISTRY_URL=https://testserver.blom:5000
- DELETE_IMAGES=true
- SINGLE_REGISTRY=true
depends_on:
- registry
networks:
- registry-ui
networks:
registry-ui:
$ docker exec -it docker-registry cat /etc/docker/registry/config.yml
version: 0.1
storage:
# needs the following 2 lines too or else it complains
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: 0.0.0.0:5000
tls:
certificate: /certs/DockerPiAcc.blom.crt
key: /certs/DockerPiAcc.blom.key
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://testserver.local:5001']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
htpasswd:
realm: Registry Realm
path: /auth/htpasswd
Any ideas?
I am having the same problem. Deletes appear to be properly configured but result in an error and the history link just spins forever. I also don't see much in the way of logs from the UI, is there a way to get some better logging?
I remember where this issue came from!
This is a docker registry miss-configuration of OPTIONS requests, the registry server MUST return 200 status codes on OPTIONS, but did not.
Solution 1: Use the UI as proxy, you should not have CORS errors... (use NGINX_PROXY_PASS_URL
)
Solution 2: Override OPTIONS responses on the proxy where your docker registry is hosted. You will need to return 200 status code with all correct headers (those of your docker registry)
Thanks, that works if I also delete REGISTRY_URL so my docker-compose.yml becomes:
version: '2.0'
services:
registry:
restart: unless-stopped
image: registry:2.7.1
container_name: docker-registry
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/testserver.local.crt
REGISTRY_HTTP_TLS_KEY: /certs/testserver.local.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://testserver.local:5001]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD, GET, OPTIONS, DELETE]'
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization, Accept]'
REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: '[1728000]'
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
volumes:
- /storage/registry:/var/lib/registry
- /home/pi/Docker/docker-registry/certs:/certs
- /home/pi/Docker/docker-registry/auth:/auth
networks:
- registry-ui
ui:
restart: unless-stopped
image: joxit/docker-registry-ui:latest
container_name: docker-registry-ui
ports:
- 5001:80
environment:
- REGISTRY_TITLE=My Private Docker Registry
- NGINX_PROXY_PASS_URL=https://testserver.local:5000
- DELETE_IMAGES=true
- SINGLE_REGISTRY=true
depends_on:
- registry
networks:
- registry-ui
networks:
registry-ui:
Thank you @blomsoft - That was enough of a hint for me to get it working as well.
This was my working docker-compose.yml
and Registry config.
docker-compose.yaml
services:
registry:
container_name: class_registry
image: registry:2.7
restart: unless-stopped
networks:
- my-net
ports:
- "5000:5000"
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/domain.crt"
REGISTRY_HTTP_TLS_KEY: "/certs/domain.key"
REGISTRY_HTTP_SECRET: "kdhsf7834hfhhkf"
volumes:
- "./files/config.yml:/etc/docker/registry/config.yml"
- "./files/htpasswd:/htpasswd"
- "./data:/var/lib/registry"
- "./certs:/certs"
ui:
container_name: class_registry_ui
image: joxit/docker-registry-ui:latest
restart: unless-stopped
networks:
- my-net
ports:
- "8080:80"
environment:
DELETE_IMAGES: "true"
NGINX_PROXY_PASS_URL: "https://registry:5000"
REGISTRY_TITLE: "My Private Registry"
SINGLE_REGISTRY: "true"
depends_on:
- registry
networks:
my-net:
driver: bridge
config.yaml
version: 0.1
log:
accesslog:
disabled: false
level: debug
fields:
service: registry
environment: development
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: 0.0.0.0:5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://127.0.0.1:8080']
Access-Control-Allow-Credentials: [true]
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Headers: ['Authorization', 'Accept']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
htpasswd:
realm: Registry Realm
path: /htpasswd
notifications:
endpoints:
- name: local-8083
url: http://localhost:8083/callback
timeout: 1s
threshold: 10
backoff: 1s
disabled: true
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3