I have created some images in the Gitlab Container Registry. I am unable to pull them using docker on my local system. The login command succeeds but when I type the following command:
docker pull reg-gitlab-project.company.com/services/palimited/integrationservices/springbootproject/springbootproject:latest
I am getting the following error
Error response from daemon: Head "https://reg-gitlab-project.company.com/v2/services/palimited/integrationservices/springbootproject/springbootproject/manifests/latest": denied: access forbidden
I am unable to figure out why this error is occuring? Can anyone guide me.
You need to authenticate with the container registry at reg-gitlab-project.company.com before issuing a docker pull command.
See, GitLab Docs: Authenticate with the Container Registry.
Trying my first-ever "docker build" I am seeing:
failed to solve with frontend dockerfile.v0: failed to create LLB definition: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
I can get the image with docker pull:
PS C:\Users\dr_cl\Desktop\ams-pam> docker pull jboss/jbpm-server-full:7.48.0.Final
7.48.0.Final: Pulling from jboss/jbpm-server-full
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
Digest: sha256:65884b407c1922ee74b829ed7e138ce8a7ebbbabe4d3ff157e09d9939c69295c...
I am logged in to Docker Hub so how do I correct this - the only non-commented out line in my - Dockerfile - from failing (and why)?
FROM jbpm-server-full#sha256:65884b407c1922ee74b829ed7e138ce8a7ebbbabe4d3ff157e09d9939c69295c as jbpm
My dockerfile points to a private nexus repository
FROM nexus-repo/image:latest
when i try and build i get aCould not build image: received unexpected HTTP status: 503 Service Unavailable
I am logged in beforehand, and running docker pull nexus-repo/image:latest works okay. What could be the cause of this problem?
I have a Dockerfile which is going to be implemented FROM a private registry's image. I build this file without any problem with Docker version 1.12.6, build 78d1802 and docker-compose version 1.8.0, build unknown, but in another machine which has Docker version 17.06.1-ce, build 874a737 and docker-compose version 1.16.1, build 6d1ac21, the docker-compose build returns:
FROM my.private.gitlab.registry:port/image:tag
http://my.private.gitlab.registry:port/v2/docker/image/manifests/tag: denied: access forbidden
docker pull my.private.gitlab.registry:port/image:tag returns the same.
Notice that I tried to get my.private.registry:port/image:tag and http://my.private.registry:port/v2/docker/image/manifests/tag has been catched.
If this is an authenticated registry, then you need to run docker login <registryurl> on the machine where you are building this.
This only needs to be done once per host. The command then caches the auth in a file
$ cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "......="
}
}
}
A login did not fix the problem for me. This may be specific to Mac, but just in case here is the Git issue
My comment on it:
Also experiencing this issue.
Dockerfile:
FROM <insert_private_registry>/test-image:latest
CLI
Both commands fail without a login to the private registry (expected)
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
Error response from daemon: Get https://<insert_private_registry>/test-image/manifests/latest: denied: access forbidden
After logging in, a docker pull ... works while the docker-compose up fails to pull the image:
$ docker login <insert_private_registry>
Username: <insert>
Password: <insert>
Login Succeeded
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
Current Solution
Our current workaround is to explicitly pull the image prior to running the docker-compose containers:
docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
...
I notice your URL scheme uses the http protocol - Docker needs to be configured to allow insecure registries.
Create or modify your daemon.json (required in one of the following locations):
Linux: /etc/docker/
Windows: C:\ProgramData\Docker\config\
With the contents:
{
"insecure-registries" : [ "my.private.gitlab.registry:port" ]
}
Then restart Docker (not just the terminal session) and try again.
Once you've logged in with:
docker login my.private.gitlab.registry:port
As per tarun-lalwani's answer, this should then add the auth into the config, for future use (docker pull's etc.).
In my case on Linux I can fix this error by adding sudo to my docker-compose up command.
The nexus is configured at 8444 for internal hosting and the 7001 for the external proxy. I am able to pull images from 8444. But can't pull anything from the internet. The nexus is pointing to https://registry-1.docker.io in the proxy settings. Any suggestions?
$ docker pull x.com:8444/hello-world
Using default tag: latest
latest: Pulling from hello-world
c04b14da8d14: Pull complete
Digest: sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4
Status: Downloaded newer image for x.com:8444/hello-world:latest
$ docker pull x.com:7001/node
Using default tag: latest
Error response from daemon: unknown: unknown
(there is no error log showing in nexus for this pull)
I found the answer myself. In the configuration, need to use
"Use Docker Hub"
option in the Proxy->Docker index.
I used "Use proxy registry (specified above)" which doesn't work.