What I am trying to do
I need to be able pull private image that is stored in Docker hub when using the exposed daemon over http
http://127.0.0.1:2375/v1.35/images/create?fromImage=akkovachev/test-repository
The "akkovachev/test-repository" is a private repo in docker hub, when I run the above POST request I get
{
"message": "pull access denied for akkovachev/test-repository, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"
}
So probably there's something I am missing but I don't understand what. What I tried to do is change the auth with base64 encoded uname:password in the file
./docker/config.json
I have also tried the base64 encoded header in the format described here https://docs.docker.com/engine/api/v1.35/#section/Authentication but again the same issue. I am posting here as my last resort, as I was unable to find a good explanation of why this happens. Many people are saying they are facing the same problem but mostly in the CLI. I am using Docker version v20.10.5 for windows.
It's important to note that the issue occurs only when I try to do that via the HTTP exposed demon. It works fine when I do In the CLI
docker pull akkovachev/test-repository
Evertyghing works as expected the image is beeing pulled correctly
I need to be able to pull through the API as I've my own Rest api build around that and i need to be able to pull through the exposed docker daemon.
Headers i am using in Postman
I have mange to figure it out. The problem was in the base64 encoded string that we pass as a X-Registry-Auth header. I was missing the "serveraddress" property in json
{
"username": "string",
"password": "string",
"email": "string",
"serveraddress": "string"
}
i added that and pointed to the https://index.docker.io/v1/ then it worked just fine
Related
I can't seem to pull from my own private repo on dockerhub. I successfully pushed the image to dockerhub (using macosx) and set it to private. I then tried to pull from another laptop (Windows 10) but I keep getting Error response from daemon: pull access denied for {username}/{repo}, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
I am using a command like, docker pull {username}/{reponame}:{tag}. The windows laptop is a work laptop and the macosx is the personal computer. Does it have to do something with a transparent proxy? I looked into this, control docker with systemd but I don't know how to set that up in Windows; the article instructs for a unix based system it seems.
I also tried adding the registry name (based on other stackoverflow posts) in the front like, docker pull hub.docker.com/{username}/{reponame}:{tag} but that gives me another error:
Error response from daemon: error parsing HTTP 408 response body: invalid character '<' ...
I ensured I am logged in:
docker login
Authenticating with existing credentials...
Login Succeeded
Any help or guidance would be appreciated. Thanks.
I was using docker in linux machine where I was pulling images from my local docker repo over http authentication. Now I need to use the same thing on windows setup. Issue is when I am trying to pull image using command
docker pull <IP>:port/abc/xyz
it gives me error Private registry push fail: server gave HTTP response to HTTPS client
I have modified the daemon.json file to
{"registry-mirrors":[],"insecure-registries":["<IP>:port"], "debug":true, "experimental": false}
even after this its not getting started. And showing me the same error.
I have faced the same issue. What you have to do is just give the insecure-registries, and remove all other configurations. Just copy paste the below json inside daemon.json file ( available in "C:\Users{user-name}.docker\daemon.json" or "/etc/docker/daemon.json")
{
"insecure-registries" :["<IP>:port"]
}
I have the registry v2 container and docker_auth up and running. The registry uses self sign certificate which was created with my CA. I can pull and push images without any problem so the configuration is working properly.
I would like to have a UI for this registry to browse images. I have tried many of them:
https://github.com/kwk/docker-registry-frontend not support token based auth
https://shipyard-project.com only supports v1 registries
https://github.com/SUSE/Portus looks quite heavy weight for me
https://github.com/mkuchin/docker-registry-web i configure it with my keyfile and set the issuer. But i couldn't add my repo, it always returns 401. In the docker registry i found "token intended for another audience: \"mydockerrepo:5000\"". I tried with different names but none of them worked. I check the crt and key files and i use the correct crt-key pair.
Is there any other UI i should try?
Can somebody help me with the "audience" error message?
I'm trying to create private registry for docker and I'm relying on instructions given on the docker site. I have a seperate linux box where this registry is installed, then I'm trying to push my images from local(osx box with docker toolbox). I keep on getting 405 from registry server. I'm quite new to docker. I was hoping the default basic configuration to work without much trouble.
configuration
Latest docker toolbox.
Latest registry installation.
I only changes the TLS configuration to post the request over http.
Error
The push refers to a repository [192.168.1.98:5000/complete] (len: 1)
Sending image list
Error: Status 405 trying to push repository complete: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>405 Method Not Allowed</title>\n</head><body>\n<h1>Method Not Allowed</h1>\n<p>The requested method PUT is not allowed for the URL /v1/repositories/complete/.</p>\n</body></html>\n"
The doc mentions
405 Method Not Allowed
Manifest put is not allowed because the registry is configured as a pull-through cache or for some other reason
(like a read-only mode)
UNSUPPORTED: The operation was unsupported due to a missing implementation or invalid set of parameters.
The same doc uses urls which include /v2, not like the one used in the question (/v1/repositories/complete)
The instructions include:
Getting the headers correct is very important. For all responses to any request under the “/v2/” url space, the Docker-Distribution-API-Version header should be set to the value “registry/2.0”, even for a 4xx response
Make sure you are running a v2 registry image (which is now docker distribution)
The OP Charith actually found in the comments:
mistake in port forwarding on the registry host: The 5000 port was servicing from another server.
I've switched to an available port and everything started working.
The REST API for registry.hub.docker.com does not seem to match the documented API.
For example, curl -k https://registry.hub.docker.com/v1/repositories/busybox/tags returns:
[{"layer": "4986bf8c", "name": "latest"}, {"layer": "2aed48a4", "name": "buildroot-2013.08.1"}, ... ]
But https://docs.docker.com/reference/api/registry_api/#tags says it should return a map of tag -> id. That's what I see when I make a similar request to a registry I'm running locally.
Is the REST API for the Docker Hub Registry supposed to be different for some reason?
Is this a bug?
It looks like instead of returning
[_tag_ : _id_]
it returns
[{"layer: _id_, "name": _tag_}]
But you've got the same information at the end of the day.
Check out this docs, because registry api seems to behave slightly differently than the hub.