You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The pull through registry proxy appears to only support Bearer authentication requests. Attempting to proxy to a site like docker.pkg.github.com fails since they require basic auth:
Set the credentials in .env or export them in your shell. Feel free to remove the TLS and ca.crt lines if you don't want to generate a TLS key. Then:
docker-compose up -d
docker-compose exec builder sh
docker pull busybox
docker tag busybox docker.pkg.github.com/$username/$project/busybox:latest
docker login docker.pkg.github.com
docker push docker.pkg.github.com/$username/$project/busybox:latest
docker pull github-cache:5000/$username/$project/busybox:latest
You'll need to specify your username and project above. The last line will fail with a "not found" error even though the image was just pushed, since the credentials were never sent. A similar workflow is successful with Gitlab's registry since it uses Bearer auth.
Background: I realize this doesn't work for the registry-mirror setting in the docker engine since that only goes to Hub which supports Bearer. Instead, I'm looking to adjust my CI pull's to hit the cache instance directly and want to support multiple registries in the workflow.
The text was updated successfully, but these errors were encountered:
I hacked on the following changes to get basic auth working. However there's enough stuff that I deleted that I hesitate to clean it up and make a PR without a second opinion from the Docker team. Let me know if this looks like the right approach or if I removed something important.
The pull through registry proxy appears to only support Bearer authentication requests. Attempting to proxy to a site like docker.pkg.github.com fails since they require basic auth:
Looking through the code, this looks like configureAuth is only returning credentials when authUrls finds a bearer scheme in the following:
https://github.com/docker/distribution/blob/749f6afb4572201e3c37325d0ffedb6f32be8950/registry/proxy/proxyauth.go#L38
I'm planning to start hacking on this shortly. I'm also looking at what it might take to provide a more complete v2 authentication similar to that found in the engine code at: https://github.com/docker/docker-ce/blob/master/components/engine/registry/auth.go
Method to reproduce:
Compose file that looks like:
Set the credentials in
.env
or export them in your shell. Feel free to remove the TLS and ca.crt lines if you don't want to generate a TLS key. Then:You'll need to specify your username and project above. The last line will fail with a "not found" error even though the image was just pushed, since the credentials were never sent. A similar workflow is successful with Gitlab's registry since it uses Bearer auth.
Background: I realize this doesn't work for the registry-mirror setting in the docker engine since that only goes to Hub which supports Bearer. Instead, I'm looking to adjust my CI pull's to hit the cache instance directly and want to support multiple registries in the workflow.
The text was updated successfully, but these errors were encountered: