Unable to docker login to Harbor with HTTP

Question

I’m trying to setup Harbor. The problem I’m facing is that I can login through web UI, but can’t login via Docker-cli. I have Load Balancer (AWS ALB) in front of Harbor, and I wiped out the HTTPS part in harbor.yml file. Finally resulting in a script below. (I’m running the userdata.sh below with Terraform)

I added "insecure-registries" : [MYHOST, "0.0.0.0"] due to the official document saying

If your installation of Harbor uses HTTP, you must add the option --
insecure-registry to your client's Docker daemon and restart the Docker 
service. For more information, see Connecting to Harbor via HTTP below.

I still can’t login, and facing the error as below.

WARNING! Using --password via the CLI is insecure. Use --password-stdin. Error response from daemon: Get https://MYHOST/v2/: Get http://MYHOST/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry: net/http: request canceled (Client.Timeout exceeded while awaiting headers) (Client.Timeout exceeded while awaiting headers)

#!/bin/bash
# Strict mode (http://redsymbol.net/articles/unofficial-bash-strict-mode/)
set -euo pipefail; IFS=$'\n\t'
# Echo all commands
set -x
# Register Official Docker GPG Key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs)  stable"
apt update -y
# Install Tools
apt install -y \
  docker-ce \
  apt-transport-https \
  ca-certificates \
  software-properties-common \
  awscli \
  jq
mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF
{
  "dns" : ["8.8.8.8","8.8.4.4"],
  "insecure-registries" : [MYHOST, "0.0.0.0"]
}
EOF
systemctl restart docker
# Install Docker Compose
curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# Install Harbor
mkdir /home/ubuntu/harbor
cd /home/ubuntu/harbor/
wget https://github.com/goharbor/harbor/releases/download/v2.0.5/harbor-offline-installer-v2.0.5.tgz
tar -xzvf harbor-offline-installer-v2.0.5.tgz
cat > /home/ubuntu/harbor/harbor/harbor.yml << EOF
# Configuration file of Harbor
hostname: MYHOST
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
# https related config
# https:
  # https port for harbor, default is 443
  #   port: 443
  # The path of cert and key files for nginx
  # certificate: /your/certificate/path
  # private_key: /your/private/key/path
harbor_admin_password: Harbor12345
# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 1024 for postgres of harbor.
  max_open_conns: 1000
# The default data volume
data_volume: /data
# Clair configuration
clair:
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  updaters_interval: 12
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  # options are debug, info, warning, error, fatal
  level: info
  # configs for logs in local storage
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.0.0
# Uncomment external_database if using external database.
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
EOF
sudo /bin/bash /home/ubuntu/harbor/harbor/install.sh --with-clair

Answer 1

I was facing the same issue.

Check your harbor.yml file:

"hostname: XXXXXXX"

I misconfigured the hostname to another IP. After changing, executing install.sh again solved my problem.

Answer 2

You need to add insecure-registries for docker daemon

cat /etc/docker/daemon.json
{
  "insecure-registries": ["xx.xx.xx.xx:port"]
}

Restart Docker daemon

systemctl restart docker

Now login

sudo docker login http://xx.xx.xx.xx:port
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

Hope this helps :)

Answer 3

Your hostname's entry in the /etc/docker/daemon.json should have the http:// prefix. It fixed the issue for me in a similar setup while issuing the docker login command.