Reputation: 2927
Docker private registry token authentication failed with status: 400 Bad Request
Following is my docker-compose.yml file where I have hosted my private docker registry with domain registry.MY-DOMAIN.com
version: "3.9"
services:
registry:
image: registry:latest
environment:
REGISTRY_HTTP_SECRET: b8f62d22-9a3f-4c73-bf5e-e0864b400bc8
#S3 bucket as docker storage
REGISTRY_STORAGE: s3
REGISTRY_STORAGE_S3_ACCESSKEY: XXXXXXXXX
REGISTRY_STORAGE_S3_SECRETKEY: XXXXXXXXX
REGISTRY_STORAGE_S3_REGION: us-east-1
REGISTRY_STORAGE_S3_BUCKET: docker-registry
#Docker token based authentication
REGISTRY_AUTH: token
REGISTRY_AUTH_TOKEN_REALM: "https://api.MY-DOMAIN.com/api/developer-auth/login"
REGISTRY_AUTH_TOKEN_SERVICE: Authentication
REGISTRY_AUTH_TOKEN_ISSUER: "Let's Encrypt"
REGISTRY_AUTH_TOKEN_AUTOREDIRECT: false
#Letsencrupt certificate
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: "/certs/live/registry.MY-DOMAIN.com/fullchain.pem"
REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/live/registry.MY-DOMAIN.com/fullchain.pem"
REGISTRY_HTTP_TLS_KEY: "/certs/live/registry.MY-DOMAIN.com/privkey.pem"
ports:
- 5000:5000
restart: always
volumes:
- "/etc/letsencrypt:/certs"
When I try to login to my API server it return the following error
❯ docker login registry.MY-DOMAIN.com
Username: [email protected]
Password:
Error response from daemon: login attempt to https://api.MY-DOMAIN.com/v2/ failed with status: 400 Bad Request
I don't have username field in my NodeJS API talking to the MongoDB database. Can I pass the email instead of username?
I want to do Docker Registry Token Authentication with my custom API that is written in NodeJS (ExpressJS) application. So that users can log in as "docker login registry.mydomain.com" and push the image once authenticated. I want the same experience as that of DockerHub. I am setting up a similar to DockerHub for my product. It acts as a docker store.
May I know how can I fix the issue?
Upvotes: 0
Views: 1672
Answers (1)
Reputation: 5545
It looks like your token auth service is not correctly implemented.
You should implement it according to the specification.
See
- Token Authentication Specification
- Token Authentication Implementation
- Token Scope Documentation
- OAuth2 Token Authentication
for more information.
I would also recommend to look into actual existing implementations.
Such as:
- https://github.com/cesanta/docker_auth
- https://github.com/adigunhammedolalekan/registry-auth
- https://github.com/twosigma/docker-repo-auth-demo
Upvotes: 2
Related Questions
- Verifying a function with a static array variable in VST
- How can I use static_assert to call a function that receives an array as pointer and length?
- Using VST with GCC
- Verifying programs with heterogeneous arrays in VST
- Checking constant variable's value at the compilation time
- static_assert on array values
- How to reason about array access in VST?
- Testing a static variable
- Validating an array variable input from another function
- C Compile-Time assert with constant array