Search code examples
dockerdocker-registry

Docker Private Registry Mirror - Forbidden

I'm having trouble configuring a Registry internal mirror. I'm always getting forbidden error.

When i access the URL https://registry-1.docker.io/v2/ directly i have the same error too:

{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":null}]}

config.yml:

version: 0.1
log:
  fields:
    service: registry
storage:
    delete:
        enabled: true
    cache:
        blobdescriptor: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000
    headers:
        X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io

Registry 2.0 error:

registry_1 | time="2015-11-11T21:14:07Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.4.3 instance.id=9d59c958-6764-4951-b438-c8280e5a6c62 version=v2.2.0 
registry_1 | time="2015-11-11T21:14:07Z" level=info msg="redis not configured" go.version=go1.4.3 instance.id=9d59c958-6764-4951-b438-c8280e5a6c62 version=v2.2.0 
registry_1 | time="2015-11-11T21:14:07Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.4.3 instance.id=9d59c958-6764-4951-b438-c8280e5a6c62 version=v2.2.0 
registry_1 | time="2015-11-11T21:14:07Z" level=info msg="Starting cached object TTL expiration scheduler..." go.version=go1.4.3 instance.id=9d59c958-6764-4951-b438-c8280e5a6c62 version=v2.2.0 
registry_1 | time="2015-11-11T21:14:07Z" level=info msg="Starting upload purge in 8m0s" go.version=go1.4.3 instance.id=9d59c958-6764-4951-b438-c8280e5a6c62 version=v2.2.0 
**registry_1 | panic: Get https://registry-1.docker.io/v2/: Forbidden**
registry_1 | 
registry_1 | goroutine 1 [running]:
registry_1 | github.com/docker/distribution/registry/handlers.NewApp(0x7f7cf75022d8, 0xc208138300, 0xc208118500, 0x7f7cf75022d8)
registry_1 |    /go/src/github.com/docker/distribution/registry/handlers/app.go:246 +0x25dc
registry_1 | github.com/docker/distribution/registry.NewRegistry(0x7f7cf7502318, 0xc208138300, 0xc208118500, 0xc208118500, 0x0, 0x0)
registry_1 |    /go/src/github.com/docker/distribution/registry/registry.go:94 +0x2d4
registry_1 | github.com/docker/distribution/registry.func·001(0x1299880, 0xc20802b520, 0x1, 0x1)
registry_1 |    /go/src/github.com/docker/distribution/registry/registry.go:57 +0x2d1
registry_1 | github.com/spf13/cobra.(*Command).execute(0x1299880, 0xc20800a010, 0x1, 0x1, 0x0, 0x0)
registry_1 |    /go/src/github.com/docker/distribution/Godeps/_workspace/src/github.com/spf13/cobra/command.go:495 +0x65c
registry_1 | github.com/spf13/cobra.(*Command).Execute(0x1299880, 0x0, 0x0)
registry_1 |    /go/src/github.com/docker/distribution/Godeps/_workspace/src/github.com/spf13/cobra/command.go:560 +0x18d
registry_1 | main.main()
registry_1 |    /go/src/github.com/docker/distribution/cmd/registry/main.go:22 +0x2a
registry_1 | 
registry_1 | goroutine 9 [syscall]:
registry_1 | os/signal.loop()
registry_1 |    /usr/src/go/src/os/signal/signal_unix.go:21 +0x1f
registry_1 | created by os/signal.init·1
registry_1 |    /usr/src/go/src/os/signal/signal_unix.go:27 +0x35
registry_1 | 
registry_1 | goroutine 11 [sleep]:
registry_1 | github.com/docker/distribution/registry/handlers.func·009()
registry_1 |    /go/src/github.com/docker/distribution/registry/handlers/app.go:938 +0x203
registry_1 | created by github.com/docker/distribution/registry/handlers.startUploadPurger
registry_1 |    /go/src/github.com/docker/distribution/registry/handlers/app.go:945 +0x942
registry_1 | 
registry_1 | goroutine 12 [select]:
registry_1 | github.com/docker/distribution/notifications.(*Broadcaster).run(0xc2081385d0)
registry_1 |    /go/src/github.com/docker/distribution/notifications/sinks.go:80 +0x604
registry_1 | created by github.com/docker/distribution/notifications.NewBroadcaster
registry_1 |    /go/src/github.com/docker/distribution/notifications/sinks.go:39 +0xea
registry_1 | 
registry_1 | goroutine 13 [select]:
registry_1 | github.com/docker/distribution/registry/proxy/scheduler.func·001()
registry_1 |    /go/src/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go:133 +0x2d1
registry_1 | created by github.com/docker/distribution/registry/proxy/scheduler.(*TTLExpirationScheduler).Start
registry_1 |    /go/src/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go:152 +0x39a
registry_1 | 
registry_1 | goroutine 17 [syscall, locked to thread]:
registry_1 | runtime.goexit()
registry_1 |    /usr/src/go/src/runtime/asm_amd64.s:2232 +0x1
registry_registry_1 exited with code 2

Any idea?

Thanks!

Solution

  • People,

    I have discovered why it doesn't works:

    The domain registry-1.docker.io was present in my /etc/hosts file as other IP address just for a reverse proxy.

    The problem is that this reverse proxy is requesting authentication. I've used a traditional Proxy with HTTP_PROXY variable and worked.

    :D