Search code examples
virtualboxminikubedocker-registryclient-certificates.htpasswd

I can't login into my private registry from the host machine's command line

This is a couple of weeks since I’m having nightmares failing to login into my private docker registry inside minikube virtual machine on macOS Big Sur with vitualbox 6.1.48 as hypervisor. The registry:2 based container itself is up and running as you can on this screenshot for a docker ps command enter image description here

From the screen you can see that my private registry is available on the 0.0.0.0:5000, which means that I can access it from another docker container on 0.0.0.0:5000, and from my macOS's command I should be able to access it on localhost:5000. When I type the command: docker login 0.0.0.0:5000, I receive this error

« INFO[0018] Error logging in to endpoint, trying next endpoint error="Get "https://0.0.0.0:5000/v2/": net/http: TLS handshake timeout »

I also try to login with localhost:5000 and I receive the same error message as the error above TLS handshake.

So I type the command: minikube ip and receive 192.168.59.108 which is my minikube virtual machine’s ip adrress. Then I try to login with that address: docker login 192.168.59.108:5000, but this time I receive the error

error="login attempt to https://192.168.59.108:5000/v2/ failed with status: 401 Unauthorized"

You can see all the error messages as on the below image: enter image description here

In debugging the issue I get the logs of the container by: docker logs 04d865955936, and I receive the result you see on the screenshot below.It shows no error but is telling of http.secret and I don’t know where that file is located: enter image description here

In fact I used self signed certificate from mkcert to secure the communications with the registry and the volumes where the certificate .cert and .key file are stored are well shown when SSHing in the container.The htpasswd authentication file for managing users is also in there. This is my docker-compose.yml file:

version: "3.7"

services:
  basic-auth:
    restart: always
    image: registry:2
    container_name: kernel-registry
    build:
      context: .
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry.crt
      REGISTRY_HTTP_TLS_KEY: /certs/registry.key
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: basic-realm
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    volumes:
      - /data/:/data
      - /certs:/certs
      - /auth/:/auth

When I remove the TLS certificate and key from the docker-compose environnement configuration, I receive message saying http: server gave HTTP response to HTTPS client. which means that the certificate is mandatory and should not be removed.

I went trough almost all the similar issues of logging into private registry with self signed certificate but nothing is really identical to my case. I disabled my antivirus, I Typed on the console export no_proxy=localhost,127.0.0.1,192.168.59.108:5000,192.168.59.109:5000,0.0.0.0:5000, I Deleted and recreated the VM, but all that not to avail. Some people tell of configuring ~/.docker/daemon.json or /etc/sysconfig/docker but no such file exit on my system. So actually I’m totally confused not even knowing what is the source of these error and where to debug it from. It's now like a huge pain in the ass and I really need your help to solve it. Thank in advance for any help.

Solution

  • Like it is mentioned in a comment, it is not clear from the question what you originally set out to do - setup a local registry with auth, setup a local registry with auth + TLS, setup a local registry with auth and TLS with self signed certs or something else. If it is a local registry with auth and TLS with self signed certs, I don't think it can be done at least as per a note on the docs. If it is just a local registry with auth, I was able to achieve that with the below docker-compose file:

    version: '3.7'

services:
  htpasswd:
    image: httpd:2
    command: >
      sh -c "
        htpasswd -Bbc /auth/htpasswd testuser testpwd
        chmod 644 /auth/htpasswd
      "  
    volumes:
      - ./auth:/auth

  registry:
    image: registry:2
    depends_on:
      - htpasswd
    ports:
      - 5000:5000
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    volumes:
      - ./auth:/auth

    The username and password will be testuser and testpwd respectively. The first service creates the htpasswd file at ./auth/htpasswd, that the second service, which is the registry, then uses. Once the registry is up, I'm able to login with a command like below:

    echo "testpwd" | docker login localhost:5000 -u testuser --password-stdin