Closed mahesh3267 closed 8 years ago
dial tcp 10.146.3.120:443: connection refused.
tells you your registry is not runninng at that ip.
Hi,
I have the same issue.
Conditions:
command used
docker run -d -p 5000:5000 --restart=always --name registry -v /root/certs:/certs -v /reg:/var/lib/registry -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2
push/pull works
Add authentication as indicated in Basic native auth
When trying to log on with docker login myreg.net:5000
, I got some TLS handshake errors. So I trusted the certificate as indicated here
TLS handshake errors are gone. A curl works as well:
[root@reg02 anchors]# curl -v https://myreg.net:5000/v2/_catalog
* About to connect() to myreg.net port 5000 (#0)
* Trying 192.168.60.11...
* Connected to myreg.net (192.168.60.11) port 5000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=myreg.net,O=Agile Partner,L=Luxembourg,ST=Luxembourg,C=LU
* start date: Aug 17 12:34:01 2015 GMT
* expire date: Aug 16 12:34:01 2016 GMT
* common name: myreg.net
* issuer: CN=myreg.net,O=Agile Partner,L=Luxembourg,ST=Luxembourg,C=LU
> GET /v2/_catalog HTTP/1.1
> User-Agent: curl/7.29.0
> Host: myreg.net:5000
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< Date: Mon, 17 Aug 2015 14:28:58 GMT
< Content-Length: 46
<
{"repositories":["busybox","httpd","ubuntu"]}
* Connection #0 to host myreg.net left intact
I still can push/pull without being logged in.
command used
docker run -d -p 5000:5000 --restart=always --name registry -v /root/certs:/certs -v /root/auth:/auth -v /reg:/var/lib/registry -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2
On the "client"
[root@reg02 anchors]# docker login https://myreg.net:5000
Username: testuser
Password:
Email: mymail@gmail.com
Error response from daemon: no successful auth challenge for https://myreg.net:5000/v2/ - errors: []
Logs on the registry
time="2015-08-17T14:41:21Z" level=info msg="response completed" http.request.host="myreg.net:5000" http.request.id=3914780f-6c01-44ff-a710-b0313808380e http.request.method=GET http.request.remoteaddr="192.168.60.12:49459" http.request.uri="/v2/" http.request.useragent="docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.962546ms http.response.status=200 http.response.written=2 instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
192.168.60.12 - - [17/Aug/2015:14:41:21 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64"
It's as if the basic authentication is not active at all.
Here is the begining of the registry logs
time="2015-08-17T14:26:56Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in t
he configuration file or set the REGISTRY_HTTP_SECRET environment variable." instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
time="2015-08-17T14:26:56Z" level=info msg="redis not configured" instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
time="2015-08-17T14:26:56Z" level=info msg="using inmemory blob descriptor cache" instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
time="2015-08-17T14:26:56Z" level=info msg="Starting upload purge in 55m0s" instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
time="2015-08-17T14:26:57Z" level=info msg="listening on [::]:5000, tls" instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
time="2015-08-17T14:27:05Z" level=info msg="response completed" http.request.host="myreg.net:5000" http.request.id=0dff0ae8-cc12-4a79-9317-bdc59caf8268 http.request.method=GET http.request.remoteaddr="192.168.60.1:60053" http.request.uri=
"/v2/_catalog" http.request.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36" http.response.contenttype="application/json; charset=utf-8" http.response.du
ration=2.614145ms http.response.status=200 http.response.written=46 instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
192.168.60.1 - - [17/Aug/2015:14:27:05 +0000] "GET /v2/_catalog HTTP/1.1" 200 46 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
192.168.60.1 - - [17/Aug/2015:14:27:06 +0000] "GET /favicon.ico HTTP/1.1" 404 19 "https://myreg.net:5000/v2/_catalog" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.
36"
time="2015-08-17T14:27:43Z" level=info msg="response completed" http.request.host="myreg.net:5000" http.request.id=2042909c-d692-4fd8-9132-a7abe675f75d http.request.method=GET http.request.remoteaddr="192.168.60.12:49452" http.request.uri
="/v2/" http.request.useragent="docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.848427ms http.response.
status=200 http.response.written=2 instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
192.168.60.12 - - [17/Aug/2015:14:27:43 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64"
time="2015-08-17T14:28:01Z" level=info msg="response completed" http.request.host="myreg.net:5000" http.request.id=8ed7927f-c741-4008-8c1b-9eec9bfa2a7e http.request.method=GET http.request.remoteaddr="192.168.60.12:49453" http.request.uri
="/v2/" http.request.useragent="docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.055284ms http.response.
status=200 http.response.written=2 instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
192.168.60.12 - - [17/Aug/2015:14:28:01 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64"
time="2015-08-17T14:28:01Z" level=info msg="response completed" http.request.host="myreg.net:5000" http.request.id=0a97f37a-62ee-4fb6-9601-96084c1cd130 http.request.method=GET http.request.remoteaddr="192.168.60.12:49454" http.request.uri
="/v2/busybox/manifests/latest" http.request.useragent="docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=5
.141901ms http.response.status=200 http.response.written=5697 instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b145cd9afd version=v2.1.1
192.168.60.12 - - [17/Aug/2015:14:28:01 +0000] "GET /v2/busybox/manifests/latest HTTP/1.1" 200 5697 "" "docker/1.8.1 go/go1.4.2 git-commit/d12ea79 kernel/3.10.0-229.11.1.el7.x86_64 os/linux arch/amd64"
time="2015-08-17T14:28:58Z" level=info msg="response completed" http.request.host="myreg.net:5000" http.request.id=5f7ab413-e908-430c-8123-525a374b5118 http.request.method=GET http.request.remoteaddr="192.168.60.12:49455" http.request.uri
="/v2/_catalog" http.request.useragent="curl/7.29.0" http.response.contenttype="application/json; charset=utf-8" http.response.duration=3.295505ms http.response.status=200 http.response.written=46 instance.id=c5bc7d6b-1f0c-4cc3-9612-d3b14
5cd9afd version=v2.1.1
192.168.60.12 - - [17/Aug/2015:14:28:58 +0000] "GET /v2/_catalog HTTP/1.1" 200 46 "" "curl/7.29.0"
@olibob
-e "REGISTRY_AUTH=htpasswd"
(see https://github.com/docker/distribution/blob/master/docs/deploying.md#native-basic-auth )4.TLS error on login, if you still experience it (docker 1.6?), see at the bottom here: https://github.com/docker/distribution/blob/master/docs/nginx.md#docker-still-complains-about-the-certificate
Let me know if that helps.
@mahesh3267 closing this for bookkeeping. Let me know if you still have issues.
@dmp42
Noted: https://github.com/docker/distribution Adding the missing environment variable fixed the issue.
Thank you for your time and help.
Welcome @olibob Happy you got it working.
@olibob: hi I have the same problem,How do you solve the problem? this is my logs: time="2015-10-12T09:48:34Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." instance.id=738e2633-246e-4d53-8ed4-24addef562ee version=v2.1.
@xuedihualu please read the comments. This here is not the place to report registry:2 issues.
Please also start by following the documentation step by step: https://github.com/docker/distribution/blob/master/docs/deploying.md
If you still have issues doing so, open a new ticket on https://github.com/docker/distribution
Hi All,
Myself having trouble to login to our private docker registry, find the following error and suggest .
Tried adding --insecure-registry to /etc/default/docker file, looks like there is no impact on issue.
Kindly suggest.