🐞 反馈问题：Proxy认证不生效

[Mabisi]

前置确认

• [X] 我确认使用的是国外未被墙的服务器，并且服务器规格 >= 1C1G

⚠️ 采用脚本进行部署，非脚本部署问题将不被受理

• [X] 我确认使用的是最新脚本部署

⚠️ 搜索issues中是否已存在类似问题

• [X] 我已经搜索过issues、disscussions和问题总结，没有跟我遇到的问题相关的issue

操作系统类型?

Other (请在问题中说明)

复现步骤 🕹

docker-compose.yaml配置

  ## docker hub
  dockerhub:
    container_name: reg-docker-hub
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-hub.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 51000:5000
    networks:
      - registry-net

  ## ghcr.io
  ghcr:
    container_name: reg-ghcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-ghcr.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 52000:5000
    networks:
      - registry-net

  ## gcr.io
  gcr:
    container_name: reg-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-gcr.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 53000:5000
    networks:
      - registry-net

  ## k8s.gcr.io
  k8sgcr:
    container_name: reg-k8s-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8sgcr.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 54000:5000
    networks:
      - registry-net

  ## registry.k8s.io
  k8s:
    container_name: reg-k8s
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8s.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 55000:5000
    networks:
      - registry-net

  ## quay.io
  quay:
    container_name: reg-quay
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-quay.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 56000:5000
    networks:
      - registry-net

  ## mcr.microsoft.com
  mcr:
    container_name: reg-mcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-mcr.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 57000:5000
    networks:
      - registry-net

  ## docker.elastic.co
  elastic:
    container_name: reg-elastic
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-elastic.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 58000:5000
    networks:
      - registry-net

  ## nvcr.io
  nvcr:
    container_name: reg-nvcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-nvcr.yml:/etc/distribution/config.yml
      - ./htpasswd:/auth/htpasswd
    ports:
      - 59000:5000
    networks:
      - registry-net

  ## UI
  registry-ui:
    container_name: registry-ui
    image: dqzboy/docker-registry-ui:latest
    environment:
      - DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
      # [必须]使用 openssl rand -hex 16 生成唯一值
      - SECRET_KEY_BASE=61812f727ba95748f15e6328631805c2
      # 启用Image TAG 的删除按钮
      - ENABLE_DELETE_IMAGES=true
      - NO_SSL_VERIFICATION=true
    restart: always
    ports:
      - 50000:8080
    networks:
      - registry-net

networks:
  registry-net:

htpasswd环境变量已经开启，并且参照说明每个仓库配置都设置了

auth:
  htpasswd:
    realm: basic-realm
    path: /auth/htpasswd

然后修改daemon.json设置加速地址以后，不需要docker login，直接就可以拉取。

[dqzboy]

目前 Docker 官方镜像地址 可以直接拉取

[Mabisi]

目前 Docker 官方镜像地址 可以直接拉取

刚测试了一下，非官方的也可以直接拉取，不经过验证

[dqzboy]

docker exec -it reg-docker-hub cat /auth/htpasswd

看下内容跟主机上的一样吗？

[Mabisi]

docker exec -it reg-docker-hub cat /auth/htpasswd

看下内容跟主机上的一样吗？

内容是一致的

[dqzboy]

docker login 输入账号密码 看看会不会提示登入成功，判断下账号密码是不是可以认证

[Mabisi]

docker login 输入账号密码 看看会不会提示登入成功，判断下账号密码是不是可以认证

Login Succeeded

[dqzboy]

或者访问下 registry-ui 如果访问UI会弹窗输入账号密码 那就说明认证是有效的，就得看下哪方面出了问题，或者客户端配置了代理

[Mabisi]

或者访问下 registry-ui 如果访问UI会弹窗输入账号密码 那就说明认证是有效的，就得看下哪方面出了问题，或者客户端配置了代理

Proxy认证是生效的，我刚又检查了一遍，没登录直接拉取是走直连，而不是走加速服务器拉取的。 但是有一个新问题，docker login登录以后，官方和私库都是走直连，不走代理加速 docker pull hub.your_domain_nam/library/nginx:latest 带上加速地址才会加速

[dqzboy]

怀疑是个你的客户端配置了代理，换个客户端试试