Login/Register
How to expose Docker-Registry behind Apache httpd?
Asked Answered
Solved dockerreverse-proxydocker-registryapache2.4
L

1

5

I'm running a private docker-registry v2 with the following docker-compose.yml file:

registry:
  restart: always
  image: registry:2
  ports:
    - 5000:5000
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server-cert.pem
    REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem
    REGISTRY_AUTH: htpasswd
    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
  volumes:
    - /data/docker-registry:/var/lib/registry
    - /certs/docker-registry:/certs
    - /auth/docker-registry:/auth

and I'm able to do the login locally (SSH, Jenkins,...) at http://localhost:5000.

Now I would like to expose this registry with Apache httpd. I'm running the following version of httpd on CentOS 7:

[root@dev-machine conf.d]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Jun 27 2018 13:48:59

This is my vhosts.conf:

<VirtualHost *:443>
    ServerName dev-machine.com
    ServerAlias www.dev-machine.com

    ErrorLog logs/dev-machine.com-error_log
    CustomLog logs/dev-machine.com-access_log common

    SSLEngine on
    SSLCertificateFile /certs/docker-registry/server-cert.pem
    SSLCertificateKeyFile /certs/docker-registry/server-key.pem

    Header set Host "dev-machine.com"
    Header set "Docker-Distribution-Api-Version" "registry/2.0"
    RequestHeader set X-Forwarded-Proto "https"

    ProxyRequests off
    ProxyPreserveHost on

    ProxyPass           /registry       http://127.0.0.1:5000/
    ProxyPassReverse    /registry       http://127.0.0.1:5000/

    <Location /registry>
        Order deny,allow
        Allow from all

        AuthName "Registry Authentication"
        AuthType basic
        AuthUserFile "/auth/htpasswd"
        Require valid-user
    </Location>
</VirtualHost>

The problem I'm facing is that when I try to login on the registry I get the following error:

izio@1z10:~$ docker login https://dev-machine.com/registry
Username: user
Password: 
Error response from daemon: login attempt to https://dev-machine/v2/ failed with status: 404 Not Found

It seems like redirecting to /v2 instead of using the assigned url in vhosts. What is missing or wrong with this configuration?

Lamm answered 20/10, 2018 at 12:42 Comment(7)
maybe its easy to use nginx instead of apache for thisFrescobaldi
wouldn'it create problems since right now it's all behind Apache, and in addition the only ports I can use are 80 and 443?Lamm
@IjazAhmadKhan It is easy in apache, too. Note also, apache with a multi-threaded mpm performs very well (I don't have benchmarks but I suspect it can be better than nginx).Conscript
Is this configuration still working? I've tried to do the same configuration and, no matter what I do, I am unable to use an alias other than /v2.Thunderstruck
Maybe it could be useful to differentiate read users, from push users. It's unclear how to do it.Precautionary
Also maybe relevant to ServerFaultPrecautionary
Also it would be useful to edit the title to mention that you want a "sub directory" and not a "traditional" Docker registry on the base directory. So this question would be even more clear and more unique compared to others.Precautionary
Y
6

Just update your httpd.conf like this:

ProxyPass           /registry       http://127.0.0.1:5000/v2
ProxyPassReverse    /registry       http://127.0.0.1:5000/v2

Note the "/v2"

Yusem answered 24/10, 2018 at 18:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.