Skip to content
This repository was archived by the owner on Apr 17, 2023. It is now read-only.

failed with status: 401 Unauthorized #1407

Closed
lemonrains opened this issue Sep 5, 2017 · 3 comments
Closed

failed with status: 401 Unauthorized #1407

lemonrains opened this issue Sep 5, 2017 · 3 comments
Labels
bug duplicate

Comments

@lemonrains
Copy link

lemonrains commented Sep 5, 2017
edited
Loading

With the lastest docker-compose file to run container.

https://github.com/SUSE/Portus/blob/master/examples/compose/docker-compose.yml

    image: library/registry:2.6
    command: ["/bin/sh", "/etc/docker/registry/init"]
    environment:
      # Authentication
      REGISTRY_AUTH_TOKEN_REALM: https://${MACHINE_FQDN}/v2/token
      REGISTRY_AUTH_TOKEN_SERVICE: ${MACHINE_FQDN}
      REGISTRY_AUTH_TOKEN_ISSUER: ${MACHINE_FQDN}
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /secrets/portus.crt

After setting the ssl files,

  1. .env file to set the FQDN
  2. nginx.conf file to set host
  3. add portus.crt and portus.key to secret folder

I can login to the portus web ui page successful,
however, I can't login by docker login domain.com

and it always get the following error:

registry_1  | time="2017-09-05T13:46:10Z" level=debug msg="authorizing request" go.version=go1.7.6 http.request.host=lemonrains.tech http.request.id=533610dc-ddba-41a9-9d68-c473feb4bbd6 http.request.method=GET http.request.remoteaddr=xxx.xxxx.xxx.xxx http.request.uri="/v2/" http.request.useragent="docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \\(linux\\))" instance.id=e77b1a22-f9a3-4bfd-9213-06ff70d761c3 version=v2.6.2
registry_1  | time="2017-09-05T13:46:10Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.7.6 http.request.host=lemonrains.tech http.request.id=533610dc-ddba-41a9-9d68-c473feb4bbd6 http.request.method=GET http.request.remoteaddr=xxx.xxxx.xxx.xxx http.request.uri="/v2/" http.request.useragent="docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \\(linux\\))" instance.id=e77b1a22-f9a3-4bfd-9213-06ff70d761c3 version=v2.6.2
registry_1  | 172.18.0.6 - - [05/Sep/2017:13:46:10 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \\(linux\\))"
nginx_1     | xxx.xxxx.xxx.xxx - - [05/Sep/2017:13:46:10 +0000] "GET /v2/ HTTP/1.1" 401 87 "-" "docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \x5C(linux\x5C))"
portus_1    | Started GET "/v2/token?account=admin&client_id=docker&offline_token=true&service=lemonrains.tech%3A5000" for xxx.xxxx.xxx.xxx at 2017-09-05 13:46:10 +0000
portus_1    | Processing by Api::V2::TokensController#show as JSON
portus_1    |   Parameters: {"account"=>"admin", "client_id"=>"docker", "offline_token"=>"true", "service"=>"lemonrains.tech:5000"}
portus_1    | Completed 200 OK in 170ms (Views: 0.4ms | ActiveRecord: 39.5ms)
nginx_1     | xxx.xxxx.xxx.xxx - admin [05/Sep/2017:13:46:10 +0000] "GET /v2/token?account=admin&client_id=docker&offline_token=true&service=lemonrains.tech%3A5000 HTTP/1.1" 200 779 "-" "docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \x5C(linux\x5C))"
registry_1  | time="2017-09-05T13:46:10Z" level=debug msg="authorizing request" go.version=go1.7.6 http.request.host=lemonrains.tech http.request.id=7af71d14-904c-4ed2-a568-7cf556c954c0 http.request.method=GET http.request.remoteaddr=xxx.xxxx.xxx.xxx http.request.uri="/v2/" http.request.useragent="docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \\(linux\\))" instance.id=e77b1a22-f9a3-4bfd-9213-06ff70d761c3 version=v2.6.2
registry_1  | time="2017-09-05T13:46:10Z" level=info msg="token from untrusted issuer: \"portus.test.lan\""
registry_1  | time="2017-09-05T13:46:10Z" level=warning msg="error authorizing context: invalid token" go.version=go1.7.6 http.request.host=lemonrains.tech http.request.id=7af71d14-904c-4ed2-a568-7cf556c954c0 http.request.method=GET http.request.remoteaddr=xxx.xxxx.xxx.xxx http.request.uri="/v2/" http.request.useragent="docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \\(linux\\))" instance.id=e77b1a22-f9a3-4bfd-9213-06ff70d761c3 version=v2.6.2
registry_1  | 172.18.0.6 - - [05/Sep/2017:13:46:10 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \\(linux\\))"
nginx_1     |  - - [05/Sep/2017:13:46:10 +0000] "GET /v2/ HTTP/1.1" 401 87 "-" "docker/17.03.2-ce go/go1.7.5 kernel/4.4.23-31.54.amzn1.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.2-ce \x5C(linux\x5C))"

the key-word is token from untrusted issuer: \"portus.test.lan\" ,
with lots of search from google and issues,
#774
#396

I still get the same error, finally I tried to update the docker-compose.yml file of
REGISTRY_AUTH_TOKEN_ISSUER: ${MACHINE_FQDN} to REGISTRY_AUTH_TOKEN_ISSUER: portus.test.lan
It fixed for me, and i can login by docker successful.

however, I don't think this is the best way to fixed this problem, and maybe something config missed for the image of opensuse/portus:head

Can you kindly to help me find it out, Thank you .
@mssola
Copy link
Collaborator

mssola commented Sep 5, 2017

This is more surely related to #1386... There's something fishy on the Docker image ... I'll close this as a duplicate of that one, but feel free to leave more comment if you like 👍

@mssola mssola closed this as completed Sep 5, 2017
@inventionlabsSydney
Copy link

Those who encounter this issue: per #1386 editing your docker-compose and replacing image: opensuse/portus:head with image: jordanjennings/portus:head-working is a temporary work around whilst we wait for the fix.

-Karl.

@raolivei
Copy link

raolivei commented Mar 12, 2019
edited
Loading

What is the ${MACHINE_FQDN} value I should use when setting up Portus, Background and Registry on docker in my Vagrant box?

I am using Ansible+Vagrant for my deploy. Keep getting Unauthorized/Authentication required.

Error response from daemon: Get http://localhost:5000/v2/: unauthorized: authentication required

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mssola @inventionlabsSydney @lemonrains @raolivei