Community discussions

MikroTik App
  4. Other topics
  5. Containers

Self-hosted registry with basic http auth

Post Reply
 
ks138
just joined
Topic Author
Posts: 3
Joined: Fri Jan 24, 2025 8:59 pm

Self-hosted registry with basic http auth

Fri Jan 24, 2025 9:09 pm

Hello.

I see strange bug with http authentication in my docker registry ROS 7.17
i'm configure registry url, username, password and get 401 error.
Code: Select all
/container config
set ram-high=512.0MiB registry-url=http://10.10.10.4:5000/v2/ tmpdir=/usb1-part1/temp username=megauser111:dsadaskldaskdla
Code: Select all
 2025-01-25 01:56:19 container,info,debug failed to parse www-auth
 2025-01-25 01:56:19 container,info,debug was unable to import, container c0b5e568-81b3-471e-b5f6-8ec0450fe59f

Next i'm check get image from registry with disabled basic auth in registry side and all working, router pulled image.

Next step i'm run packet sniffer in server with registry and see router not send authentication data to my registry.
Code: Select all
GET /v2/ HTTP/1.1
Accept-Encoding: deflate, gzip
Host: 10.10.10.4:5000
User-Agent: MikroTik
I'm attach traffic dump.
Last edited by chechito on Fri Jan 24, 2025 9:41 pm, edited 1 time in total.
Reason: remove attachment please post text capture instead of files
Top
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1671
Joined: Thu Jul 01, 2021 3:15 pm
Contact:
Contact tangent

Re: Self-hosted registry with basic http auth

Sun Jan 26, 2025 5:29 am

i'm configure registry url, username, password and get 401 error.

You're trying to set it as username:password, but password= is a separate setting:

Code: Select all
/container config
set ram-high=512.0MiB \
registry-url=http://10.10.10.4:5000/v2/ \
tmpdir=/usb1-part1/temp \
username=megauser111 \
password=dsadaskldaskdla
Top
 
ks138
just joined
Topic Author
Posts: 3
Joined: Fri Jan 24, 2025 8:59 pm

Re: Self-hosted registry with basic http auth

Sun Jan 26, 2025 2:52 pm

i'm configure registry url, username, password and get 401 error.

You're trying to set it as username:password, but password= is a separate setting:

Code: Select all
/container config
set ram-high=512.0MiB \
registry-url=http://10.10.10.4:5000/v2/ \
tmpdir=/usb1-part1/temp \
username=megauser111 \
password=dsadaskldaskdla
I'm try different variations. username=user password=password, and username=username:password, and in url http://username:password@10.10.10.4:5000/v2/
Nothing. RouterOS not sending header "authorization: Basic ..." in http request to registry.
I'm use latest stable version for HAP ax3 - 7.17, also i'm try install 7.18beta - get same result


UPDATE
Also i'm try get private image from official docker registry (hub.docker.com) with authorization credentials on hub.docker.com - all ok. Authorization pass.
Top
 
optio
Forum Veteran
Forum Veteran
Posts: 964
Joined: Mon Dec 26, 2022 2:57 pm

Re: Self-hosted registry with basic http auth

Sun Jan 26, 2025 7:15 pm

Docker registry API v2 uses Oauth2 Token Authentication with Bearer access token not Basic, that could be the reason why ROS is not sending authorization header with Basic auth data.

You can remove authorization in own registry service if you don't have Oauth2 implementation and restrict access to it on network level.
Top
 
ks138
just joined
Topic Author
Posts: 3
Joined: Fri Jan 24, 2025 8:59 pm

Re: Self-hosted registry with basic http auth

Mon Jan 27, 2025 5:11 am

Docker registry API v2 uses Oauth2 Token Authentication with Bearer access token not Basic, that could be the reason why ROS is not sending authorization header with Basic auth data.

You can remove authorization in own registry service if you don't have Oauth2 implementation and restrict access to it on network level.
Thanks! I'm attach cesanta/docker_auth to my own docker registry and now authorization works fine.
Top
Post Reply
  4. Other topics
  5. Containers