Cannot delete image and view history

[blomsoft]

Hi, I have the same problem as in #75: it works well, except for showing the history and for deleting images. This is my docker-compose.yml, my server is called testserver.local in my private network at home (it's a Raspberry Pi) and the error that I see in the log of docker-registry-ui, when requesting the history or a delete, is msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential". The certificates of docker-registry are self-signed and I don't use HTTPS for docker-registry-ui yet. The browser that I use for docker-registry-ui asks for credentials and these seem to work.

When I turn off authentication on docker-registry, delete and history work fine.

Can you help?

version: '2.0'
services:
  registry:
    restart: unless-stopped
    image: registry:2.7.1
    container_name: docker-registry
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/testserver.local.crt
      REGISTRY_HTTP_TLS_KEY: /certs/testserver.local.key
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://testserver.local:5001]'
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD, GET, OPTIONS, DELETE]'
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization, Accept]'
      REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: '[1728000]'
      REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
    volumes:
      - /storage/registry:/var/lib/registry
      - /home/pi/Docker/docker-registry/certs:/certs
      - /home/pi/Docker/docker-registry/auth:/auth
    networks:
      - registry-ui

  ui:
    restart: unless-stopped
    image: joxit/docker-registry-ui:latest
    container_name: docker-registry-ui
    ports:
      - 5001:80
    environment:
      - REGISTRY_TITLE=My Private Docker Registry
      - REGISTRY_URL=https://testserver.local:5000
      - DELETE_IMAGES=true
      - SINGLE_REGISTRY=true
    depends_on:
      - registry
    networks:
      - registry-ui

networks:
  registry-ui:

Difference without authentication is in these lines (perhaps less changes will do too):

#      REGISTRY_AUTH: htpasswd
#      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
#      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
#      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
#      - /home/pi/Docker/docker-registry/auth:/auth

[blomsoft]

Using joxit/docker-registry-ui:arm32v7 (2 weeks newer than latest) makes no difference.

[Joxit]

Hello, thank you for using my project 😄

I suspect this is due to you environments. Can you replace you registry environments by a configuration file ?
See for your docker-compose :

docker-registry-ui/examples/ui-as-standalone/credentials.yml

Line 9 in db6b74a

- ./registry-config/credentials.yml:/etc/docker/registry/config.yml

version: 0.1
storage:
  delete:
    enabled: true
http:
  addr: 0.0.0.0:5000
  tls:
    certificate: /certs/testserver.local.crt
    key: /certs/testserver.local.key
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://testserver.local:5001']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
  htpasswd:
    realm: Registry Realm
    path: /auth/htpasswd

[blomsoft]

I'm afraid that doesn't solve it. I (still) get an endlessly rotating circle when requesting the history and "An error occurred when deleting image. Check if your server accept DELETE methods Access-Control-Allow-Methods: ['DELETE']." when trying to delete an image.

version: '2.0'
services:
  registry:
    restart: unless-stopped
    image: registry:2.7.1
    container_name: docker-registry
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
#      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/testserver.local.crt
#      REGISTRY_HTTP_TLS_KEY: /certs/testserver.local.key
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
#      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://testserver.local:5001]'
#      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
#      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD, GET, OPTIONS, DELETE]'
#      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization, Accept]'
#      REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: '[1728000]'
#      REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
    volumes:
      - /storage/registry:/var/lib/registry
      - /home/pi/Docker/docker-registry/certs:/certs
      - /home/pi/Docker/docker-registry/auth:/auth
      - /home/pi/Docker/docker-registry/credentials.yml:/etc/docker/registry/config.yml
    networks:
      - registry-ui

  ui:
    restart: unless-stopped
    image: joxit/docker-registry-ui:arm32v7
    container_name: docker-registry-ui
    ports:
      - 5001:80
    environment:
      - REGISTRY_TITLE=My Private Docker Registry
      - REGISTRY_URL=https://testserver.blom:5000
      - DELETE_IMAGES=true
      - SINGLE_REGISTRY=true
    depends_on:
      - registry
    networks:
      - registry-ui

networks:
  registry-ui:

$ docker exec -it docker-registry cat /etc/docker/registry/config.yml
version: 0.1
storage:
# needs the following 2 lines too or else it complains
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
http:
  addr: 0.0.0.0:5000
  tls:
    certificate: /certs/DockerPiAcc.blom.crt
    key: /certs/DockerPiAcc.blom.key
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://testserver.local:5001']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
  htpasswd:
    realm: Registry Realm
    path: /auth/htpasswd

Any ideas?

[spkane]

I am having the same problem. Deletes appear to be properly configured but result in an error and the history link just spins forever. I also don't see much in the way of logs from the UI, is there a way to get some better logging?

[Joxit]

I remember where this issue came from!

This is a docker registry miss-configuration of OPTIONS requests, the registry server MUST return 200 status codes on OPTIONS, but did not.

Solution 1: Use the UI as proxy, you should not have CORS errors... (use NGINX_PROXY_PASS_URL)
Solution 2: Override OPTIONS responses on the proxy where your docker registry is hosted. You will need to return 200 status code with all correct headers (those of your docker registry)

[blomsoft]

Thanks, that works if I also delete REGISTRY_URL so my docker-compose.yml becomes:

version: '2.0'
services:
  registry:
    restart: unless-stopped
    image: registry:2.7.1
    container_name: docker-registry
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/testserver.local.crt
      REGISTRY_HTTP_TLS_KEY: /certs/testserver.local.key
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://testserver.local:5001]'
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD, GET, OPTIONS, DELETE]'
      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization, Accept]'
      REGISTRY_HTTP_HEADERS_Access-Control-Max-Age: '[1728000]'
      REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
    volumes:
      - /storage/registry:/var/lib/registry
      - /home/pi/Docker/docker-registry/certs:/certs
      - /home/pi/Docker/docker-registry/auth:/auth
    networks:
      - registry-ui

  ui:
    restart: unless-stopped
    image: joxit/docker-registry-ui:latest
    container_name: docker-registry-ui
    ports:
      - 5001:80
    environment:
      - REGISTRY_TITLE=My Private Docker Registry
      - NGINX_PROXY_PASS_URL=https://testserver.local:5000
      - DELETE_IMAGES=true
      - SINGLE_REGISTRY=true
    depends_on:
      - registry
    networks:
      - registry-ui

networks:
  registry-ui:

[spkane]

Thank you @blomsoft - That was enough of a hint for me to get it working as well.

This was my working docker-compose.yml and Registry config.

• docker-compose.yaml

services:
  registry:
    container_name: class_registry
    image: registry:2.7
    restart: unless-stopped
    networks:
      - my-net
    ports:
      - "5000:5000"
    environment:
      REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/domain.crt"
      REGISTRY_HTTP_TLS_KEY: "/certs/domain.key"
      REGISTRY_HTTP_SECRET: "kdhsf7834hfhhkf"
    volumes:
     - "./files/config.yml:/etc/docker/registry/config.yml"
     - "./files/htpasswd:/htpasswd"
     - "./data:/var/lib/registry"
     - "./certs:/certs"
  ui:
    container_name: class_registry_ui
    image: joxit/docker-registry-ui:latest
    restart: unless-stopped
    networks:
      - my-net
    ports:
      - "8080:80"
    environment:
      DELETE_IMAGES: "true"
      NGINX_PROXY_PASS_URL: "https://registry:5000"
      REGISTRY_TITLE: "My Private Registry"
      SINGLE_REGISTRY: "true"
    depends_on:
      - registry
networks:
  my-net:
    driver: bridge

• config.yaml

version: 0.1
log:
  accesslog:
    disabled: false
  level: debug
  fields:
    service: registry
    environment: development
storage:
    delete:
      enabled: true
    cache:
      blobdescriptor: inmemory
    filesystem:
      rootdirectory: /var/lib/registry
http:
    addr: 0.0.0.0:5000
    headers:
      X-Content-Type-Options: [nosniff]
      Access-Control-Allow-Origin: ['http://127.0.0.1:8080']
      Access-Control-Allow-Credentials: [true]
      Access-Control-Max-Age: [1728000]
      Access-Control-Allow-Headers: ['Authorization', 'Accept']
      Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
      Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
  htpasswd:
    realm: Registry Realm
    path: /htpasswd
notifications:
  endpoints:
    - name: local-8083
      url: http://localhost:8083/callback
      timeout: 1s
      threshold: 10
      backoff: 1s
      disabled: true
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3