-
-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide better error information #25
Comments
Hi, |
This is just a dev instance, so I'm running the registry straight from these Instructions:
Also, as mentioned above, a straight
While I won't argue with your design choices, I would contend that this should be rather unnecessary in a "plain vanilla" dev deployment where one just wishes to see what's possible; especially considering that a plain 'curl' "just works." And, by the way, thanks for confirming that a better error message would be helpful to everyone 😆 It's really too bad about this: while I have found something "that works," this one seemed to have the promise of a better, more pleasant UI - I guess we'll never know... |
CORS (or Cross-origin Resource Sharing) is a browser security and allow by default only Same Origin requests (same URI scheme, host name, and port number). This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page. If you have the UI on http://localhost/ and registry on http://localhost:5000, without the CORS header your browser will drop the request without notification. That is why For the error message, CORS related errors raises
If you don't want to add a configuration file, you can also run your docker registry with the extra option Anyway, I will add a new proxy config with Nginx, this should fix your issue 😉 |
Fixed with bf3e3c9 |
I still can't get it to work :( Here's my version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
# Access-Control-Allow-Headers: ['Authorization']
# Access-Control-Max-Age: [1728000]
# Access-Control-Allow-Credentials: [true]
# Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3 Both the UI and the registry is running inside docker, using these command: docker run -d -p 5000:5000 -v config.yml:etc/docker/registry/config.yml --name registry registry:latest
docker run -d -p 8080:80 -e URL=localhost:5000 --name docker-registry-ui joxit/docker-registry-ui:static Registry works, but the UI can't see the registry, it always complaining that I have to add its URL to Edit: I use your
|
The issue is in your |
I'm also running into this problem @Joxit and I understand all about CORS. I have two docker containers in compose very simulator to whats above:
I am using haproxy to route domain.com to internal registryui:80 I've tried updating the array of
I even tried all of them together in the |
Maybe the problem is that haproxy is dropping the header though...hmmmm |
Got it working! I had the registry_url override for your container incorrect. issue solved. thanks for an awesome app |
You are welcome ❤️ |
By your words I understand that the communication to the registry is done by the browser and then rendered in javascript, not requests to your application and then the application requesting the registry, I guess. Could this be solved browser-side? I mean... I don't want to tell my registry rare things... Even I don't want that to be my default behaviour. Could I tell to my locally-installed Firefox "hey, you browser are allowed to run requests to 192.168.2.55:5000 (where I have the registry) even if the page loaded from 192.168.2.55:9998 (where I export your project)? At the end, it's not a registry problem, it's a browsing problem... Could we enable a "per casis" browser CORS exception? |
IMO, this is a registry miss-configuration and not a browser issue. CORS are used to protect us when browsing. The second solution is to use the docker image You can remove CORS restriction, but do this at your own risks !
sources: stackoverflow, symantec Read more about CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS |
Sure. I did not mean "completely disable CORS in general". I agree this is not desirable. I meant if we could tell Firefox "This X address is allowed to go to this Y address. But, hey browser, continue restricting the rest". The same way when we find an outdated SSL/TSL certificate when browing an If we could "disable CORS" selectively in the browser that would solve the problem. |
WorksIndeed, found it. a) It is possible (at least with firefox) b) IMHO I think it's cleaner doing it from the browser, as the registry itself "should not know" what clients are there. The same way no sysop would tune a MySQL server "just because someone willing to connect does some weird things" I don't think the docker registry should know about anything how it is accessed. The server is the server; and the registry itself does not care what happens in the client side. It serves an API and that's all. Selectively allow CORS on firefoxSo... going to the stuff... In Firefox, there's this add-on: "CORS Everywhere" https://addons.mozilla.org/es/firefox/addon/cors-everywhere/?src=search that allows us SELECTIVELY to trick the CORS only for that setup. Once installed, you can enable/disable CORS tricking: This icon means "deactivated, do nothing", all browsing is safe. This other icon means "browse safely for all the internet BUT for those white-listed sites, allow CORS". The trick is done by altering the response sent from the server so it effectively if it like if we set it server-side BUT without having to alter the server, which was the desired behaviour. In the "CORS Weverywhere" setup you must whitelist a regex matching the REGISTRY SERVER address, which is the one that will be tricked. Set the domain for the registry or the IP address in the configuration. I explicitly avoided the "s" in the http and explicitly allowed any port, for my flexibility, but the regex could be more fine-tuned. I guess there must be similar addons for chrome and other browsers. No restart neededYou don't need to restart anything. I did quit the Firefox by accident, but it seems it'd even work without restarting firefox. TestI loaded the Joxit/docker-registry-ui and saw it failing. Hope this helps some other ones willing to use the Joxit thing and not willing to tune the registry server. Final wordsJoxit, I take advantage of this post to congratulate you for your interface! Great work and thanks to for contributing to the world :D |
This firefox extension didn't work for me. See screenshot below: I ran the default docker registry with: I ran the UI like this: I really don't want to have to re-configure how the registry is launched. I would like the UI piece to be de-coupled from the registry. The registry runs on a headless server so it doesn't have a UI so I can't launch a browser on it and open What are my options? |
Hi @frakman1 You can try this example : https://github.com/Joxit/docker-registry-ui/blob/master/examples/ui-as-proxy/ ( Or add an option to your docker registry via the config.yml http:
headers:
Access-Control-Allow-Origin: ['http://10.x.x.x'] |
The value of like:
|
I am facing this issue for CORS as well. Although i have tried most of the solutions but still not working. I am also fairly new to this docker thing so i am not sure what i am doing wrong here. Here are my configurations. ######################################################## simple.yml######################################################## version: '2.0' ui: ######################################################## /registry-config/simple.yml######################################################## ############################################################### /etc/docker-distribution/registry/config.yml############################################################### after running |
I also have the problem that the CORS plugin was not helping me.
|
In case someone stumbled upon this issue and wants to have an equivalent addon for chromium-based browser you can use
I had a registry with no credentials, so the only change I had to do was to go to |
I added the Allow-Origin header, but the error still appears.
Chrome console log is
|
Hi, please read the messages before sending issues... Your chrome says 6000 is an unsafe port => change your port configuration and use the default one (5000) for example.... |
I am using this to connect to a plain vanilla private registry running on
localhost:5000
and, while I'm sure the registry works just fine (aGET localhost:5000/v2/_catalog
returns all correct values (there is no authentication, no https) and another UI works just fine, this just fails with a:and no information about what could possibly have gone wrong.
I start the UI with:
This is a simple example to verify the registry API is reachable:
The text was updated successfully, but these errors were encountered: