I'm not able to auth on private registry

[jeusdi]

I've create an htpasswd file and a certificate (a .crt + .key files).

After that I start my registry:

docker run -d -p 5000:5000 -p 444:443 --restart=always --name registry
    -v /root/docker-registry/auth/:/auth 
    -e "REGISTRY_AUTH=htpasswd"
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Restricted"
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/docker-registry.htpasswd
    -v /root/docker-registry/certs/:/certs
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt
    -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key registry:2

So, I'm trying to login on registry, but I'm receiving this response:

docker login -u XXX -p PPP -e [email protected] localhost:5000

Response:

Warning: '-e' is deprecated, it will be removed soon. See usage.
Error response from daemon: login attempt to https://localhost:5000/v2/ failed with status: 401 Unauthorized

I've took a look on logs (docker logs registry):

172.17.0.1 - - [18/Jul/2016:07:49:16 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))"
time="2016-07-18T07:49:16Z" level=error msg="error authenticating user "jordi": authentication failure" go.version=go1.6.2 http.request.host="localhost:5000" http.request.id=209842a5-2d5c-468b-a444-2b960c2fb696 http.request.method=GET http.request.remoteaddr="172.17.0.1:58953" http.request.uri="/v2/" http.request.useragent="docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))" instance.id=74445728-3e01-4ef6-9027-109b5fcfd135 version=v2.4.1
time="2016-07-18T07:49:16Z" level=warning msg="error authorizing context: basic authentication challenge for realm "Restricted": authentication failure" go.version=go1.6.2 http.request.host="localhost:5000" http.request.id=209842a5-2d5c-468b-a444-2b960c2fb696 http.request.method=GET http.request.remoteaddr="172.17.0.1:58953" http.request.uri="/v2/" http.request.useragent="docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))" instance.id=74445728-3e01-4ef6-9027-109b5fcfd135 version=v2.4.1
172.17.0.1 - - [18/Jul/2016:07:49:16 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.10.0-327.18.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.2 (linux))"

I've been working on this issue for a long time, but I'm quite able to figure out waht I'm doing wrong...

[dmp42]

@jeusdi can you copy paste the command you ran to create your htpasswd file?

[jeusdi]

You given me a clue. I've dug out a bit and I've realised I used htpasswd command tool without -B option:

htpasswd -Bbn user passwd > docker-registry.htpasswd

It works fine now using this command:

docker login -u user -p passwd -e [email protected] localhost:5000

Login Succeeded

However, as you can see before I've configured registry with TLS certificates.

docker login -u user -p passwd -e [email protected] https://localhost:443

I'm comming up with this message each time:

Error response from daemon: Get http://localhost:443/v1/users/: read tcp [::1]:58076->[::1]:443: read: connection reset by peer

registry is listening on 443 and 5000:

# docker port registry
443/tcp -> 0.0.0.0:443
5000/tcp -> 0.0.0.0:5000

So, I'm trying to connect to it using only secured connection...

[testzlx]

I have the same problem,please help

[aaronisme]

facing the same issue and -B is worked for me as well. but got a question about it. I have read the document for htpasswd.

'-B' seems like use bcrypt encryption method.

is it the only encryption method supported ?