moby: Docker client does not handle 401 Unauthorized response codes from registry correctly

Docker (1.9.1) only checks for 401 HTTP status code on GET /v2/ but it will not attempt authentication on later 401 status response codes. My use case: our registry needs to allow unauthenticated pulls (therefore will return 200 on GET /v2/), but it requires authentication on “push”.

Docker client version: 1.9.1

Used registry: https://github.com/zalando-stups/pierone

Docker client will print “<nil>” on the console instead of attempting authentication (as it should).

docker-why

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Reactions: 6
  • Comments: 21 (10 by maintainers)

Most upvoted comments

@icy we use the same approach (“workaround”) in our Pier One Docker registry, i.e. we have two DNS entries pointing to the same app:

  • registry-write.opensource.zalan.do to push (with authentication, will return 401 on GET /v2/)
  • registry.opensource.zalan.do to pull (without authentication, will return 200 on GET /v2/)
+2
hjacobs on May 18, 2016

Can you provide documentation in order to address this issue? At the moment I am not able to find the right configuration combining registry V2 with nginx.

+2
joda70 on Mar 16, 2016
Read more comments on GitHub
← moby: docker-ce segmentation fault on Raspbian (v18.09.03)
moby: docker client doesn't pass signals when a terminal is attached →