Pushing image to private docker registry with credentials

Question

I'm currently running a registry docker container and ngnix docker container similar to this setup to protect my private docker registry. I'm running Jenkins to automatically build my application inside a docker container which then should push the container to my private docker registry.

The problem comes when I need to push the image. Jenkins (also running in a container) executes a shell script containing the following steps:

sudo docker run hello-world
sudo docker tag -f hello-world localhost:5000/hello:latest
sudo docker login -u username -p pass -e info@example.com localhost:5000/

sudo docker search localhost:5000/
sudo docker push localhost:5000/hello:latest

The build then fails with the following output:

Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson6027890842360704977.sh
+ sudo docker images 
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE 
registry                    latest              e255d21840f8        2 days ago          422.9 MB 
jenkins                     latest              fc39417bd5fb        13 days ago         708.2 MB 
nginx                       latest              407195ab8b07        2 weeks ago         133.9 MB 
localhost:5000/hello        latest              0a6ba66e537a        3 months ago        960 B hello-world              latest              0a6ba66e537a        3 months ago        960 B
+ sudo docker run hello-world

Hello from Docker. This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker Hub account:  https://hub.docker.com

For more examples and ideas, visit:  https://docs.docker.com/userguide/

+ sudo docker tag -f hello-world localhost:5000/hello:latest
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/ 
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded
+ sudo docker search localhost:5000/ 
NAME            DESCRIPTION   STARS     OFFICIAL   AUTOMATED 
library/hello                 0        

+ sudo docker push localhost:5000/hello:latest 
The push refers to a repository [localhost:5000/hello] (len: 1) 
Sending image list Pushing repository localhost:5000/hello (1 tags) 
b901d36b6f2f: Pushing

Please login prior to push: 
Username (username): EOF 
Build step 'Execute shell' marked build as failure 
Finished: FAILURE

In other words, I am able to run and tag the hello-world container. I can login to my private registry and search it. If I want to push my image, however, I need to authenticate again.

Hopefully someone knows a simple solution to this, I couldn't find one myself so far. I'm running docker version 1.9.1, build a34a1d5 on Ubuntu 14.04.3 LTS.

Answer 1

I managed to create a working setup by altering the code from the github source I was using by changing docker-compose.yml so it uses registry v2 (registry:2.2 to be precise) instead of v1, and I added the following route to the nginx.conf file:

location /v2 {
      if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*\$" ) {
        return 404;
      }
      auth_basic "Registry realm";
      auth_basic_user_file docker-registry.htpasswd;

      add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;

      proxy_pass                         http://docker-registry;
      proxy_set_header Host              $http_host;
      proxy_set_header X-Real-IP         $remote_addr;
      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      #proxy_set_header Authorization '';
      proxy_read_timeout                 900;      
    }

Registry v2 does not support searching the registry yet, so I had to remove that command from my jenkins build. Now, when I start a new job, everything works as it should work and the hello-world images is pulled, tagged, and pushed (after I login to the registry) to my private registry.

The output of the jenkins console:

Building in workspace /var/jenkins_home/jobs/HelloWorld/workspace [workspace] $ /bin/sh -xe /tmp/hudson56731521101471087.sh
+ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b901d36b6f2f: Pulling fs layer
0a6ba66e537a: Pulling fs layer
b901d36b6f2f: Verifying Checksum
b901d36b6f2f: Download complete
0a6ba66e537a: Verifying Checksum
0a6ba66e537a: Download complete
b901d36b6f2f: Pull complete
0a6ba66e537a: Pull complete
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
Status: Downloaded newer image for hello-world:latest

Hello from Docker. This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker Hub account:  https://hub.docker.com

For more examples and ideas, visit:  https://docs.docker.com/userguide/

+ sudo docker tag -f hello-world localhost:5000/hello-world:latest
+ sudo docker login -u username -p pass -e info@example.com localhost:5000/ 
WARNING: login credentials saved in /root/.docker/config.json Login Succeeded      
Login Succeeded

+ sudo docker push localhost:5000/hello-world:latest 
The push refers to a repository [localhost:5000/hello-world] (len: 1) 
Sending image list Pushing repository localhost:5000/hello-world (1 tags) 
0a6ba66e537a: Preparing
0a6ba66e537a: Pushing
0a6ba66e537a: Pushed
b901d36b6f2f: Preparing
b901d36b6f2f: Pushing
b901d36b6f2f: Pushed
latest: digest: sha256:1c7adb1ac65df0bebb40cd4a84533f787148b102684b74cb27a1982967008e4b size: 2744
Finished: SUCCESS

Although I now have a working setup, I still haven't found a solution for the problem with the use of registry v1.