Nexus 3 Registry for Docker – Authentication

Nexus and Docker

Nexus and Docker

This question came in this morning and sounds like it might trip up a lot of people. For those who don’t have time to read the entire thread, the short answer is “docker refuses to send credentials over http.  You need to use an https port.

Original Question

I’m trying out the Docker support in Nexus 3, and I’m struggling to push an image back to the registry. `docker login` succeeds, but when I push I always get “Authentication is required”. For example;

$ docker push localhost:5000/debian:latest
The push refers to a repository [localhost:5000/debian] (len: 1)
Sending image list

Please login prior to push:
Username: <username>
Password: <password>
Email: <email>
WARNING: login credentials saved in /home/username/.docker/config.json
Login Succeeded
The push refers to a repository [localhost:5000/debian] (len: 1)
Sending image list
Pushing repository localhost:5000/debian (1 tags)
Authentication is required.

This happens regardless of whether I have logged-in first or not. Everything else seems to work as expected, it’s just pushing back images.

Answer from Rich Seddon

Are you trying to push to an http port? That won’t work, docker refuses to send credentials over http. You need to use an https port.

The following two tabs change content below.

Rich Seddon

Rich Seddon is Manager QE/Support at Sonatype. You can find him at all hours of the day and night answering questions on the support forums for Nexus and CLM.
Authors

Related posts

2 Comments

  1. Holger Reif said:

    This is wrong.
    docker engine happily sends credentials over http (as long as you specify –insecure-registry for the docker daemon). This is why login succeeds.

    The reason push fails is probably because of missing privilegues to push to the repo. I succeeded by granting nx-repository-view-docker-*-add and nx-repository-view-docker-*-edit.

  2. Rich said:

    @Holger: It’s possible something has changed in recent docker versions which now makes –insecure-registry work in this case. I’ll check on this.

    But generally speaking, we have encountered so many oddities with the use of the “–insecure-registry” option that we can’t recommend it’s use, it is far more trouble than it is worth. See here for more information:

    https://support.sonatype.com/hc/en-us/articles/217542177-Using-Self-Signed-Certificates-with-Nexus-Repository-Manager-and-Docker-Daemon

    Regards,

    Rich

*

Top