dockerreverse-proxydocker-registryapache2.4

How to expose Docker-Registry behind Apache httpd?


I'm running a private docker-registry v2 with the following docker-compose.yml file:

registry:
  restart: always
  image: registry:2
  ports:
    - 5000:5000
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server-cert.pem
    REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem
    REGISTRY_AUTH: htpasswd
    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
  volumes:
    - /data/docker-registry:/var/lib/registry
    - /certs/docker-registry:/certs
    - /auth/docker-registry:/auth

and I'm able to do the login locally (SSH, Jenkins,...) at http://localhost:5000.

Now I would like to expose this registry with Apache httpd. I'm running the following version of httpd on CentOS 7:

[root@dev-machine conf.d]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Jun 27 2018 13:48:59

This is my vhosts.conf:

<VirtualHost *:443>
    ServerName dev-machine.com
    ServerAlias www.dev-machine.com

    ErrorLog logs/dev-machine.com-error_log
    CustomLog logs/dev-machine.com-access_log common

    SSLEngine on
    SSLCertificateFile /certs/docker-registry/server-cert.pem
    SSLCertificateKeyFile /certs/docker-registry/server-key.pem

    Header set Host "dev-machine.com"
    Header set "Docker-Distribution-Api-Version" "registry/2.0"
    RequestHeader set X-Forwarded-Proto "https"

    ProxyRequests off
    ProxyPreserveHost on

    ProxyPass           /registry       http://127.0.0.1:5000/
    ProxyPassReverse    /registry       http://127.0.0.1:5000/

    <Location /registry>
        Order deny,allow
        Allow from all

        AuthName "Registry Authentication"
        AuthType basic
        AuthUserFile "/auth/htpasswd"
        Require valid-user
    </Location>
</VirtualHost>

The problem I'm facing is that when I try to login on the registry I get the following error:

izio@1z10:~$ docker login https://dev-machine.com/registry
Username: user
Password: 
Error response from daemon: login attempt to https://dev-machine/v2/ failed with status: 404 Not Found

It seems like redirecting to /v2 instead of using the assigned url in vhosts. What is missing or wrong with this configuration?


Solution

  • Just update your httpd.conf like this:

    ProxyPass           /registry       http://127.0.0.1:5000/v2
    ProxyPassReverse    /registry       http://127.0.0.1:5000/v2
    

    Note the "/v2"