Cannot add new registry due to self-signed certificate

[parkas2018]

I have a registry v2 running on a machine using a self-signed certificate. I don't have any authentication setup to be able to push/pull from this registry.

I'm running docker-registry-manager in my local machine using following command:
docker run --detach --name docker-registry-manager -p 8080:8080 snagles/docker-registry-manager

When I launch "http://localhost:8080" on my machine, I can access the registry manager. But, using the interface I cannot add a new registry that can be monitored by this registry manager. I fill-in all the required fields and when I click on "Test" button, I get a generic error. But, I choose to add the registry despite the failure from previous test, I get a one line error on the browser regarding x509 certificate signed by unknown authority error.

Is it possible to use this registry manager to access a privately hosted v2 docker registry that is using a self-signed certificate?

[snagles]

@parvezakkas This should be fixed now, check the box in the interface for skipping tls verification.

Let me know if you have any issues, I'll close this otherwise.

[parkas2018]

Thanks for looking into this so quickly. Unfortunately I'm not seeing the changes. Not sure where I've gone wrong. Here's what I did:

1. Pulled the latest image from docker hub: docker pull snagles/docker-registry-manager
2. Run the docker image: docker run -d --name registry-ui -p 8080:8080 snagles/docker-registry-manager
3. Browse to "http://localhost:8080" on my machine and try to add my own private hosted registry

I still see the same UI interface. I don't see the check-box to skip tls verification. I then removed the container and try to re-run the image but this time I set the MANAGER_SKIP_TLS environment variable: docker run -d --name registry-ui -p 8080:8080 -e MANAGER_SKIP_TLS=true snagles/docker-registry-manager

But that didn't help either. I'm still not able to add my private registry. Did I miss any step?

[snagles]

Give it a try now, I re-pushed the updated docker image. I ran the command you posted on my mac
with the updated image and it seemed to work, I'm thinking my auto-deploy to the Docker hub might not have worked. You should see an option like below when you have "HTTPS" selected.

Let me know if there are still issues, I can set up a fresh testing environment and debug further. If it doesn't work try doing a docker build . in the cloned repo and running via that container.

[parkas2018]

Cool!! Now I can see the new changes after pulling from docker hub again. I was able to add my private registry successfully but ran into another issue. I'm not seeing any repositories listed at all.

When I browse to "Admin -> Settings -> Logs" from the UI, I'm seeing a lot of errors like this: Could not connect to registry to get the repository count. Get /v2/_catalog?last=myRepoName%2Fmy-image-name&n=100: unsupported protocol scheme ""

I suspect the scheme (https) is not being set somewhere. I did a test by browsing to my registry directly using "https://myregistry/v2/_catalog?last=myRepoName%2Fmy-image-name&n=100" and I do get data back from the registry.

Please let me know if this should be a separate issue. And, thanks again for the quick response on Skipping TLS verification.

[snagles]

Definitely related, I missed a spot, I'll push out a fix this evening when I get back to a computer.

Thanks for the continued updates and testing.

[snagles]

So I so far have not been able to reproduce this, are you adding the registry via the docker run command line or through the UI? There is nowhere (that I could find) where the scheme would be added incorrectly unless there is a problem parsing the form that I could not recreate. Could you try other methods of running i.e docker compose or go build itself? Trying to find some commonality.

Running the docker run -d --name registry-ui -p 8080:8080 -e MANAGER_REGISTRIES=https://172.17.0.2:5000 -e MANAGER_SKIP_TLS=true snagles/docker-registry-manager works in my test environment, as does running docker run -d --name registry-ui -p 8080:8080 snagles/docker-registry-manager and then the below screenshot

[parkas2018]

I tried to add the registry when running the docker image: docker run -d --name registry-ui -p 8080:8080 -e MANAGER_REGISTRIES=https://myRegistry:443 -e MANAGER_SKIP_TLS=true snagles/docker-registry-manager

Unfortunately I still have same issue. Registry is available in the UI but Repository page is empty.

Tried to build the project but started getting these errors.

	/usr/local/go/src/code.cloudfoundry.org/bytefmt (from $GOROOT)```
I probably don't have the environment setup properly

[snagles]

Would you mind posting your registry yaml config file, or the command used to start the registry?

[snagles]

I just pushed a new docker image with a little more debugging output, if you would be so kind to test a little further:

1. Remove the old image (docker rmi snagles/docker-registry-manager)
2. Pull the new image (docker pull snagles/docker-registry-manager)
3. Start the container docker run -d --name registry-ui -p 8080:8080 snagles/docker-registry-manager
4. Add from the interface
5. Check the logs in the container itself docker exec -it registry-ui /bin/bash , then navigate to the logs directory and cat logs.json. There may be additional information in there that is not parsed and shown in the interface (still wip)

If it is more convenient we can discuss via slack as well and debug further. I've created a slack group (https://join.slack.com/t/registry-manager/shared_invite/MjE5NTU2Nzg5MDI3LTE1MDE0MjkwNDUtMDVmMGNmMGQzNw) for support.

[parkas2018]

Below is what I got from the log.json file from within the docker container.

I'm not sure if this could be the reason but currently I don't have any images in myRepoName%2Fmy-image-name. It's an empty repository where I had some images but they have been deleted. Last time I checked the V2 registry's API, there isn't anything available to completely delete a repository. So, this myRepoName%2Fmy-image-name still shows up under "v2/_catalog" REST api call from the registry.

{"file":"log.go","level":"info","line":610,"msg":"Admin server Running on :8088","source":"beego","time":"2017-07-31T00:29:06Z"}
{"file":"registry.go","level":"info","line":56,"msg":"Refreshing https://myRegistry:443","source":"app","time":"2017-07-31T00:29:41Z"}
{"Error":"Get /v2/_catalog?last=myRepoName%2Fmy-image-name\u0026n=100: unsupported protocol scheme \"\"","file":"registry.go","level":"error","line":62,"msg":"Failed to retrieve an updated list of repositories for https://myRegistry:443","source":"app","time":"2017-07-31T00:29:42Z"}
{"level":"error","msg":"Could not connect to registry (https://myRegistry:443) to get the repository count: Get /v2/_catalog?last=myRepoName%2Fmy-image-name\u0026n=100: unsupported protocol scheme \"\" ","time":"2017-07-31T00:29:43Z"}

[snagles]

Hi parvezakkas,

Looks like the issue was with the heroku docker registry client. See heroku/docker-registry-client#27. I've implemented the fix described in one of the pull requests, let me know if you have any further issues. Thank you for providing all of the background details

[parkas2018]

That's odd. I'm still getting same error in the log and still cannot see any repositories in the UI.
I've deleted all instances of snagle/docker-registry-manager and pulled it from docker hub again.

Is it possible that the latest image hasn't been pushed to docker hub?

[snagles]

Give it a try one more time, just like before the docker push failed

[parkas2018]

yay!! I can finally see my repositories and images. Thank you for continue to look into it. This is exactly what I was looking for in a registry manager/ui.

Found an issue with repository inventory and image delete action but I'll open a separate issue for it.