Nexus Docker Registry - Failling anonymous pull

docker https nexus sonatype
Ricardo Katz picture Ricardo Katz · Apr 26, 2016 · Viewed 8.2k times · Source

I'm using Sonatype Nexus as a Private Docker Registry.

While it works with authenticated users, trying to use anonymous user to pull images doesn't work. This happens only on a docker client.

Using the Nexus UI (not logged in) I'm able to browse images on my repo. But trying to pull the images I get an 'Unauthorized' error.

The following is a capture stream of communication between the Docker Client and the Nexus repository:

Wireshark packet capture

This is strange, as the anonymous access is enabled, and according to the docs, I may have a Docker Hosted Registry (with RW access through HTTPs port) and a Docker Group Registry, pointing to a Docker Hosted Registry, with RO/Anonymous access.

Answer

andrewdotn picture andrewdotn · Nov 12, 2017

This feature was added in Nexus 3.6. According to the documentation:

  1. Under Security > Realms, enable the “Docker Bearer Token Realm”
  2. Uncheck “Force basic authentication” in the repository configuration

Related questions

Importing self-signed cert into Docker's JRE cacert is not recognized by the service

A Java Service is running inside the Docker container, which access the external HTTPS url and its self-sign certificate is unavailable to the service/ JRE cacert keystore and therefore connection fails. Hence imported the self-signed certificate of HTTPS external URL …

Read More
Keycloak Docker HTTPS required

I have initialized https://hub.docker.com/r/jboss/keycloak/ on my Digital Ocean Docker Droplet. $docker run -e KEYCLOAK_USER=admin -e -p 8080:8080 KEYCLOAK_PASSWORD={password with upcase etc.} jboss/keycloak success Everything worked well and the server started …

Read More
How to use Let's Encrypt with Docker container based on the Node.js image

I am running an Express-based website in a Docker container based on the Node.js image. How do I use Let's Encrypt with a container based on that image?

Read More