Nexus Docker Registry - Failling anonymous pull

Ricardo Katz picture Ricardo Katz · Apr 26, 2016 · Viewed 8.2k times · Source

I'm using Sonatype Nexus as a Private Docker Registry.

While it works with authenticated users, trying to use anonymous user to pull images doesn't work. This happens only on a docker client.

Using the Nexus UI (not logged in) I'm able to browse images on my repo. But trying to pull the images I get an 'Unauthorized' error.

The following is a capture stream of communication between the Docker Client and the Nexus repository:

Wireshark packet capture

This is strange, as the anonymous access is enabled, and according to the docs, I may have a Docker Hosted Registry (with RW access through HTTPs port) and a Docker Group Registry, pointing to a Docker Hosted Registry, with RO/Anonymous access.

Answer

andrewdotn picture andrewdotn · Nov 12, 2017

This feature was added in Nexus 3.6. According to the documentation:

  1. Under Security > Realms, enable the “Docker Bearer Token Realm”
  2. Uncheck “Force basic authentication” in the repository configuration