Nexus Docker Registry - Anonymous Shutdown Failling

Question

Nexus Docker Registry - Anonymous Shutdown Failling

I use Sonatype Nexus as a private docker registry.

While it works with authenticated users, trying to use an anonymous user to pull images does not work. This only happens on the docker client.

Using the Nexus UI (not logged in) I can view images on my repo. But, trying to pull out the images, I get an "Unauthorized" error.

The following is a capture flow of communication between the Docker client and the Nexus repository:

Wireshark packet capture

This is strange because anonymous access is enabled, and according to the docs, I can have the Docker Hosted Registry (with RW access through the HTTP port) and the Docker Group registry pointing to the Docker Hosted Registry, with RO / Anonymous access.

+8

nexus

Ricardo katz Apr 26 '16 at 21:10

source share

2 answers

vbe · Answer 1 · 2016-09-12T13:41:57+0000

The Docker Registry API requires authentication to access the registry, even for pull operations, just like Nexus 3. Dockerhub always requires an access token, even for pull. But the reason you can log out of dockerhub anonymously is because it uses a token server, which automatically issues access tokens to anonymous users. This Mochanism is not yet available with Nexus 3.0.1. Perhaps it will be implemented ( https://issues.sonatype.org/browse/NEXUS-10813 ).

So, at the moment, with Nexus 3 you always need to log in before you pull out the image (in the end, with an anonymous user, your rights are set in this way).

andrewdotn · Answer 2 · 2017-11-12T16:15:38+0000

This feature was added in Nexus 3.6. According to the documentation :

In Security> Kingdoms, turn on Docker Carrier Token Area
Uncheck the "Force Basic Authentication" checkbox in the repository configuration

Nexus Docker Registry - Anonymous Shutdown Failling

More articles: