parabuzzle / craneoperator Goto Github PK

View Code? Open in Web Editor NEW

127.0 5.0 32.0 3.79 MB

Gives you a simple web interface for browsing around a Docker Registry

Home Page: https://hub.docker.com/r/parabuzzle/craneoperator

License: MIT License

Ruby 29.49% CSS 1.07% HTML 5.60% JavaScript 62.19% Dockerfile 1.66%

registry docker-registry browse docker

craneoperator's Introduction

CraneOperator

Just as crane operators can see where all the containers that are in the shipyard, CraneOp gives you a simple web interface for browsing around a Docker Registry running version 2.0+

VERSION 2.2 Includes a bunch of new requested features!

What's new in Version 2.2?

Filtering of container list
Filtering of the tag list
More layer info
Permalinks!
Login to the registry through the UI
Default tag selection if there's only 1 tag for a container

Why Crane Operator?

When you run your own internal docker registry, it can be challenging to find out what has been saved there. I wanted to create a simple and lightweight frontend for browsing my registry. Most solutions that exist are built for registry v1 and don't work with the newer registry v2. (to be honest, its hard enough to even get registry v2 working... browsing it shouldn't be)

How do I run it?

docker run -d -p 80:80 parabuzzle/craneoperator:latest

How do I configure it?

Available Environment Variables:

note: some variables changed in version 2.2

REGISTRY_HOST - the registry host to browse (default: localhost)
REGISTRY_PORT - the port of the registry host (default: 5000)
REGISTRY_PROTOCOL - the protocol to use (ie: http or https) (default: https)
SSL_VERIFY - should the certificate be verified if using SSL (default: true)
REGISTRY_PUBLIC_URL - optional url to use for displaying in pull command and footer (default: REGISTRY_HOST:REGISTRY_PORT)
ALLOW_REGISTRY_LOGIN - Adds a login option to the UI for logging into the Registry for each user
SESSION_SECRET - The session secret for storing the user credentials passed in via ALLOW_REGISTRY_LOGIN
- note: You should set this to a long random string if you are using ALLOW_REGISTRY_LOGIN
REGISTRY_USERNAME - the username to use if the registry has auth enabled (if ALLOW_REGISTRY_LOGIN enabled, this is overridden by the user's session)
REGISTRY_PASSWORD - the password to use if the registry has auth enabled (if ALLOW_REGISTRY_LOGIN enabled, this is overridden by the user's session)
TITLE - Changes the brand title (for those that like to change that sort of thing)
USERNAME - setting this will activate BASIC AUTH and require this username
PASSWORD - optional password for BASIC AUTH (you must set the USERNAME for this to work)
REGISTRY_ALLOW_DELETE - when set to true will expose the delete action on images (default: false)
- note: you must enable delete actions on your registry.
- note: some caching schemes may also cause deletes to occur but not be apparent in the UI right away

docker run -d \
  -p 80:80 \
  -e REGISTRY_HOST=registry.yourdomain.com \
  -e REGISTRY_PORT=443 \
  -e REGISTRY_PROTOCOL=https \
  -e SSL_VERIFY=false \
  -e ALLOW_REGISTRY_LOGIN=true \
  -e REGISTRY_ALLOW_DELETE=true \
  parabuzzle/craneoperator:latest

craneoperator's People

Contributors

Stargazers

Watchers

craneoperator's Issues

Add default Tag selection

If a Repo was selected, select the first Tag by default (especially if only one Tag exists )

Display layer information

display detail layer information like size etc.

build image docker error

i try rebuild docker image from source code

#9 72.05 info [email protected]: The platform "linux" is incompatible with this module.
#9 72.05 info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
#9 72.06 error [email protected]: The engine "node" is incompatible with this module. Expected version ">=12".
#9 72.06 error Found incompatible module
#9 72.06 info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
----
executor failed running [/bin/sh -c apk add --update nodejs g++ musl-dev make linux-headers yarn &&     yarn install &&     node_modules/.bin/webpack &&     rm -rf node_modules &&     bundle install --deployment &&     apk del nodejs g++ musl-dev make linux-headers]: exit code: 1

Uncaught Error: Cannot find module "prop-types"

I keep getting

Uncaught Error: Cannot find module "prop-types"

when starting the container, and attaching to a local registry, have tried a number of settings.

Add Login Feature

Need to replace the default Registry Login stuff with a per session login. This can be done by prompting for registry login and saving the login info in the session and using that to pass to the registry via basic auth.

Image delete has no function

I'm using current :latest release with REGISTRY_ALLOW_DELETE=true but hitting delete button obviously has no function as the image will not disappear from UI.

Checking registry using curl:
curl https://my-private-registry.docker:5000/v2/_catalog

only lists the image not deleted, so delete seems to work at registry but not for UI (caching?!).

Add ability to login via github

Hello.

Does it possible to allow login via GitHub?

Text overflow for long Tags

As seen in the screenshot the text overflows for long tags. Should be cut from my point of view

Container still appears in list after deleting all Tags

After deleting all tags of a container, it continues to appear in the containers list. When clicking it in the list of containers an error "404 page not found" is thrown.

If a container has no tags, then it probably should not appear in the containers list.
A container without tags doesn't occupy space after the garbage collector has run.

Provide More Debug Information

Hi,
thanks for this promising project.
Unfortunately, I don't see any registry content in the UI. There are only the loading indicators. In the Chrome Dev Tools Console I see the following errors:

bundle.js:20528 GET http://localhost:8080/containers.json 500 (Internal Server Error)xhrAdapter @ bundle.js:20528executor @ bundle.js:20377dispatchRequest @ bundle.js:20373
bundle.js:40705 Uncaught (in promise) TypeError: Cannot read property 'setState' of undefined
    at http://localhost:8080/bundle.js:40705:14(anonymous function) @ bundle.js:40705
bundle.js:20528 GET http://localhost:8080/container/undefined/tags.json 500 (Internal Server Error)xhrAdapter @ bundle.js:20528executor @ bundle.js:20377dispatchRequest @ bundle.js:20373
bundle.js:41445 Uncaught (in promise) TypeError: Cannot read property 'setState' of undefined(…)(anonymous function) @ bundle.js:41445

Maybe it's a SSL issue? It would be great to get more information about the reason for the failing (e.g. in the http response or directly in the ui). Also the log files within the container doesn't contain something helpful.

My start command:

docker run -d \
  -p 8080:80 \
  -e REGISTRY_HOST=registry.domain.net \
  -e REGISTRY_PORT=80 \
  -e REGISTRY_PROTO=https \
  -e REGISTRY_SSL_VERIFY=true \
  -e REGISTRY_USERNAME=user \
  -e REGISTRY_PASSWORD=pw \
  -e REGISTRY_ALLOW_DELETE=false \
  --name ui \
  parabuzzle/craneoperator:latest

Looking forward to your response!
Cheers Philipp

Add basic auth

Basic auth would be good

Infinite loop in /api/containers

Pointing craneoperator to our internal Docker registry causes the /api/containers endpoint to go into an infinite loop.

The code assumes that the GET call to /v2/_catalog will return an empty collection when the last page has been reached. In the Docker registry implementation we are using, asking for the page after the last one returns the first page again, triggering an infinite loop.

As per the Docker spec (https://docs.docker.com/registry/spec/api/#listing-repositories) craneoperator should the link header to step through the pages and the absence of a response 'link' header would indicate that all repositories have been retrieved.

make the api less confusing

the current endpoints are confusing and error prone..

change them to:

containers.json - repos list
container/:name/tags.json - for list of tags
constainer/:name/:tag/info.json - for info

This will make the sintara code less "clever" and reduce possible errors.

Filter tags

Add a text box to filter down the list of tags for a repo.

a slash in the container name causes load errors

using a container name with a slash in it (ie: phallguy/ruby) the app pukes.

HTTPS issue to local registry:2

I've setup a docker-compose stack with docker registry:v2 and craneoperator. It worked fine with http-only. I've added mkcert local https authority.

I can reach my registry using https://registry-api.php-stack.docker:5000/ (desktop chrome says fine to https-cert).
But craneoperator web-ui tells me:

Error loading data from Registry
status code: 500

This is my stack simplyfied:

version: "3.7"

networks:
  default:
    name: php-stack.local
    external: true

volumes:
  cert-storage:
    name: php-stack-cert-storage
    driver: local
    driver_opts:
      type: none
      device: "$HOME/.local/share/mkcert"
      o: bind

  docker-registry-storage:
    name:  php-stack-docker-registry-storage
  docker-registry-config:
    name:  php-stack-docker-registry-config
  docker-registry-ui-auth:
    name:  php-stack-docker-registry-ui-auth
  docker-registry-ui-certs:
    name:  php-stack-docker-registry-ui-certs
  composer-cache:
    name: php-stack-composer-cache

services:
  cert-backend:
    image: vishnunair/docker-mkcert
    restart: "no"
    environment:
      domain: "*.php-stack.docker,127.0.0.11:5000"
    volumes:
      - "cert-storage:/root/.local/share/mkcert"

  docker-registry:
    image: registry:2
    restart: on-failure
    hostname: registry-api.php-stack.docker
    ports:
      - "127.0.0.11:5000:5000/tcp"
    networks:
      - default
    environment:
      #REGISTRY_HTTP_ADDR: "0.0.0.0:5000"
      REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/_wildcard.php-stack.docker.pem"
      REGISTRY_HTTP_TLS_KEY: "/certs/_wildcard.php-stack.docker-key.pem"
    volumes:
      - "cert-storage:/certs"
      - "docker-registry-storage:/var/lib/registry"
      - "docker-registry-config:/etc/docker/registry"

  docker-registry-ui:
    image: parabuzzle/craneoperator:latest
    restart: on-failure
    depends_on:
      - docker-registry
    hostname: registry.php-stack.docker
    networks:
      - default
    environment:
      REGISTRY_HOST: registry-api.php-stack.docker
      REGISTRY_PORT: 5000
      REGISTRY_PROTOCOL: https
      REGISTRY_SSL_VERIFY: false
      REGISTRY_ALLOW_DELETE: true
    volumes:
      # tried to make craneoperator trust the mkcert's too -- but no luck
      - "cert-storage:/usr/local/share/ca-certificates/"

Just to avoid the question - yes there are certs created by dockerized mkcert on my local-machine:

ls -lah $HOME/.local/share/mkcert
rootCA-key.pem
rootCA.pem
_wildcard.php-stack.docker-key.pem
_wildcard.php-stack.docker.pem

Any suggest? I currently have no live deployment for craneoperator to check ssl works fine there. But I think this should work somehow to if the SSL cert works at all for local development?

I would like to run the registry in https because docker and some other local gitlab-ci begin to suck about non-ssl requests to registry. Hacking my local docker daemon.json to trust insecure-registry is already done, but gitlab-ci runners on my local machine using docker:dind won't have this and that makes everything too confusing.

Support OCI images

To support OCI images it seems that (at least) the http accept hader should contain application/vnd.oci.image.manifest.v1+json

Otherwise the tag is shown in craneoperator, but clicking on it results in 404 while the registry logs

time="2021-09-11T10:59:25.384746903Z" level=error msg="response completed with error" err.code="manifest unknown" err.message="OCI manifest found, but accept header does not support OCI manifests" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=d7480f19-ed91-4fd2-8670-cb996547745a http.request.method=GET http.request.remoteaddr="10.40.0.59:54704" http.request.uri="/v2/nbs/storybook/manifests/a259bf4?" http.request.useragent= http.response.contenttype="application/json; charset=utf-8" http.response.duration=26.358985ms http.response.status=404 http.response.written=122 vars.name="nbs/storybook" vars.reference=a259bf4

Virtual Size

Quick question. I just noticed when looking at the image for craneoperator that it's virtual size is 1.4GB. Why is it so large?

Support to show image size

I didn't find any way to see the image size in the crane operator UI. The request is to see the image size in the crane operator UI.

Also, it would be even better if we can see the size of each layer.

Reference:
https://docs.docker.com/engine/reference/commandline/manifest/

Add docker pull command to info

It would be nice to have a copy-able field for pulling the tag I'm viewing.

Docker image digest

Please add the docker image digest in the information section.

Right now I have to use various commands to get this information:

docker inspect --format='{{index .RepoDigests 0}}' <DOCKER_IMAGE>
docker manifest inspect --verbose <DOCKER_IMAGE> | jq .Descriptor.digest
skopeo inspect <DOCKER_IMAGE> | jq .Digest

But it's good to have all the information in one place.

Filter Repos by Name

Add a text box to filter the list of repos shown.

running behind reverse proxy

I'm deploying craneoperator into a Kubernetes cluster, and would like to use it through service proxy (in essence a reverse proxy), i.e. I'm accessing craneoperator via this URL:

https://{k8s API endpoint}/api/v1/namespaces/registry/services/registry-ui/proxy

That gives me the start page of craneoperator, but URL in browser changes to https://{k8s API endpoint}/containers, which of course doesn't work. Anything that can be done to make it work behind a reverse proxy?

Add ability to delete an image

https://docs.docker.com/registry/spec/api/#deleting-an-image

Things that need to be done here:

api endpoint added to handle this action
a confirmation modal that requires an input like 'DELETE' to confirm added
activation of delete by environment variable like ALLOW_IMAGE_DELETE=true

Malformed version number string raised in sort_versions

I have a container with tags

["latest", "test-stash-68ec25", "test-stash-862ece"]

which causes the sort_versions function to raise

16:08:09 web.1  | 2017-04-21 16:08:09 - ArgumentError - Malformed version number string -stash-68ec25:
16:08:09 web.1  |       /usr/local/lib/ruby/site_ruby/2.3.0/rubygems/version.rb:207:in `initialize'
16:08:09 web.1  |       /usr/local/lib/ruby/site_ruby/2.3.0/rubygems/version.rb:199:in `new'
16:08:09 web.1  |       /usr/local/lib/ruby/site_ruby/2.3.0/rubygems/version.rb:199:in `new'
16:08:09 web.1  |       /server.rb:81:in `block in sort_versions'
16:08:09 web.1  |       /server.rb:81:in `each'
16:08:09 web.1  |       /server.rb:81:in `sort_by'
16:08:09 web.1  |       /server.rb:81:in `sort_versions'
16:08:09 web.1  |       /server.rb:111:in `container_tags'

Removing the call to sort_versions from container_tags fixed this for me.

permalinks

it would be nice to have the url update when browsing

fix minor logic typo

https://github.com/parabuzzle/craneoperator/blob/master/app/views/LoginView.jsx#L42

should be "===" not "=="

Some repo tags give 500 error messages

I pushed some jhipster images to my private registry and when I click their tags I'm seeing just the red spinner and when I investigate in chrome dev tools I see:

ArgumentError at /container/jhipster/jhipster-registry/tags.json
Malformed version number string v2.5.0
file: version.rb location: initialize line: 206

Also occurring with jhipster-console, jhipster-elasticsearch, and others.

I'm using parabuzzle/craneoperator:2.1.0

sorting doesn't work correctly

got:

0.1.7
0.1.4
0.1.3
0.1.2
0.1.11
0.1.10
0.1.1
0.1.0

expected:

0.1.11
0.1.10
0.1.7
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0

Left Hand of Home page display ‘Containers’ ？

I think it should be Images instead of Containers.
UI bug i guess.

Update CircleCI

Need to update the CI stuff...

https://circleci.com/sunset1-0/

Add Token Login

The introduction of basic-auth login (#30) is a good first step towards registries for groups. As groups grow, and push/pull actions need granular restriction, the group finds itself in need of the token-based authentication method.

Using the existing login form, the username and password would relay to an authentication service in exchange for a JSON Web Token. Communication with the registry then includes the header:

Authorization: Bearer {jw_token}

One example authorization service is opendns/registry-oauth-server

Oj::ParseError at /api/containers ind server.rb

For some reason the communication from the server to the registry doesn't work. I can't find a configuration error.

The registry is not behind a proxy on port 5000.
image: 'registry:2'
Basic auth is enabled.
The registry is tested with curl and browser.

https://myregistry.example.com:5000/v2/_catalog
returns:
{"repositories":["test/hello-world"]}

I set the environment as follows:

environment:

  - REGISTRY_HOST=myregistry.example.com
  - REGISTRY_PORT=5000
  - REGISTRY_PROTOCOL=https
  - SSL_VERIFY=false
  - REGISTRY_USERNAME=testuser
  - 'REGISTRY_PASSWORD=123'
  - REGISTRY_ALLOW_DELETE=true
  - 'SESSION_SECRET=something'
  - DEBUG=true

(I changed secret values here)

When I login into the container I can see that the environment is set to those values. I can use curl to access the registry from within the container with those values.

The frontend works but calling the server with /api/containers returns an exception:

application error
Oj::ParseError at /api/containers
unexpected character at line 1, column 5 [parse.c:690]

file: helpers.rb location: load line: 46 

BACKTRACE

/webapp/lib/helpers.rb in load
json = Oj.load response.body
/webapp/lib/helpers.rb in get
json = Oj.load response.body
/webapp/server.rb in fetch_catalog
json = get("/v2/_catalog", conf, session, {}, query)
/webapp/server.rb in containers
repos = fetch_catalog
/webapp/server.rb in block in <class:CraneOp>
repos = containers(params[:filter])
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli/exec.rb in load
Kernel.load(file)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli/exec.rb in kernel_load
Kernel.load(file)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli/exec.rb in run
	return kernel_load(bin_path, *args)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli.rb in exec
Exec.new(options, args).run
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor/command.rb in run
	instance.__send__(name, *args)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor/invocation.rb in invoke_command
	command.run(self, *args)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor.rb in dispatch
instance.invoke_command(command, trailing || [])
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli.rb in dispatch
super do |i|
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor/base.rb in start
	dispatch(nil, given_args.dup, nil, config)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli.rb in start
super
/usr/local/lib/ruby/gems/2.3.0/gems/bundler-1.16.1/exe/bundle in block in <top (required)>
Bundler::CLI.start(args, :debug => true)
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/friendly_errors.rb in with_friendly_errors
yield
/usr/local/lib/ruby/gems/2.3.0/gems/bundler-1.16.1/exe/bundle in <top (required)>
Bundler.with_friendly_errors do

The registry logs are empty (no access from the server?).

When I run tcpdump on both ends I can see they are talking to each other.

I tried two or three 2.x versions.

New feature request - Add arm64 architecture support

Please add support for arm64 architecture, this will allow craneoperator to run on a Raspberry Pi 4

undefined method `reverse' for nil:NilClass error

When pushing to a new repo, the repo will show up on the _catalog endpoint but there are no tags yet... so clicking on the item will give you a 500. We should handle this case.

Add a title variable to override the title and app brand

This will allow branding people to quickly change the name from "Crane Operator" in the upper right to whatever makes the most sense for their situation.

Integrate with Nexus Repository

Hello all,

How can we integrate 'craneoperator' with 'Nexus Repository manager'.

My docker-compose file:

version: "3"
services:
  nexus:
    container_name: nexus
    image: sonatype/nexus3
    restart: always
    ports:
      - "80:80"
      - "8081:8081"
      - "8082:8082"
    networks:
      - nexus-net

  docker-registry-ui:
    image: parabuzzle/craneoperator:latest
    depends_on:
      - nexus
    ports:
      - "81:80"
    environment:
      - REGISTRY_HOST=nexus
      - REGISTRY_PORT=8081
      - REGISTRY_PROTOCOL=http
      - SSL_VERIFY=false
      - USERNAME=admin
      - PASSWORD=admin
    networks:
      - nexus-net

networks:
  nexus-net:

Port 80 connected to 'docker' group which includes 'docker-hub' proxy and 'docker' hosted repository.

Tried connect to 8081, below was the output:

2022-10-25 03:31:35 - Oj::ParseError - unexpected character at line 1, column 2 [parse.c:690]:
03:31:35 web.1  |       /webapp/lib/helpers.rb:46:in `load'
03:31:35 web.1  |       /webapp/lib/helpers.rb:46:in `get'
03:31:35 web.1  |       /webapp/server.rb:47:in `fetch_catalog'
03:31:35 web.1  |       /webapp/server.rb:61:in `containers'

Tried connect to 80, below was the output.

03:42:05 web.1  | started with pid 8
03:42:06 web.1  | I, [2022-10-25T03:42:06.389450 #8]  INFO -- : Refreshing Gem list
03:42:06 web.1  | I, [2022-10-25T03:42:06.783407 #8]  INFO -- : listening on addr=0.0.0.0:80 fd=7
03:42:06 web.1  | I, [2022-10-25T03:42:06.783581 #8]  INFO -- : worker=0 spawning...
03:42:06 web.1  | I, [2022-10-25T03:42:06.785170 #8]  INFO -- : worker=1 spawning...
03:42:06 web.1  | I, [2022-10-25T03:42:06.785741 #11]  INFO -- : worker=0 spawned pid=11
03:42:06 web.1  | I, [2022-10-25T03:42:06.785893 #11]  INFO -- : worker=0 ready
03:42:06 web.1  | I, [2022-10-25T03:42:06.786689 #8]  INFO -- : worker=2 spawning...
03:42:06 web.1  | I, [2022-10-25T03:42:06.787271 #14]  INFO -- : worker=1 spawned pid=14
03:42:06 web.1  | I, [2022-10-25T03:42:06.787419 #14]  INFO -- : worker=1 ready
03:42:06 web.1  | I, [2022-10-25T03:42:06.788278 #8]  INFO -- : master process ready
03:42:06 web.1  | I, [2022-10-25T03:42:06.788745 #17]  INFO -- : worker=2 spawned pid=17
03:42:06 web.1  | I, [2022-10-25T03:42:06.788892 #17]  INFO -- : worker=2 ready
03:42:14 web.1  | 127.0.0.1 - admin [25/Oct/2022:03:42:14 +0000] "GET /containers HTTP/1.1" 200 796 0.0486
03:42:15 web.1  | 127.0.0.1 - admin [25/Oct/2022:03:42:15 +0000] "GET /api/registryinfo HTTP/1.1" 200 159 0.0427
03:42:15 web.1  | 127.0.0.1 - admin [25/Oct/2022:03:42:15 +0000] "GET /api/registryinfo HTTP/1.1" 200 159 0.0044
03:42:15 web.1  | 127.0.0.1 - admin [25/Oct/2022:03:42:15 +0000] "GET /bootstrap.min.css.map HTTP/1.1" 404 984 0.0041
03:42:47 web.1  | E, [2022-10-25T03:42:47.823048 #8] ERROR -- : worker=1 PID:14 timeout (31s > 30s), killing
03:42:47 web.1  | E, [2022-10-25T03:42:47.829642 #8] ERROR -- : reaped #<Process::Status: pid 14 SIGKILL (signal 9)> worker=1
03:42:47 web.1  | I, [2022-10-25T03:42:47.829815 #8]  INFO -- : worker=1 spawning...
03:42:47 web.1  | I, [2022-10-25T03:42:47.831921 #7420]  INFO -- : worker=1 spawned pid=7420
03:42:47 web.1  | I, [2022-10-25T03:42:47.832231 #7420]  INFO -- : worker=1 ready

Please suggest.

Thanks

Invalid login credentials

Hi, I was just trying to get this UI to run but I was having trouble with authentication.

I run a registry with Keycloak as Auth-Provider under docker.mydomain.com

I can easily log into that repository using docker login docker.mydomain.com providing my Keycloak-Credentials.

Now I configured Craneoperator to talk to my registry using the DNS:

      containers:
        - env:
            - name: REGISTRY_HOST
              value: docker.mydomain.com
            - name: REGISTRY_PORT
              value: '443'
            - name: REGISTRY_PROTOCOL
              value: https
            - name: ALLOW_REGISTRY_LOGIN
              value: 'true'
            - name: SESSION_SECRET
              value: RANDOM_STRING
            - name: REGISTRY_USERNAME
              value: SOME_USERNAME
            - name: REGISTRY_PASSWORD
              value: USER_PASSWORD
            - name: TITLE
              value: Super Registry UI
            - name: REGISTRY_ALLOW_DELETE
              value: 'true'

Crane starts and I get to the Frontpage saying "Error Loading Page - Registry requires authentication".
When I try to login I get "Invalid login credentials".

Logs from Craneoperator:

15:02:16 web.1 \| Error talking to the docker registry!
--
Fri, Jul 15 2022 5:02:16 pm | 15:02:16 web.1 \| - UNAUTHORIZED: authentication required
Fri, Jul 15 2022 5:02:16 pm | 15:02:16 web.1 \| 141.30.39.112 - - [15/Jul/2022:15:02:16 +0000] "GET /api/containers HTTP/1.1" 401 46 0.0171
Fri, Jul 15 2022 5:03:03 pm | 15:03:03 web.1 \| 141.30.39.112 - - [15/Jul/2022:15:03:03 +0000] "GET /login HTTP/1.1" 200 799 0.0023
Fri, Jul 15 2022 5:03:03 pm | 15:03:03 web.1 \| 141.30.39.112 - - [15/Jul/2022:15:03:03 +0000] "GET /api/registryinfo HTTP/1.1" 200 182 0.0013

Logs from Registry:


WARN[2775035] error authorizing context: authorization token required  go.version=go1.11.2 http.request.host=docker.mydomain.com http.request.id=3bbda34f-b058-408a-b7b2-c8a7f0d7be8c http.request.method=GET http.request.remoteaddr=SERVER_IP http.request.uri="/v2/_catalog?n=100&last=" http.request.useragent=
--
Fri, Jul 15 2022 5:02:16 pm | 10.42.5.92 - - [15/Jul/2022:15:02:16 +0000] "GET /v2/_catalog?n=100&last= HTTP/1.1" 401 145 "" ""

Does this not support the registry-login with OAuth? Even though I don't really know how the authentication mechanism behind the registry would effect this.

Thank you for any help.

Line break in long base64 Authorization header causing 401

Hi,

I have a registry with a long password and i always get UNAUTHORIZED Error. Here are my finding :
Using caveman debuging, I modify the file lib/helper.rb

def generateHeaders(config, session, headers={}, login={})
    username = login[:username] || session[:username] || config.registry_username
    password = login[:password] || session[:password] || config.registry_password
    if username
      headers['Authorization'] = "Basic #{base64_docker_auth(username, password)}"
      print base64_docker_auth(username, password) # printing the base64 encoded
    end
    return headers
  end

When restart the app, I find in the logs a line break in th bas64 encoded. The line feed is exactly a 60 char

12:42:15 web.1  | 172.31.204.196 - - [01/Sep/2021:12:42:15 +0000] "GET /containers HTTP/1.1" 200 797 0.0679
12:42:16 web.1  | 172.31.204.196 - - [01/Sep/2021:12:42:16 +0000] "GET /api/registryinfo HTTP/1.1" 200 202 0.0052
12:42:16 web.1  | 172.31.204.196 - - [01/Sep/2021:12:42:16 +0000] "GET /api/registryinfo HTTP/1.1" 200 202 0.0034
12:42:16 web.1  | dGhpc19pc19hX3VzZXJuYW1lOnRoaXNfaXNfYV92ZXJ5X2xvbmdfcGFzc3dv
12:42:16 web.1  | YXJkX21vcmVfdGhhbl82MA==Error talking to the docker registry!

I don't know ruby but it looks like strict_encode64(bin) does not do what it's supposed to, by including line feed.
Any idea ?

support basic authentication login to registry api.

if the registry has basic auth active, we need to pass in the credentials for the api to work.