Feed Type: Docker Container Registry
Name: xxx Docker Registry feedxxx-docker-registry-feed
URL:https://docker.xxxxxx.net/v2
Registry Path: Please enter the path of the registry
Credentials: Credentials have been entered; username is yyyyyyy
But when testing I have error:
Octopus.Core.Packages.Docker.DockerRegistryException: Unable to verify Docker Registry endpoint https://docker.xxxxxx.net/v2 against the v2 version of the API. Please verify the feed uri or check that your registry exposes a valid v2 Docker Registry API
at Octopus.Core.Packages.Docker.DockerRegistryResolver.TryDetectFromUri(DockerFeed feed, IDockerRegistryImageFeed& imageFeed) in ./source/Octopus.Core/Packages/Docker/DockerRegistryResolver.cs:line 166
at Octopus.Core.Packages.Docker.DockerRegistryResolver.ProbeFeedAddressForBestCompatibleEndpoint(DockerFeed feed) in ./source/Octopus.Core/Packages/Docker/DockerRegistryResolver.cs:line 75
at Octopus.Core.Packages.Docker.DockerRegistryResolver.Get(DockerFeed feed) in ./source/Octopus.Core/Packages/Docker/DockerRegistryResolver.cs:line 65
at Octopus.Core.Packages.PackageFeedFactory.CreatePackageFeed(IFeed feed) in ./source/Octopus.Core/Packages/PackageFeedFactory.cs:line 72
But when I try a GET URL:https://docker.xxxxxx.net/v2 from curl and browser I have correct exptected response:
Thanks for reaching out, and sorry to hear that you’re having issues with setting up your docker registry as a feed in Octopus.
Digging through the code here, it looks like this should be working - basically what we’re doing is determining the API version for the URL, which in this case it does successfully, then it does a HTTP GET call to the specified endpoint to get the Docker-Distribution-Api-Version header value, and ensure that it’s registry/2.0
Judging by what you’ve posted up it looks like everything is correct though - are you able to share some information about what you’re using for your docker registry?
It seems like a long shot and it might be a silly suggestion and I’m aware you tried a GET request to the endpoint but have you tried setting the feed url within octopus to simply https://docker.xxxxxx.net/, the same URL just without the v2?
Feed Type: Docker Container Registry
Name: xxx Docker Registry feedxxx-docker-registry-feed
URL:https://docker.xxxxxx.net
Registry Path: Please enter the path of the registry
Credentials: Credentials have been entered; username is yyyyyyy
I have the following error
Feed endpoint https://docker.xxxxxx.net does not appear to expose a valid Docker API. The URL was tested against the v1 (https://docker.xxxxxx.net/v1) and v2 (https://docker.xxxxxx.net/v2) endpoints and both failed. Please check the URI and the feed provider, and try again. Read https://oc.to/DockerRegistries for more details.
N.B.: on https://docker.xxxxxx.net is binded to docker registry UI
Thanks for getting back to me! It’s a strange error that I haven’t seen before, at least not recently.
I wonder if you would be able to send over some of your server logs after triggering the error (the original error with the /v2 URL) a few times, please?
Hopefully there may be something in there that can help us get closer to the issue at hand.
If you’re able to, please upload them to our secure uploads platform: Support - Octopus Deploy.
I attempted a reproduction of this, and was able to get it working without Apache in front of it, and appears to have worked as intended (Octopus was able to see the container image):
I didn’t have apache reverse proxying, so I wonder if that could be the issue? Maybe it’s not correctly forwarding all of the headers? This feels like a good place to start your investigation.
Thanks @Justin_Walsh for your time in testing in your environment.
In the meanwhile we did a different test.
We disabled authentication in Apache virtual host and then tested again External feed in Octopus using https://docker.xxxxxx.net and it worked. Octopus server was able to browse the containers in the Docker registry.
Then we reactivated authentication in Apache, and the External feed continued to work.
So problem solved without changing our setup, but root cause was not found. I will keep you posted if we will have more infos.
I can confirm the same behaviour as OP with basic authentication on a private registry, and the Traefik Proxy as well. The docker registry won’t be picked up unless you first disable Basic Authentication, add the docker registry, then enable Basic Authentication again. After that, the secured private registry works with Octopus. It’s the inital add that fails until Basic Authentication is temporarily turned off.
Welcome to the Octopus Community, thanks for adding your details to this issue!
I’ll dig into this and see if I can reproduce this on my end, and raise it with the devs once I’ve confirmed what’s going on with Docker feed registration not using Basic Auth properly.
I’ll reach out if I have any questions about your configuration, feel free to reach out with any of your own!
Just an update, I’ve been able to reproduce this and have figured out what’s going on.
As Justin pointed out, when Octopus is discovering the registry it will look for a specific header to determine that it’s using v2 of the registry, otherwise it will fall back to the v1 method where it checks the /_ping endpoint for a header. This error appears when Octopus isn’t able to use either method to determine the version of the registry.
According to the Docker API documentation, the version 1 API should have a /_ping endpoint which will respond with a X-Docker-Registry-Version HTTP header in the response. Similarly, the version 2 API expects a Docker-Distribution-API-Version HTTP header with a value of registry/2.0. Both of these endpoints are expected to be located at an absolute path of either /v1 or /v2 from the host.