I have a Dockerfile
which is going to be implemented FROM
a private registry's image. I build this file without any problem with Docker version 1.12.6, build 78d1802
and docker-compose version 1.8.0, build unknown
, but in another machine which has Docker version 17.06.1-ce, build 874a737
and docker-compose version 1.16.1, build 6d1ac21
, the docker-compose build
returns:
FROM my.private.gitlab.registry:port/image:tag
http://my.private.gitlab.registry:port/v2/docker/image/manifests/tag: denied: access forbidden
docker pull my.private.gitlab.registry:port/image:tag
returns the same.
Notice that I tried to get my.private.registry:port/image:tag
and http://my.private.registry:port/v2/docker/image/manifests/tag
has been catched.
If this is an authenticated registry, then you need to run docker login <regitsryurl>
on the machine where you are building this.
This only needs to be done once per host. The command then caches the auth in a file
$ cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "......="
}
}
}
A login did not fix the issue for me. This may be specific to Mac, but just in case: Git issue
My comment on the issue:
Also experiencing this issue.
FROM <insert_private_registry>/test-image:latest
Both commands fail without a login to the private registry (expected)
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
Error response from daemon: Get https://<insert_private_registry>/test-image/manifests/latest: denied: access forbidden
After logging in, a docker pull ...
works while the docker-compose up
fails to pull the image:
$ docker login <insert_private_registry>
Username: <insert>
Password: <insert>
Login Succeeded
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
Our current workaround is to explicitly pull the image prior to running the docker-compose containers:
docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
...
I notice your URL scheme uses the http protocol - Docker needs to be configured to allow insecure registries.
Create or modify your daemon.json
(required in one of the following locations):
Linux: /etc/docker/
Windows: C:\\ProgramData\\Docker\\config\\
With the contents:
{
"insecure-registries" : [ "my.private.gitlab.registry:port" ]
}
Then restart Docker (not just the terminal session) and try again.
Once you've logged in with:
docker login my.private.gitlab.registry:port
As per tarun-lalwani 's answer, this should then add the auth into the config, for future use ( docker pull
's etc.).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.