Self-hosted registry with basic http auth

Hello.

I see strange bug with http authentication in my docker registry ROS 7.17
i’m configure registry url, username, password and get 401 error.

/container config
set ram-high=512.0MiB registry-url=http://10.10.10.4:5000/v2/ tmpdir=/usb1-part1/temp username=megauser111:dsadaskldaskdla

 2025-01-25 01:56:19 container,info,debug failed to parse www-auth
 2025-01-25 01:56:19 container,info,debug was unable to import, container c0b5e568-81b3-471e-b5f6-8ec0450fe59f

Next i’m check get image from registry with disabled basic auth in registry side and all working, router pulled image.

Next step i’m run packet sniffer in server with registry and see router not send authentication data to my registry.

GET /v2/ HTTP/1.1
Accept-Encoding: deflate, gzip
Host: 10.10.10.4:5000
User-Agent: MikroTik

I’m attach traffic dump.

You’re trying to set it as username:password, but password= is a separate setting:

/container config
set ram-high=512.0MiB \
registry-url=http://10.10.10.4:5000/v2/ \
tmpdir=/usb1-part1/temp \
username=megauser111 \
password=dsadaskldaskdla

I’m try different variations. username=user password=password, and username=username:password, and in url http://username:password@10.10.10.4:5000/v2/
Nothing. RouterOS not sending header “authorization: Basic …” in http request to registry.
I’m use latest stable version for HAP ax3 - 7.17, also i’m try install 7.18beta - get same result


UPDATE
Also i’m try get private image from official docker registry (hub.docker.com) with authorization credentials on hub.docker.com - all ok. Authorization pass.

Docker registry API v2 uses Oauth2 Token Authentication with Bearer access token not Basic, that could be the reason why ROS is not sending authorization header with Basic auth data.

You can remove authorization in own registry service if you don’t have Oauth2 implementation and restrict access to it on network level.

Thanks! I’m attach cesanta/docker_auth to my own docker registry and now authorization works fine.