registry: impossible to login - /jwt/auth/ returns http 403 error
I can't log into the container registry, I have the same error as gitlab-ce#17991 (which is closed) : /jwt/auth/... returns the error code 403.
Gitlab version version
docker image gitlab/gitlab-ce:8.8.5-ce.1
My registry configuration
registry_external_url 'https://registry.farjump.io:443'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.farjump.io"
gitlab_rails['registry_port'] = "443"
# gitlab_rails['registry_api_url'] = "http://localhost:5000"
# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
registry['enable'] = true
# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
# registry['log_directory'] = "/var/log/gitlab/registry"
# registry['log_level'] = "info"
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
# registry['storage_delete_enabled'] = true Logs (the error is logged into /var/log/gitlab/gitlab-rails/production.log)
==> /var/log/gitlab/registry/current <==
2016-06-20_14:51:48.06753 time="2016-06-20T14:51:48.067435531Z" level=warning msg="error authorizing context: authorization token required" environment=production go.version=go1.5.4 http.request.host=registry.farjump.io http.request.id=cd650c64-0bce-4b86-9c88-ee3424c84ac7 http.request.method=GET http.request.remoteaddr=192.168.88.1 http.request.uri="/v2/" http.request.useragent="docker/1.11.1 go/go1.6.2 git-commit/5604cbe kernel/4.5.4-1-ARCH os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.1 \\(linux\\))" instance.id=20b491fe-8905-4302-aa32-b5d3c5209b73 service=registry version=v2.4.1
2016-06-20_14:51:48.06757 127.0.0.1 - - [20/Jun/2016:14:51:48 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/1.11.1 go/go1.6.2 git-commit/5604cbe kernel/4.5.4-1-ARCH os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.1 \\(linux\\))"
==> /var/log/gitlab/nginx/gitlab_registry_access.log <==
172.18.0.4 - - [20/Jun/2016:14:51:48 +0000] "GET /v2/ HTTP/1.1" 401 87 "-" "docker/1.11.1 go/go1.6.2 git-commit/5604cbe kernel/4.5.4-1-ARCH os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.1 \x5C(linux\x5C))"
==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET "/jwt/auth?account=myuser&client_id=docker&offline_token=[FILTERED]&service=container_registry" for 127.0.0.1 at 2016-06-20 14:51:48 +0000
Processing by JwtController#auth as HTML
Parameters: {"account"=>"myuser", "client_id"=>"docker", "offline_token"=>"[FILTERED]", "service"=>"container_registry"}
Filter chain halted as :authenticate_project_or_user rendered or redirected
Completed 403 Forbidden in 444ms (ActiveRecord: 7.3ms)
==> /var/log/gitlab/gitlab-workhorse/current <==
2016-06-20_14:51:49.60063 gitlab.farjump.io @ - - [2016-06-20 14:51:48.982774887 +0000 UTC] "GET /jwt/auth?account=myuser&client_id=docker&offline_token=true&service=container_registry HTTP/1.1" 403 0 "" "docker/1.11.1 go/go1.6.2 git-commit/5604cbe kernel/4.5.4-1-ARCH os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.1 \\(linux\\))" 0.617714
==> /var/log/gitlab/nginx/gitlab_access.log <==
172.18.0.4 - myuser [20/Jun/2016:14:51:49 +0000] "GET /jwt/auth?account=myuser&client_id=docker&offline_token=true&service=container_registry HTTP/1.1" 403 0 "-" "docker/1.11.1 go/go1.6.2 git-commit/5604cbe kernel/4.5.4-1-ARCH os/linux arch/amd64 UpstreamClient(Docker-Client/1.11.1 \x5C(linux\x5C))"Edited by 🤖 GitLab Bot 🤖