2

I have followed this post to try to download a Docker image from AWS ECR but I get the following errors:

If I do:

#!/bin/sh

repository="2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro"
tag="2.13.0-np-1.0"

ecr_token=$(aws ecr get-authorization-token --output text --query authorizationData[].authorizationToken | cut -d: -f2)

docker_login=$(echo "{\"username\":\"AWS\",\"password\":\"${ecr_token}\", \"auth\":\"\",\"email\":\"none\"}" | base64)

curl -X POST -d "" -H "X-Registry-Auth: ${docker_login}" http://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}

Then I get the following error:

$ error parsing HTTP 403 response body: invalid character 'Y' looking for beginning of value: "Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one."

Even though I just "requested" the token.

And if I do this:

#!/bin/sh

repository="2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro"
tag="2.13.0-np-1.0"

ecr_token=$(aws ecr get-login | awk '{print ($6)}')

docker_login=$(echo "{\"username\":\"AWS\",\"password\":\"${ecr_token}\", \"auth\":\"\",\"email\":\"none\"}" | base64)

curl -X POST -d "" -H "X-Registry-Auth: ${docker_login}" http://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}

I get the following error:

$ error parsing HTTP 404 response body: invalid character 'p' after top-level value: "404 page not found\n"

The image is on ECR and I can pull it if I do the docker login ... and then docker pull 2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro:2.13.0-np-1.0

I'm not sure what I'm doing wrong here.. Any help is very much appreciated!

Improve this question

1 Answer 1

Reset to default
2

Basic authentication is only supported over HTTPS. The docker client will not send basic auth headers when pushing/pulling on a registry over HTTP. This is done by design to prevent people sending their credentials over insecure channels. Using SSL should get rid of the issue.

Try using below:

https://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}

Or enable a SSL certificate for the instance from where you are pulling the image. Tis might help you. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Hmm, I'm getting this error now: curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Use this registry.hub.docker.com instead of https://${ip_address}
The ${ip_address} is the instance that has Docker Engine installed.. It's not the registry..
Ok then you have to get a SSL certificate for that instance because the basic authentication works only for Https. This might help you docs.aws.amazon.com/AWSEC2/latest/UserGuide/…
Are you sure because according to this post: stackoverflow.com/questions/24814714/… the person has done it without https
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.