Hauler Registry Auth

[mkm-mani]

I tried to enable authentication using htpasswd for the Hauler registry, but I kept encountering the error: "unable to configure authorization (htpasswd): no access controller registered with name: htpasswd." I followed the CNCF guidelines and created an Apache htpasswd file with bcrypt encryption, but still faced this issue when enabling the authentication configurations. Additionally, I encountered the same error when I tried to use silly. Kindly assist and thanks in advance. @dweomer

[loncarales]

Hi @mkm-mani

I've stumbled upon the same error. Upon a little digging - short answer. Hauler does not support registry authentication backends (htpasswd, silly, etc.). The feature simply isn’t implemented.

What’s going on under the hood

Hauler uses the Distribution Registry internally, but not all upstream features are wired in. Specifically, authorization backends like htpasswd, silly, token, etc., are not registered in Hauler, so enabling them in the config fails during startup
That’s why bcrypt vs md5 doesn’t matter; CNCF docs don’t help; switching auth providers gives the same error. The registry code literally has no auth controller to load.

What WOULD work

Put Hauler behind a reverse proxy like nginx and terminate auth there.

Client | Docker -> HTTPS + Basic Auth -> Nginx -> HTTP (localhost only) -> Hauler Registry

Basic Nginx Example

server {
    listen 5443 ssl;

    ssl_certificate     /path/to/tls.crt;
    ssl_certificate_key /path/to/tls.key;

    auth_basic "Hauler Registry";
    auth_basic_user_file /etc/nginx/hauler.htpasswd;

    location /v2/ {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
    }
}

Adjusted Hauler config

version: 0.1
log:
  fields:
    service: registry
storage:
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: 127.0.0.1:5000
  headers:
    X-Content-Type-Options: [nosniff]    

Hope this helps.