• v3.6.2 8ec7de50e3

    feat: handle Docker Bearer token auth for upstream registries (#60)
    ci/woodpecker/tag/docker Pipeline was successful

    unkinben released this 2026-06-27 00:18:06 +10:00

    Docker Hub (and other registries) return 401 with a Www-Authenticate: Bearer realm=... challenge even for public images. The proxy now:

    1. Detects 401 + Bearer challenge
    2. Parses realm/service/scope from the header
    3. Fetches an anonymous token (or authenticated if username/password configured)
    4. Retries the original request with the Bearer token

    Fixes: docker pull artifactapi.../dockerhub/library/redis:latest returning "unauthorized: upstream returned 401"
    Reviewed-on: #60
    Co-authored-by: Ben Vincent ben@unkin.net
    Co-committed-by: Ben Vincent ben@unkin.net

    Downloads