Nexus3 Private docker registry, authenticated required after successful login

Question:

I used my auth required private docker registry as docker registry mirrors ,But get an auth error (I have login success with my private registry ).

All my step is below:

1. Success to login my nexus3 private docker registry

1) When I docker pull docker.mydomain.com/myPrivateDocker:latest without login ,the docker
need me to login(myPrivateDocker is created by me ).

2) And then I login success to my nexus3 private docker registry https://docker.mydomain.com
pic of login success

3) I use docker pull docker.mydomain.com/myPrivateDocker:latest success now.

2. When I add register mirrors to docker ,but failed to auth

1). Because every time to pull with docker.mydomain.com/myPrivateDocker:latest is not good.So I set docker Registry Mirrors to /etc/docker/daemon with

"registry-mirrors": ["https://docker.mydomain.com"],

and then restart my daemon and docker . when use docker info ,I can see my registry-mirrors was correct.

Success docker info with registry-mirrors

2) But when I want to use docker pull myPrivateDocker:latest with error below:

$ docker pull myPrivateDocker:latest

Error response from daemon: Get https://registry-1.docker.io/v2/library/nginx/manifests/latest: unauthorized: incorrect username or password

I login my private registry success now .this error puzzled me long time.And I go to see my nginx logs ,and get an error with auth.Nginx logs can specific that my pull request is request to my https://docker.domain.com.So mirror setting now is efficiently.

But nginx error with auth :

"GET /v2/token?scope=repository%3Alibrary%2Fnexus%3Apull&service=https%3A%2F%2Fdocker.mirrors.feibor.com%2Fv2%2Ftoken HTTP/1.1" 200 60 "-" "docker/18.09.2 go/go1.10.6 git-commit/6247962 kernel/4.9.125-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.2 x5C(darwinx5C))"
1.203.182.115 - - [09/Jun/2019:14:08:15 +0800] 

"GET /v2/library/nexus/manifests/3.16.2-3 HTTP/1.1" 401 113 "-" "docker/18.09.2 go/go1.10.6 git-commit/6247962 kernel/4.9.125-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.2 x5C(darwinx5C))"

Then I found there’s no account name in my request url . I ever use public docker mirror with no auth and can use very well.But never use a private docker registry mirror , What can I do to this? I don’t want to use a very long name to pull my images such as docker pull docker.mydomain.com/myPrivateDocker:latest.

My nginx config :

server{
  listen 443;
  server_name docker.mydomain.com;

  client_max_body_size 1G;
  proxy_buffering    off;
  keepalive_timeout  5 5;
  tcp_nodelay        on;

  ssl on;
  ssl_certificate /root/ssl_ca/docker.xxxx.com.pem;xx
  ssl_certificate_key /root/ssl_ca/docker.xxxx.com.key;
  ssl_session_timeout 5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  location / {
        proxy_headers_hash_max_size 51200;
        proxy_headers_hash_bucket_size 6400;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $host;
        proxy_pass http://localhost:7719;
   }

 location /v1/search {
    auth_basic off;
    proxy_pass http://localhost:7719;
 }

Source: StackOverflow