diff --git a/CHANGES b/CHANGES
index 708ee289d..f9ecaceb9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2199,4 +2199,5 @@
 * new base image 3.0.0
 * postgresql updated to 12.5
 * redis updated to 5.0.7
+* proxyAuth: fix docker UA detection
 
diff --git a/src/nginxconfig.ejs b/src/nginxconfig.ejs
index 8cda1c02b..d741760d6 100644
--- a/src/nginxconfig.ejs
+++ b/src/nginxconfig.ejs
@@ -258,7 +258,7 @@ server {
     }
 
     location @proxy-auth-login {
-        if ($http_user_agent ~* "docker-client") {
+        if ($http_user_agent ~* "docker") {
             return 401;
         }
         return 302 /login?redirect=$request_uri;
diff --git a/src/proxyauth.js b/src/proxyauth.js
index 2192b39ad..2ac7bd810 100644
--- a/src/proxyauth.js
+++ b/src/proxyauth.js
@@ -104,7 +104,8 @@ function isBrowser(req) {
     const userAgent = req.get('user-agent');
     if (!userAgent) return false;
 
-    return !userAgent.toLowerCase().includes('docker-client');
+    // https://github.com/docker/engine/blob/master/dockerversion/useragent.go#L18
+    return !userAgent.toLowerCase().includes('docker');
 }
 
 // called by nginx to authorize any protected route. this route must return only 2xx or 401/403 (http://nginx.org/en/docs/http/ngx_http_auth_request_module.html)