Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

docker-compose registry setup breaks when a proxy is defined #2312

Closed
mattdowdell opened this issue Jul 2, 2020 · 2 comments
Closed

docker-compose registry setup breaks when a proxy is defined #2312

mattdowdell opened this issue Jul 2, 2020 · 2 comments
Labels
stale

Comments

@mattdowdell
Copy link

mattdowdell commented Jul 2, 2020
edited

Description

I'm setting up portus for my team wiuthin our company network. To get out of said network, we need a HTTP proxy. Because most docker builds require a proxy for installing external assets, e.g. installing RPMs from official repos, I use ~/.docker/config.json to define a proxy and proxy exclusions. This was picked up by portus when trying to configure the initial registry causing confusing errors such as "Error: registry does not implement v2 of the API" while clearly using a v2 registry image.

Steps to reproduce

  1. Be in a network that uses a HTTP proxy
  2. Use portus in a docker-compose setup
  3. Ensure that HTTP requests to the registry container will go via the proxy (can be on a per container basis or using ~/.docker/config.json
  4. Attempt to configure your registry without much success

I often find myself dealing with the proxy doing unexpected things, so I'm semi-used to it being a point of pain. That said, it would be nice to have some kind of toggle to use the configured proxy or not for contacting the registry. Jenkins starts off with no proxy (maybe that's a systemd thing) and allows you to configure one if needed if you'd like to follow that model. If there's no need for using a proxy in Portus ever, then I'm happy to be told to unconfigure my proxy and be on my way.

  • Expected behavior: Proactively expect proxy to punish you in new and unexpected ways.
  • Actual behavior: Spend many hours wondering why something is failing. Spend more time than you'd like to admit trying to figure out the OS of the image to find the package manager., including realising uname -a reports the host OS after wondering where apt went. Install nslookup to try to blame DNS. Install nmap to cast blame on lack of open ports. Finally install curl and realise your foolishness.

Relevant error message comes from here:

Portus/app/models/registry.rb

Line 132 in c00c7c3

r ? "" : "Error: registry does not implement v2 of the API."

Not much in the way of logs to help debug this further - you just have to intuit that a proxy is your problem.

Deployment information

Deployment method: docker-compose:

version: '3'
services:
  nginx:
    image: nginx:1.17-alpine
    restart: always
    ports:
      - 0.0.0.0:443:443
    volumes:
      - ./volumes/nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./volumes/certs:/certs:ro

  registry:
    image: registry:2.7
    expose:
      - 5000
    volumes:
      - registry:/var/lib/registry/
      - ./volumes/certs:/certs:ro
      - ./volumes/registry/config.yml:/etc/docker/registry/config.yml:ro
    restart: always

  portus:
    image: opensuse/portus:2.4.3
    expose:
      - 3000
    volumes:
      - ./volumes/portus/config-local.yml:/config/config-local.yaml
      - ./volumes/certs:/certs:ro
    restart: always
    environment:
      - CCONFIG_PREFIX=PORTUS
      - PORTUS_MACHINE_FQDN_VALUE=example.com
      - PORTUS_CHECK_SSL_USAGE_ENABLED=false

      # secrets
      - PORTUS_SECRET_KEY_BASE=secret
      - PORTUS_KEY_PATH=/certs/auth.internal.key
      - PORTUS_PASSWORD=secret

      # database config
      - PORTUS_DB_HOST=db
      - PORTUS_DB_DATABASE=portus
      - PORTUS_DB_PASSWORD=secret
      - PORTUS_DB_POOL=5

      # make rails serve assets rather than using webpack
      - RAILS_SERVE_STATIC_FILES=true

      # ldap config
      - PORTUS_LDAP_ENABLED=true
      - PORTUS_LDAP_HOSTNAME=ldap.example.com
      - PORTUS_LDAP_PORT=636
      - PORTUS_LDAP_UID=uid
      - PORTUS_LDAP_BASE=o=example.com
      - PORTUS_LDAP_GROUP_BASE=ou=Groups
      - PORTUS_LDAP_ENCRYPTION_METHOD=simple_tls
      - PORTUS_LDAP_ENCRYPTION_OPTIONS_CA_FILE=/certs/ca.crt
      - PORTUS_LDAP_ENCRYPTION_OPTIONS_SSL_VERSION=TLSv1_2
      - PORTUS_LDAP_GUESS_EMAIL_ENABLED=true
      - PORTUS_LDAP_GUESS_EMAIL_ATTR=mail

      # allow anonymous browsing
      - PORTUS_ANONYMOUS_BROWSING_ENABLED=true

  db:
    image: mariadb:10.5.4
    expose:
      - 3306
    volumes:
      - database:/var/lib/mysql
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=secret
      - MYSQL_DATABASE=portus

volumes:
  database:
  registry:

Configuration:

email:
  from: portus@example.com
  name: Portus
  reply_to: ''
  smtp:
    enabled: false
    address: smtp.example.com
    port: 587
    domain: example.com
    ssl_tls: ''
    enable_starttls_auto: false
    openssl_verify_mode: none
    ca_path: ''
    ca_file: ''
    user_name: ''
    password: "****"
    authentication: login
gravatar:
  enabled: true
delete:
  enabled: true
  contributors: false
  garbage_collector:
    enabled: false
    older_than: 30
    tag: ''
ldap:
  enabled: true
  hostname: <redacted>
  port: 636
  timeout: 5
  encryption:
    method: simple_tls
    options:
      ca_file: "/certs/ca.crt"
      ssl_version: TLSv1_2
  base: o=hp.com
  filter: ''
  uid: uid
  authentication:
    enabled: false
    bind_dn: ''
    password: "****"
  guess_email:
    enabled: true
    attr: mail
oauth:
  local_login:
    enabled: true
  google_oauth2:
    enabled: false
    id: ''
    secret: ''
    domain: ''
    options:
      hd: ''
  open_id:
    enabled: false
    identifier: ''
    domain: ''
  github:
    enabled: false
    client_id: ''
    client_secret: ''
    organization: ''
    team: ''
    domain: ''
  gitlab:
    enabled: false
    application_id: ''
    secret: ''
    group: ''
    domain: ''
    server: ''
  bitbucket:
    enabled: false
    key: ''
    secret: ''
    domain: ''
    options:
      team: ''
first_user_admin:
  enabled: true
signup:
  enabled: true
check_ssl_usage:
  enabled: false
registry:
  jwt_expiration_time:
    value: 15
  catalog_page:
    value: 100
  timeout:
    value: 2
  read_timeout:
    value: 120
machine_fqdn:
  value: <redacted>
display_name:
  enabled: false
user_permission:
  change_visibility:
    enabled: true
  create_team:
    enabled: true
  manage_team:
    enabled: true
  create_namespace:
    enabled: true
  manage_namespace:
    enabled: true
  create_webhook:
    enabled: true
  manage_webhook:
    enabled: true
  push_images:
    policy: allow-teams
security:
  clair:
    server: ''
    health_port: 6061
    timeout: 900
  zypper:
    server: ''
  dummy:
    server: ''
anonymous_browsing:
  enabled: true
background:
  registry:
    enabled: true
  sync:
    enabled: true
    strategy: initial
pagination:
  limit: 10
  per_page: 10
  before_after: 2

Portus version: 2.4.3@5a616c0ef860567df5700708256f42505cdb9952
@mattdowdell
Copy link
Author

Apparently a known issue according to #1683

@stale
Copy link

stale bot commented Oct 4, 2020

Thanks for all your contributions!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale label Oct 4, 2020
@stale stale bot closed this as completed Oct 11, 2020
@klmmr klmmr mentioned this issue Oct 15, 2020
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mattdowdell