Private registry push fails (S3): Error with Blob unknown to registry #1636
Comments
jlandersen
changed the title
|
Blob missing errors are not necessarily an indication of error: the daemon will issue Can you post the registry logs without filtering (up to the first failure should be sufficient). Are you using an IAM for the registry? Do the S3 logs indicate any errors? |
|
I have attached the complete log from starting the registry to the client making the push failing. Thanks! |
|
I'm interested to see those logs. Also, which docker engine are you using? I see |
|
Sorry for the late reply, took some time to get ahold of it. Attached is the S3 logs. |
|
I can't see anything amiss there. Do you have the logs from the engine (run in debug mode)? |
|
Attached are the logs from the registry engine running in debug mode |
|
@jlandersen There is no reference to a |
|
@RichardScothern apologies, I thought you wanted it for the registry - here it is for the client making the push. Attachment: |
|
There is an outstanding bug for this in the engine. For more details: The fix is to append your own ca.crt to a complete ca-certificates.crt and use the result as /etc/docker/certs.d/REGISTRY/ca.crt. assume ca-certificates.crt is some full CA-chain from your favorite OS |
|
I am facing similiar issue , the image upload process ends normally on the client but there is no image in docker-hub repo , from the logs i see: |
|
@iahmad-khan : i'm not sure how this is the same issue. Your output says the upload was cancelled. If you are seeing a bug with the registry please file a new issue with the relevant details: https://github.com/docker/distribution/blob/master/CONTRIBUTING.md#reporting-an-issue-properly |
|
I met the same issue with the harbor behind nginx ingress. the registry service is registry:5000 and harbor nginx service is nginx:80, I push image to registry:5000 and nginx:80 worked OK, and got "blob unknown to registry" from nginx ingress. So I think there have some thing like digest in header had bean erased by nginx ingress. |
|
It worked OK when I removed the tls from ingress config. |
|
@shenshouer I meet the same error. How do u resolve this probelm? |
|
I encounter the same issue. Is there any solution but removing the tls from ingress config? |
I was trying to deploy registry in Kubernetes but got the same error. I got it to work by removing forced redirects to SSL/TLS. |
|
Solved via: in nginx config. |
and
Both of these do not work :( This is my ingress config: |
|
My registry is published via Traefik and an SSL offloader. Here's a snippet from docker-compose file which configures this: # Add headers to request before it arrives at the registry server
# Without this, when a push is attempted the docker client will log "unknown blob"
# while the Docker registry server will log "blob unknown to registry"
- traefik.http.middlewares.my-private-registry--add-headers.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.my-private-registry-registry.middlewares=my-private-registry--add-headersI suspect this might have something to do with the fact that traffic is SSL offloaded before it arrived at registry server. I also tried playing with |
Hi, I suspect untrusted registry cert by docker client. Work well without certificates. No proxy. I switch registry to 443 and it works ! |
|
Can confirm. Tried everything under the sun including the proxy header options here. Nothing worked except changing the container registry to its own subdomain and going to 443 instead of 5050. |
|
My current approach is to use the local site, store the data locally, and then I sync the data to the minio cluster every night |
Hi,
We are running with the latest Registry 2.4.0 and trying to use S3 as the backend.
When pushing an image to the registry, it keeps retrying until ultimately ending in "Image push failed". Once the image push has failed the following errors are available:
I can see it creates buckets in S3, so it has connection to it - the configuration is as follows:
The text was updated successfully, but these errors were encountered: