-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker push through nginx proxy fails trying to send a 32B layer #970
Comments
@LouisKottmann Sorry about the frustration. Multiple layers of http proxies can be complex to configure correctly. The issue is that the registry cannot resolve the correct host based on the forwarding headers. This is a common issue when using ELB with nginx. Basically, when the registry redirects the client to the upload location, it incorrectly issues the redirect to This is happening because the value of the First, confirm that ELB is running in "https" mode. In this mode, ELB will set these header for you. Once that is confirmed, remove the following lines from the nginx configuration:
Please give this a try and we'll go from there. |
Holy mother of configuration gotchas, this solved it! Thank you so much @stevvooe ! What a nice way to start the day :) |
@LouisKottmann Glad to have helped! We'll consider this a documentation issue, so we'll leave it open until your PR arrives or we address the confusion elsewhere. |
Just ran into this same issue with HAProxy and the fix by @stevvooe worked there too:
|
thanks @LouisKottmann . Closing this for now. |
closes #970 Signed-off-by: Louis Kottmann <louis.kottmann@gmail.com>
For those of you using a TLS <--> TCP proxy, this can be solved too by using:
|
@manvalls Very helpful info. Thanks. Same as
in registry config.yml. |
@dbaba 十分感谢,完美解决了push失败问题,🙏,
|
|
@stevvooe I was having this same issue but with traefik and your suggestion worked too, thanks !! |
It's worked ! Thanks all! |
Set REGISTRY_HTTP_RELATIVEURLS registry environment variable to "true" worked for me with Fabio. |
The following error appears when trying to push images to harbor (using helm) which is installed on top of Openshift OKD3.11.[root@master ~]# docker push core.harbor.domain/library/alpine:v1.0
|
@stevvooe Thank you for your solution! However, there is a small, but significant, error in the documentation.
proxy_set_header Host $http_host; # required for docker client’s sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client’s IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; The above is incorrect. The following line should not be removed: proxy_set_header Host $http_host; # required for docker client’s sake When this line is removed, I receive the following:
When only |
@nickolashkraus from every location or only /v2 ? |
@itsecforu I left the company for which this was relevant, however this was only |
Hello,
I've been all day at this, and I can't seem to get a private registry fully working behind a nginx proxy.
The short version is:
I got a server that I want to use as a docker registry, on port 5004.
It should be protected via SSL and basic auth, and it should store the images in a S3 bucket.
But it is not working, I get this error when trying to push a golang image from the registry host:
From a remote host, I see that it starts sending the first layer, but it's only 32 byte big and fails after writing "EOF" at the prompt.
What I got working is:
I checked by ssh'ing to my server, retagging an image to
localhost:5004/busybox:latest
, adding the--insecure-registry
switch toDOCKER_OPTS
and then pushing the newly tagged image.That works just fine, and on the AWS console I can see that the S3 bucket has new files.
So the credentials in place are working, and the registry can access the bucket.
If I try to pull the image I sent using
--insecure-registry
from the remote host, it works!!:What is not working is:
Note how even though no errors are shown here, the return code is not 0.
Also note that ths output of this command is different if I type it on the registry's host (see at the top of this text).
If I remove the basic auth in nginx and delete the file
/home/me/.docker/config.json
, I get the same error. I think basic auth works fine, I use SSHA hashed passwords as recommended.The nginx logs show (not necessarily in correct order since there are 2 nginxes load-balanced):
The registry log shows:
The docker daemon on the remote host shows:
So at this point it seems to me that the problem could come from nginx, configured as such (SSL is handled at ELB level):
I meticulously followed the instructions in the official documentation, switching
add_header ... always
tomore_set_headers
, as the discussions in the github issues indicate the former may cause issues.I really don't see what I'm doing wrong in there.
The registry version is 2.1.1, but I tried the
2.0
as well with no better results:I started the registry by using this config.yml (verbatim):
With this Dockerfile:
Building it:
And then using this command:
The docker clients used are in version
1.7.1
and1.8.1
.Am I doing something wrong? Is this a bug?
Regards,
Louis Kottmann
The text was updated successfully, but these errors were encountered: