New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nginx Router doesn't work correctly with default docker registry #21067

avenging opened this Issue Sep 21, 2018 · 2 comments


None yet
5 participants

avenging commented Sep 21, 2018

Describe the bug
The default Nginx router configuration template doesn't work correctly with the default container registry installed in Openshift/Minishift.

The Nginx router configuration generated is causing the registry to send a re-direct to a port that is not open.

To reproduce
This example uses Minishift, but is guaranteed not to work in an oc cluster up set-up as well.
Follow the docs to:
Start up a Minishift instance
Build the nginx-router and deploy it replacing the default HAProxy router.

Install docker and the oc binary on a centos7 server separate to Minishift then try and login to the docker registry in the Minishift instance.
For instance a Minishift instance running in Virtualbox with IP

  1. yum -y install docker wget
  2. systemctl start docker
  3. wget
  4. tar zxf openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz
  5. cp openshift-origin-server-v3.10.0-dd10d17-linux-64bit/oc /usr/bin
  6. oc login -u developer
    The server uses a certificate signed by an unknown authority.
    You can bypass the certificate check, but any data you send to the server could be intercepted by others.
    Use insecure connections? (y/n): y
  7. Enter user password (typically anything in Minishift)
  8. Add the Minishift docker registry as an insecure registry
    [root@centos-server ~]# cat < /etc/docker/daemon.json
    "insecure-registries" : [""]
  9. Attempt to login to the docker registry:
    [root@centos-server ~]# docker login -u developer -p $(oc whoami -t)
    Error response from daemon: Get Get dial tcp getsockopt: connection refused

Expected behavior
Registry login should succeed as it does with the HAProxy router:
[root@centos-server ~]# docker login -u developer -p $(oc whoami -t)
Login Succeeded

Your environment

  • Minishift version
    $ ./minishift version
    minishift v1.22.0+7163416
    Running Openshift 3.9
    OC Version
    oc v3.10.0+dd10d17
    kubernetes v1.10.0+b81c8f8
    features: Basic-Auth GSSAPI Kerberos SPNEGO

openshift v3.9.0+71543b2-33
kubernetes v1.9.1+a0ce1bc657

  • NGINX router version
    Latest from master branch of origin repo.

Additional context
proxy_set_header X-Forwarded-Port $server_port;
From the Nginx configuration fixes the problem.


This comment has been minimized.

Show comment
Hide comment

This comment has been minimized.

Show comment
Hide comment

bparees Oct 17, 2018


this seems to be wholly a nginx router configuration issue, removing devex.


bparees commented Oct 17, 2018

this seems to be wholly a nginx router configuration issue, removing devex.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment