I have a computer trying to do:
docker login docker-repo.mydomain.com
docker-repo is handled by an nginx which has this config:
server {
listen 80;
server_name docker-repo.mydomain.com ;
# Redirect non-https traffic to https
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name docker-repo.mydomain.com;
ssl_certificate /etc/nginx/ssl/docker-repo.mydomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/docker-repo.mydomain.key;
server_tokens off;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-S$
gzip_proxied any;
gzip on;
gzip_min_length 1023;
gzip_types text/plain text/css text/js text/javascript text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss;
proxy_send_timeout 610s;
proxy_read_timeout 610s;
proxy_max_temp_file_size 16384m;
proxy_redirect off;
proxy_buffers 32 4k;
send_timeout 610s;
client_max_body_size 0;
client_body_buffer_size 128k;
location / {
proxy_pass http://nexus.mydomain.com:8102;
proxy_set_header X-Custom-Referrer "https://docker-repo.mydomain.com:443";
proxy_set_header Host $http_host;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
And on nexus.mydomain.com i have sonatype nexus running a docker group with Http Proxy set to run on port 8102
Errors i’m getting:
$ docker login docker-repo.mydomain.com
Username: XXXX
Password:
Error response from daemon: Get https://docker-repo.mydomain.com/v2/: Service Unavailable
If i try to access the page https://docker-repo.mydomain.com from a browser I get the page: HTTP Error 400, Not a docker request
I i try to ping both docker-repo and nexus.mydomain.com it works fine.
Hi,
I have Nexus OSS 3.6.0-02 installed running on the context path http://10.105.139.17:8082/nexus
I have:
- created a docker proxy repository to docker hub listening on 10.105.139.17:18001
- configured the docker client to allow insecure calls to the docker repository 10.105.139.17:18001
I can perform a search for jenkins docker images and get a resultset via:
[root@misvcdalmsndswa1 ~]# docker search 10.105.139.17:18000/jenkins NAME DESCRIPTION STARS OFFICIAL AUTOMATED jenkins Official Jenkins Docker image 3131 [OK] jenkinsci/jenkins Jenkins Continuous Integration and Deliver... 300 jenkins/jenkins The leading open source automation server 230 evarga/jenkins-slave This is a basic container to be used as a ... 103 [OK] stephenreed/jenkins-java8-maven-git Automated build that provides a continuous... 74 [OK] jenkinsci/jnlp-slave A Jenkins slave using JNLP to establish co... 66 [OK] jenkinsci/blueocean https:jenkinsci/slave Base Jenkins slave docker image 27 [OK] killercentury/jenkins-dind Generic Jenkins CI with Docker Engine and ... 27 [OK] jenkinsci/ssh-slave A Jenkins SSH Slave docker image 26 [OK] cloudbees/jenkins-enterprise CloudBees Jenkins Enterprise (Rolling rele... 25 [OK] aespinosa/jenkins Sets up a container with jenkins installed... 22 [OK] codetroopers/jenkins-slave-jdk8-android 21 [OK] csanchez/jenkins-swarm-slave 19 [OK] jenkinsci/workflow-demo Demo of Jenkins Workflow feature. 15 mesosphere/jenkins Jenkins on DC/OS Docker image. 11 appcontainers/jenkins Centos/Debian/Ubuntu Based Customizable Je... 10 [OK] blacklabelops/jenkins Docker Jenkins Swarm-Ready with HTTPS and ... 10 [OK] killercentury/jenkins-slave-dind Generic Jenkins Slave with Docker Engine a... 9 [OK] cloudbees/jenkins-operations-center CloudBees Jenkins Operation Center (Rollin... 8 [OK] fabric8/jenkins-docker Fabric8 Jenkins Docker Image 8 [OK] xmartlabs/jenkins-android Jenkins image for Android development. 8 [OK] bitnami/jenkins Bitnami Docker Image for Jenkins 7 [OK] mesosphere/jenkins-dind Docker in Docker image for running Docker ... 7 tianon/jenkins-slave SSHd, Java, and Docker-in-Docker specifica... 7 [OK]
but cannot perform a docker login or docker pull
[root@misvcdalmsndswa1 ~]# docker login 10.105.139.17:18001
Username (dockerclient):
Password:
Error response from daemon: Get http:[root@misvcdalmsndswa1 ~]# docker pull 10.105.139.17:18000/jenkins
Using default tag: latest
Error response from daemon: Get http:
My docker client details are:
$ cat /etc/docker/daemon.json
{
"debug": true,
"insecure-registries": [
"10.105.139.17:18001"
]
}
$ docker --version
Docker version 17.06.2-ce, build cec0b72
Could you please confirm if this is a bug related to running Nexus OSS 3.6 on a context path /nexus or if this is a mis-configuration error.
Many Thanks
Chris
Yes, proxy is configured but ignored for this domain. I just tested removing it completely with the same result.
Based on your response, it sounds like something was changed on the repository and it is no longer sending challenges?
GAML01WC1091:service bconner$ curl -v --compressed -H 'Accept: application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.v2+json,application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json' -H 'Accept-Encoding: gzip' -H 'User-Agent: jib 2.6.0 jib-maven-plugin Google-HTTP-Java-Client/1.34.0 (gzip)' -- 'https://dockercentral:5100/v2/public/anapsix/alpine-java/manifests/8u221b11_jdk'
* Uses proxy env variable no_proxy == 'olakscluster-dns-.eastus2.azmk8s.io,.att.com,.sbc.com,localhost,127.0.0.1'
* Trying 135.47.45.237...
* TCP_NODELAY set
* Connected to dockercentral (135.47.45.237) port 5100 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=Texas; L=Dallas; O=AT&T Services, Inc.; OU=ACSI; CN=dockercentral
* start date: Aug 18 00:00:00 2020 GMT
* expire date: Aug 19 12:00:00 2021 GMT
* subjectAltName: host "dockercentral" matched cert's "dockercentral"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global CA G2
* SSL certificate verify ok.
> GET /v2/public/anapsix/alpine-java/manifests/8u221b11_jdk HTTP/1.1
> Host: dockercentral:5100
> Accept: application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.v2+json,application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json
> Accept-Encoding: gzip
> User-Agent: jib 2.6.0 jib-maven-plugin Google-HTTP-Java-Client/1.34.0 (gzip)
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.15.8
< Date: Fri, 20 Nov 2020 15:28:32 GMT
< Content-Type: application/json;charset=iso-8859-1
< Content-Length: 222
< Connection: keep-alive
< X-Upstream: 135.47.69.226:5100
<
* Connection #0 to host dockercentral left intact
{"errors":[{"code":"UNAUTHORIZED","message":"[ERROR-400] DOCKER Either Authorization header is missing or invalid"}]}* Closing connection 0
I am currently trying to host nexus as a private registry for docker images within my organisation . My nginx configuration are as below .
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 6666; ### Docker Hosted Repo HTTPS port
server_name server408.int.org.com; ### Nexus Server
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/clsanexus.crt;
ssl_certificate_key /etc/ssl/certs/clsanexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) {
return 404;
}
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server408.int.org.com:4444/;
proxy_read_timeout 900;
}
location / {
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://server408.int.org.com:4444/;
proxy_read_timeout 90;
}
}
Have configured an hosted docker repo within nexus(running on port 4444) with https port 6666.
Currently we are able to login to docker registry .
[dockertest@vserver446 ~]$ docker login -u admin -p admin123 server408.int.org.com:6666
Login Succeeded
But when we try to push tagged images to the nexus hosted docker registry it throws back 400 Bad Request error .
[dockertest@server446 ~]$ docker push server408.int.org.com:6666/alpine
The push refers to a repository [server408.int.org.com:6666/alpine]
3fb66f713c9f: Preparing
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "n<!DOCTYPE html>n<html>n<head>n <title>400 - Nexus Repository Manager</title>n <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>nnn <!--[if lt IE 9]>n <script>(new Image).src="https://server408.int.org.com:6666/favicon.ico?3.2.1-01"</script>n <![endif]-->n <link rel="icon" type="image/png" href="https://vklnld908.int.clsa.com:6666/favicon-32x32.png?3.2.1-01" sizes="32x32">n <link rel="mask-icon" href="https://server408.int.org.com:6666/safari-pinned-tab.svg?3.2.1-01" color="#5bbad5">n <link rel="icon" type="image/png" href="https://server408.int.org.com:6666/favicon-16x16.png?3.2.1-01" sizes="16x16">n <link rel="shortcut icon" href="https://server408.int.org.com:6666/favicon.ico?3.2.1-01">n <meta name="msapplication-TileImage" content="https://server408.int.org.com:6666/mstile-144x144.png?3.2.1-01">n <meta name="msapplication-TileColor" content="#00a300">nn <link rel="stylesheet" type="text/css" href="https://vklnld908.int.clsa.com:6666/static/css/nexus-content.css?3.2.1-01"/>n</head>n<body>n<div class="nexus-header">n <a href="https://server408.int.org.com:6666">n <div class="product-logo">n <img src="https://server408.int.org.com:6666/static/images/nexus.png?3.2.1-01"/>n </div>n <div class="product-id">n <div class="product-id__line-1">n <span class="product-name">Nexus Repository Manager</span>n </div>n <div class="product-id__line-2">n <span class="product-spec">OSS 3.2.1-01</span>n </div>n </div>n </a>n</div>nn<div class="nexus-body">n <div class="content-header">n <img src="https://server408.int.org.com:6666/static/rapture/resources/icons/x32/exclamation.png?3.2.1-01"/>n <span class="title">Error 400</span>n <span class="description">Bad Request</span>n </div>n <div class="content-body">n <div class="content-section">n HTTP method POST is not supported by this URLn </div>n </div>n</div>n</body>n</html>nn"
Am I missing some important nginx configuration? Or are my requests getting malformed.
I am currently trying to host nexus as a private registry for docker images within my organisation . My nginx configuration are as below .
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 6666; ### Docker Hosted Repo HTTPS port
server_name box.company.net; ### Nexus Server
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/certs/nexus.crt;
ssl_certificate_key /etc/ssl/certs/nexus.key;
ssl_ciphers HIGH:!kEDH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSSL:16m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) {
return 404;
}
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://box.company.net:4444/;
proxy_read_timeout 900;
}
location / {
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/docker.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://box.company.net:4444/;
proxy_read_timeout 90;
}
}
Have configured an hosted docker repo within nexus(running on port 4444) with https port 6666.
Currently we are able to login to docker registry .
[[email protected] ~]$ docker login -u admin -p admin123
box.company.net:6666 Login Succeeded
But when we try to push tagged images to the nexus hosted docker registry it throws back 400 Bad Request error .
[[email protected] ~]$ docker push box.company.net:6666/alpine
The push refers to a repository [box.company.net:6666/alpine]
3fb66f713c9f: Preparing error parsing HTTP 400 response body: invalid
character ‘<‘ looking for beginning of value: «nnnn 400 — Nexus Repository
Managern nnn n
(new
Image).src=»https://box.company.net:6666/favicon.ico?3.2.1-01″</script>n
n https://box.company.net:6666/favicon-32×32.png?3.2.1-01″
sizes=»32×32″>n https://box.company.net:6666/safari-pinned-tab.svg?3.2.1-01″ color=»#5bbad5″>n https://box.company.net:6666/favicon-16×16.png?3.2.1-01″
sizes=»16×16″>n https://box.company.net:6666/favicon.ico?3.2.1-01″>n
https://box.company.net:6666/mstile-144×144.png?3.2.1-01″>n nn https://box.company.net:6666/static/css/nexus-content.css?3.2.1-01″/>nnnn https://box.company.net:6666»>n n https://box.company.net:6666/static/images/nexus.png?3.2.1-01″/>n
n n n Nexus Repository Managern n
n OSS 3.2.1-01n n n
nnnn n https://box.company.net:6666/static/rapture/resources/icons/x32/exclamation.png?3.2.1-01″/>n
Error 400n Bad Requestn n n n
HTTP method POST is not supported by this URLn n
nnnnn»
Am I missing some important nginx configuration? Or are my requests getting malformed.