search

docker-archive / docker-registry

This is **DEPRECATED**! Please go to https://github.com/docker/distribution
Apache License 2.0
2.88k stars 876 forks source link

Docker pull with Apache Proxy fails #1072

Closed AlexFR59 closed 8 years ago

AlexFR59 commented 8 years ago

Hello,

I'm using Nexus3 as a docker registry. In order to hide the ports of Nexus, I put an Apache Server to work as a Proxy.

With this confirguration, I'm able to log in my registry, but I cant pull anything easily :

docker pull docker-app.registry.qualif.fr.auchan.com/auchan_move/hystrixdashboard:1.0.0
Error response from daemon: Get https://docker-app.registry.qualif.fr.auchan.com/v2/auchan_move/hystrixdashboard/manifests/1.0.0: no basic auth credentials

But if I had the sha256 signature like this, it works : docker pull docker-app.registry.qualif.fr.auchan.com/auchan_move/hystrixdashboard:1.0.0@sha256:....

Here is my Apache config : 

<VirtualHost *:443>
        ServerName docker-tech.registry.qualif.fr.auchan.com

        DocumentRoot /product/nexus

                #SecRuleEngine On

                SSLEngine On
                SSLCertificateFile      /etc/httpd/ssl/registry.pem
                SSLCertificateKeyFile   /etc/httpd/ssl/registry.pem
                SSLCACertificateFile    /etc/httpd/ssl/registry.pem
                #SSLCipherSuite          ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
                #SSLProtocol             -ALL +TLSv1

        ProxyPreserveHost On

        ProxyPass / http://LNXQLCLV9043.qualif.fr.auchan.com:8001/
        ProxyPassReverse / http://LNXQLCLV9043.qualif.fr.auchan.com:8001/

        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
        RewriteCond %{REQUEST_FILENAME} !/maintenance.html
        RewriteRule ^.*$    /maintenance.html [L]

        LogLevel debug
        CustomLog "|/usr/sbin/rotatelogs /product/nexus/access-docker-tech.registry.log.%Y-%m-%d 86400" combined
        ErrorLog "|/usr/sbin/rotatelogs /product/nexus/error-docker-tech.registry.log.%Y-%m-%d 86400"
</VirtualHost>

I dont know what i'm doing wrong...

AlexFR59 commented 8 years ago

I didn't write the real error. This is it : Error response from daemon: missing signature key I cant find where is my problem...

AlexFR59 commented 8 years ago

We finally found the problem : Apache modify the order of the RequestHeader... The result is : Instead of using V2 API, the docker pull use the V1 API.

In order to solve this, I just add this in my Apache VitrualHost : RequestHeader set Accept "application/vnd.docker.distribution.manifest.v2+json"

wusisu commented 5 years ago

I think the problem is docker http request use Accept multi-lines in header.

Accept: application/vnd.docker.distribution.manifest.v2+json
Accept: application/vnd.docker.distribution.manifest.list.v2+json
Accept: application/vnd.docker.distribution.manifest.v1+prettyjws