Open layer7gmbh opened 3 years ago
Is this still happening for you?
Can you run the following command on the machine you are having issues with? curl -v http://production.cloudflare.docker.com/cdn-cgi/trace
In addition, can you please run the following script as ./test.sh library/debian blobs/sha256:fe3c5de03486f6e68639071e35675bc204558725a728e4eb835a23b62db6d7b5
#!/bin/bash
# call it as <script> library/mysql blobs/sha256:2a72cbf407d67c7a7a76dd48e432091678e297140dce050ad5eccad918a9f8d6
repo=$1
url=$2
token=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$repo:pull" | jq -r .token)
curl -v https://registry-1.docker.io/v2/$repo/$url -H "Authorization: Bearer $token" -L > /dev/null
Please paste the output from both commands. Thank you.
Hi, @ingshtrom
I'm having exactly this issue.
Using default tag: latest
latest: Pulling from library/debian
5e0b432e8ba9: Pulling fs layer
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/05/05d2318291e38ea41118d6792f78087ae61232a28369b167c5faec3eb6c01630/data?verify=1639157559-Gvxpq2jnnUm9EigByKPhk6aV0Gg%3D": http: server gave HTTP response to HTTPS client
Can you help me?
the output of curl -v http://production.cloudflare.docker.com/cdn-cgi/trace
* Trying 104.18.124.25...
* TCP_NODELAY set
* Connected to production.cloudflare.docker.com (104.18.124.25) port 80 (#0)
> GET /cdn-cgi/trace HTTP/1.1
> Host: production.cloudflare.docker.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: cloudflare
< Date: Fri, 10 Dec 2021 16:40:54 GMT
< Content-Type: text/html
< Content-Length: 155
< Connection: close
< CF-RAY: -
<
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Closing connection 0
and ./test.sh library/debian blobs/sha256:05d2318291e38ea41118d6792f78087ae61232a28369b167c5faec3eb6c01630
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (23) Failed writing body (0 != 4363)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 34.192.204.44...
* TCP_NODELAY set
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to registry-1.docker.io (34.192.204.44) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5083 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.docker.com
* start date: Nov 30 00:00:00 2021 GMT
* expire date: Dec 29 23:59:59 2022 GMT
* subjectAltName: host "registry-1.docker.io" matched cert's "*.docker.io"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
} [5 bytes data]
> GET /v2/library/debian/blobs/sha256:05d2318291e38ea41118d6792f78087ae61232a28369b167c5faec3eb6c01630 HTTP/1.1
> Host: registry-1.docker.io
> User-Agent: curl/7.58.0
> Accept: */*
> Authorization: Bearer
>
{ [5 bytes data]
< HTTP/1.1 401 Unauthorized
< content-type: application/json
< docker-distribution-api-version: registry/2.0
< www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/debian:pull"
< date: Fri, 10 Dec 2021 16:44:15 GMT
< content-length: 157
< strict-transport-security: max-age=31536000
<
{ [157 bytes data]
100 157 100 157 0 0 132 0 0:00:01 0:00:01 --:--:-- 132
* Connection #0 to host registry-1.docker.io left intact
@khuuthuyky123 That is very odd that you received a 400 from Cloudflare. Could you try going to http://production.cloudflare.docker.com/cdn-cgi/trace or https://production.cloudflare.docker.com/cdn-cgi/trace in your browser (assuming this isn't a server you are running this from)?
What OS is this running on?
Do you always get the issue with pulling debian or is it intermittent?
Hi,
a brand new debian 10 or debian 11 or centOS 7 install will report:
docker pull debian
same with any other...
Its not really an issue with docker itself, but this
error seems to be connected with private repositories. As i want to pull from the regular free public repository i dont understand where the problem comes from.
The server has no firewall installed. So i am stuck here and the web search engines only covers private repository issues.
A simple curl will report:
curl -v https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/29/29dd0a82ea2076bbb67f78d53236022b3d2968da639617860881d046b555e0c7/data?verify=1630008330-waCxGmVjnwVmJNLomPcWjZPC0Zs%3D
while the same from a Ubuntu 20.04:
If i ask other websites with curl, i dont have any issues...
Help how to solve / analyse this is greatly appriciated.
Output of
docker version
:Output of
docker info
:This all runs in a KVM VPS, nothing special with it.
Thank you!