docker pull http: server gave HTTP response to HTTPS client for debian and centOS

layer7gmbh commented 3 years ago

Hi,

a brand new debian 10 or debian 11 or centOS 7 install will report:

docker pull debian

Using default tag: latest
latest: Pulling from library/debian
4c25b3090c26: Pulling fs layer 
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/fe/fe3c5de03486f6e68639071e35675bc204558725a728e4eb835a23b62db6d7b5/data?verify=1630007974-Dj%2B7kViMhPGUAumu0JaOXTTCJ54%3D": http: server gave HTTP response to HTTPS client

same with any other...

Using default tag: latest
latest: Pulling from library/postgres
e1acddbe380c: Pulling fs layer 
ab477c15ef75: Pulling fs layer 
52fb2eb8fe36: Pulling fs layer 
f524381f883e: Waiting 
6814a3f43c00: Waiting 
efeb1f2150cf: Waiting 
de7c6920299d: Waiting 
b8f929d911a2: Waiting 
a961b3c2645a: Waiting 
05a89d8dadc7: Waiting 
ca61de601d6c: Waiting 
0f3fd90b1a40: Waiting 
c4ed85bb4f3a: Waiting 
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/29/29dd0a82ea2076bbb67f78d53236022b3d2968da639617860881d046b555e0c7/data?verify=1630008271-nV%2Bu8shwEFkbtgM%2BDZflB6rpIeU%3D": http: server gave HTTP response to HTTPS client

Its not really an issue with docker itself, but this

http: server gave HTTP response to HTTPS client

error seems to be connected with private repositories. As i want to pull from the regular free public repository i dont understand where the problem comes from.

The server has no firewall installed. So i am stuck here and the web search engines only covers private repository issues.

A simple curl will report:

curl -v https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/29/29dd0a82ea2076bbb67f78d53236022b3d2968da639617860881d046b555e0c7/data?verify=1630008330-waCxGmVjnwVmJNLomPcWjZPC0Zs%3D


*   Trying 104.18.122.25:443...
* Connected to production.cloudflare.docker.com (104.18.122.25) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

while the same from a Ubuntu 20.04:

curl -v https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/29/29dd0a82ea2076bbb67f78d53236022b3d2968da639617860881d046b555e0c7/data?verify=1630008330-waCxGmVjnwVmJNLomPcWjZPC0Zs%3D
*   Trying 104.18.122.25:443...
* TCP_NODELAY set
* Connected to production.cloudflare.docker.com (104.18.122.25) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jul 12 00:00:00 2021 GMT
*  expire date: Jul 11 23:59:59 2022 GMT
*  subjectAltName: host "production.cloudflare.docker.com" matched cert's "production.cloudflare.docker.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x556c287f1e10)
> GET /registry-v2/docker/registry/v2/blobs/sha256/29/29dd0a82ea2076bbb67f78d53236022b3d2968da639617860881d046b555e0c7/data?verify=1630008330-waCxGmVjnwVmJNLomPcWjZPC0Zs%3D HTTP/2
> Host: production.cloudflare.docker.com
> user-agent: curl/7.68.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200 
< date: Thu, 26 Aug 2021 20:02:19 GMT
< content-type: application/octet-stream
< content-length: 10268
< cf-ray: 684fa83728d04357-FRA
< accept-ranges: bytes
< age: 804556
< cache-control: public, max-age=14400
< etag: "0fa01ea3771dfe1976aa12cd4710359f"
< expires: Fri, 27 Aug 2021 00:02:19 GMT
< last-modified: Tue, 17 Aug 2021 12:11:26 GMT
< vary: Accept-Encoding
< cf-cache-status: HIT
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< x-amz-id-2: 60IptfHVvJu68Ic7dLYO8+eTiDWC4b0QIhQhMJael2URUiOok/nKueC3OlBVSF652v1NkmL6Rys=
< x-amz-request-id: M09XV7DN4RR18D1X
< x-amz-version-id: _5G0j09A7N6.KCEoks..zPos6_4A4kzV
< server: cloudflare
< 
{"architecture":"amd64","config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"5432/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/13/bin","GOSU_VERSION=1.12","LANG=en_US.utf8","PG_MAJOR=13","PG_VERSION=13.4-1.pgdg100+1","PGDATA=/var/lib/postgresql/data"],"Cmd":["postgres"],"Image":"sha256:e1b8bb1c93dfd07499c6283c5b0d97f5b964e7ab01eea7cee70719266d087ccd","Volumes":{"/var/lib/postgresql/data":{}},"WorkingDir":"","Entrypoint":["docker-entrypoint.sh"],"OnBuild":null,"Labels":null,"StopSignal":"SIGINT"},"container":"ef71254d468d67695ebf4366c922dea05a184a215f6afc69d8ba12ccbbfd97fd","container_config":{"Hostname":"ef71254d468d","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"5432/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/13/bin","GOSU_VERSION=1.12","LANG=en_US.utf8","PG_MAJOR=13","PG_VERSION=13.4-1.pgdg100+1","PGDATA=/var/lib/postgresql/data"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"postgres\"]"],"Image":"sha256:e1b8bb1c93dfd07499c6283c5b0d97f5b964e7ab01eea7cee70719266d087ccd","Volumes":{"/var/lib/postgresql/data":{}},"WorkingDir":"","Entrypoint":["docker-entrypoint.sh"],"OnBuild":null,"Labels":{},"StopSignal":"SIGINT"},"created":"2021-08-17T12:05:41.117797299Z","docker_version":"20.10.7","history":[{"created":"2021-08-17T01:24:06.028544772Z","created_by":"/bin/sh -c #(nop) ADD file:87b4e60fe3af680c6815448374365a44e9ea461bc8ade2960b4639c25aed3ba9 in / "},{"created":"2021-08-17T01:24:06.423874059Z","created_by":"/bin/sh -c #(nop)  CMD [\"bash\"]","empty_layer":true},{"created":"2021-08-17T12:04:21.106550929Z","created_by":"/bin/sh -c set -ex; \tif ! command -v gpg \u003e /dev/null; then \t\tapt-get update; \t\tapt-get install -y --no-install-recommends \t\t\tgnupg \t\t\tdirmngr \t\t; \t\trm -rf /var/lib/apt/lists/*; \tfi"},{"created":"2021-08-17T12:04:22.094210674Z","created_by":"/bin/sh -c set -eux; \tgroupadd -r postgres --gid=999; \tuseradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \tmkdir -p /var/lib/postgresql; \tchown -R postgres:postgres /var/lib/postgresql"},{"created":"2021-08-17T12:04:22.26602839Z","created_by":"/bin/sh -c #(nop)  ENV GOSU_VERSION=1.12","empty_layer":true},{"created":"2021-08-17T12:04:31.241439236Z","created_by":"/bin/sh -c set -eux; \tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends ca-certificates wget; \trm -rf /var/lib/apt/lists/*; \tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \twget -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \twget -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \texport GNUPGHOME=\"$(mktemp -d)\"; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark \u003e /dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tchmod +x /usr/local/bin/gosu; \tgosu --version; \tgosu nobody true"},{"created":"2021-08-17T12:04:38.219318867Z","created_by":"/bin/sh -c set -eux; \tif [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \t\tgrep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \t\tsed -ri '/\\/usr\\/share\\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \t\t! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \tfi; \tapt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \tlocaledef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8"},{"created":"2021-08-17T12:04:38.478856244Z","created_by":"/bin/sh -c #(nop)  ENV LANG=en_US.utf8","empty_layer":true},{"created":"2021-08-17T12:04:42.295980979Z","created_by":"/bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tlibnss-wrapper \t\txz-utils \t; \trm -rf /var/lib/apt/lists/*"},{"created":"2021-08-17T12:04:42.997738988Z","created_by":"/bin/sh -c mkdir /docker-entrypoint-initdb.d"},{"created":"2021-08-17T12:04:45.586741789Z","created_by":"/bin/sh -c set -ex; \tkey='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \texport GNUPGHOME=\"$(mktemp -d)\"; \tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tgpg --batch --export \"$key\" \u003e /etc/apt/trusted.gpg.d/postgres.gpg; \tcommand -v gpgconf \u003e /dev/null \u0026\u0026 gpgconf --kill all; \trm -rf \"$GNUPGHOME\"; \tapt-key list"},{"created":"2021-08-17T12:05:18.758775545Z","created_by":"/bin/sh -c #(nop)  ENV PG_MAJOR=13","empty_layer":true},{"created":"2021-08-17T12:05:18.95848733Z","created_by":"/bin/sh -c #(nop)  ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/13/bin","empty_layer":true},{"created":"2021-08-17T12:05:19.161993447Z","created_by":"/bin/sh -c #(nop)  ENV PG_VERSION=13.4-1.pgdg100+1","empty_layer":true},{"created":"2021-08-17T12:05:36.979144119Z","created_by":"/bin/sh -c set -ex; \t\texport PYTHONDONTWRITEBYTECODE=1; \t\tdpkgArch=\"$(dpkg --print-architecture)\"; \tcase \"$dpkgArch\" in \t\tamd64 | arm64 | i386 | ppc64el) \t\t\techo \"deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR\" \u003e /etc/apt/sources.list.d/pgdg.list; \t\t\tapt-get update; \t\t\t;; \t\t*) \t\t\techo \"deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main $PG_MAJOR\" \u003e /etc/apt/sources.list.d/pgdg.list; \t\t\t\t\t\ttempDir=\"$(mktemp -d)\"; \t\t\tcd \"$tempDir\"; \t\t\t\t\t\tsavedAptMark=\"$(apt-mark showmanual)\"; \t\t\t\t\t\tapt-get update; \t\t\tDEBIAN_FRONTEND=noninteractive \t\t\tapt-get build-dep -y \t\t\t\tpostgresql-common pgdg-keyring \t\t\t\t\"postgresql-$PG_MAJOR=$PG_VERSION\" \t\t\t; \t\t\tDEB_BUILD_OPTIONS=\"nocheck parallel=$(nproc)\" \t\t\t\tapt-get source --compile \t\t\t\t\tpostgresql-common pgdg-keyring \t\t\t\t\t\"postgresql-$PG_MAJOR=$PG_VERSION\" \t\t\t; \t\t\t\t\t\tapt-mark showmanual | xargs apt-mark auto \u003e /dev/null; \t\t\tapt-mark manual $savedAptMark; \t\t\t\t\t\tls -lAFh; \t\t\tdpkg-scanpackages . \u003e Packages; \t\t\tgrep '^Package: ' Packages; \t\t\techo \"deb [ trusted=yes ] file://$tempDir ./\" \u003e /etc/apt/sources.list.d/temp.list; \t\t\tapt-get -o Acquire::GzipIndexes=false update; \t\t\t;; \tesac; \t\tapt-get install -y --no-install-recommends postgresql-common; \tsed -ri 's/#(create_main_cluster) .*$/\\1 = false/' /etc/postgresql-common/createcluster.conf; \tapt-get install -y --no-install-recommends \t\t\"postgresql-$PG_MAJOR=$PG_VERSION\" \t; \t\trm -rf /var/lib/apt/lists/*; \t\tif [ -n \"$tempDir\" ]; then \t\tapt-get purge -y --auto-remove; \t\trm -rf \"$tempDir\" /etc/apt/sources.list.d/temp.list; \tfi; \t\tfind /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S \"$pyc\" \u0026\u003e /dev/null || rm -vf \"$pyc\"; done' -- '{}' +; \t\tpostgres --version"},{"created":"2021-08-17T12:05:38.298173204Z","created_by":"/bin/sh -c set -eux; \tdpkg-divert --add --rename --divert \"/usr/share/postgresql/postgresql.conf.sample.dpkg\" \"/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample\"; \tcp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \tln -sv ../postgresql.conf.sample \"/usr/share/postgresql/$PG_MAJOR/\"; \tsed -ri \"s!^#?(listen_addresses)\\s*=\\s*\\S+.*!\\1 = '*'!\" /usr/share/postgresql/postgresql.conf.sample; \tgrep -F \"listen_addresses = '*'\" /usr/share/postgresql/postgresql.conf.sample"},{"created":"2021-08-17T12:05:39.05768214Z","created_by":"/bin/sh -c mkdir -p /var/run/postgresql \u0026\u0026 chown -R postgres:postgres /var/run/postgresql \u0026\u0026 chmod 2777 /var/run/postgresql"},{"created":"2021-08-17T12:05:39.253829415Z","created_by":"/bin/sh -c #(nop)  ENV PGDATA=/var/lib/postgresql/data","empty_layer":true},{"created":"2021-08-17T12:05:39.962590548Z","created_by":"/bin/sh -c mkdir -p \"$PGDATA\" \u0026\u0026 chown -R postgres:postgres \"$PGDATA\" \u0026\u0026 chmod 777 \"$PGDATA\""},{"created":"2021-08-17T12:05:40.138474377Z","created_by":"/bin/sh -c #(nop)  VOLUME [/var/lib/postgresql/data]","empty_layer":true},{"created":"2021-08-17T12:05:40.35881669Z","created_by":"/bin/sh -c #(nop) COPY file:e9c9c5e19c7b014c81f4ef8bcc5c1f247c4d9b165d34d35e9a28ca5adb5e0ab3 in /usr/local/bin/ "},{"created":"2021-08-17T12:05:40.550139702Z","created_by":"/bin/sh -c #(nop)  ENTRYPOINT [\"docker-entrypoint.sh\"]","empty_layer":true},{"created":"2021-08-17T12:05:40.742544955Z","created_by":"/bin/sh -c #(nop)  STOPSIGNAL SIGINT","empty_layer":true},{"created":"2021-08-17T12:05:40.933933475Z","created_by":"/bin/sh -c #(nop)  EXPOSE 5432","empty_layer":true},{"created":"2021-08-17T12:05:41.117797299Z","created_by":"/bin/sh -c #(nop)  CMD [\"postgres\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781","sha256:0c2a4c9deb8e8ca91af949af091df852e805773c69ab8a547102dcf1cbf0fd47","sha256:028bd1aa2de143e6879f086e0f0895f6b48999e55e8e072c61653c72ae178295","sha256:88ad973e83fda5f2d2beb6a16f5e5d208e48d5704df0d83741c618a3c95c788e","sha256:aa0c4a87e1b42d832978fc1599e68c4049c4fb67002e03ef511bb2c9097b1a25","sha256:89790dd2f6077b954b5b272e65a48407269545fdbfe5f60731a8ad462f314abb","sha256:8c5c7847c065b13a6eafcb5ac7aeba6b653768fc829797c2beb3347277aac7a7","sha256:f3a2c979fea9ad982ff530f34ca5b61e416a053c3360c395034f4c9940f009fe","sha256:96f0b0b6c0d456a4a6cf277068736bc4c8dd4c5cd8bf1b7b67d548df1b44af09","sha256:0b23d3f13f16e6ef0629ff8c274c84b98d9ed54f1371a0fcb0bd1cf6571757f7","sha256:f51fd9db7917b7deef92889a24cca186fc4d22406107ba6fb36dace932fbf2bc","sha256:53abf17bd86ac528f3764704291608476a4039d5a958c212ca902bf5c9f2480a","sha256:11f86f0cc12071e21aa7ad11a7813b2e012c1a80* Connection #0 to host production.cloudflare.docker.com left intact

If i ask other websites with curl, i dont have any issues...

Help how to solve / analyse this is greatly appriciated.

Output of docker version:

Client: Docker Engine - Community
 Version:           20.10.8
 API version:       1.41
 Go version:        go1.16.6
 Git commit:        3967b7d
 Built:             Fri Jul 30 19:54:22 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.8
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.6
  Git commit:       75249d8
  Built:            Fri Jul 30 19:52:31 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.9
  GitCommit:        e25210fe30a0a703442421b0f60afac609f950a3
 runc:
  Version:          1.0.1
  GitCommit:        v1.0.1-0-g4144b63
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
  scan: Docker Scan (Docker Inc., v0.8.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.8
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e25210fe30a0a703442421b0f60afac609f950a3
 runc version: v1.0.1-0-g4144b63
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.10.0-8-amd64
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.23GiB
 Name: git.layer7.net
 ID: MFNB:277L:LASR:7WLO:QVNM:M2SB:A7AS:WFK4:ZQVF:E3NI:KMHL:4GBU
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

This all runs in a KVM VPS, nothing special with it.

Thank you!

ingshtrom commented 3 years ago

Is this still happening for you?

Can you run the following command on the machine you are having issues with? curl -v http://production.cloudflare.docker.com/cdn-cgi/trace

In addition, can you please run the following script as ./test.sh library/debian blobs/sha256:fe3c5de03486f6e68639071e35675bc204558725a728e4eb835a23b62db6d7b5

#!/bin/bash
# call it as <script> library/mysql blobs/sha256:2a72cbf407d67c7a7a76dd48e432091678e297140dce050ad5eccad918a9f8d6
repo=$1
url=$2
token=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$repo:pull" | jq -r .token)
curl -v https://registry-1.docker.io/v2/$repo/$url -H "Authorization: Bearer $token" -L > /dev/null

Please paste the output from both commands. Thank you.

khuuthuyky123 commented 2 years ago

Hi, @ingshtrom

I'm having exactly this issue.

Using default tag: latest
latest: Pulling from library/debian
5e0b432e8ba9: Pulling fs layer
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/05/05d2318291e38ea41118d6792f78087ae61232a28369b167c5faec3eb6c01630/data?verify=1639157559-Gvxpq2jnnUm9EigByKPhk6aV0Gg%3D": http: server gave HTTP response to HTTPS client

Can you help me?

the output of curl -v http://production.cloudflare.docker.com/cdn-cgi/trace

*   Trying 104.18.124.25...
* TCP_NODELAY set
* Connected to production.cloudflare.docker.com (104.18.124.25) port 80 (#0)
> GET /cdn-cgi/trace HTTP/1.1
> Host: production.cloudflare.docker.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: cloudflare
< Date: Fri, 10 Dec 2021 16:40:54 GMT
< Content-Type: text/html
< Content-Length: 155
< Connection: close
< CF-RAY: -
<
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Closing connection 0

and ./test.sh library/debian blobs/sha256:05d2318291e38ea41118d6792f78087ae61232a28369b167c5faec3eb6c01630

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
curl: (23) Failed writing body (0 != 4363)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 34.192.204.44...
* TCP_NODELAY set
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to registry-1.docker.io (34.192.204.44) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5083 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.docker.com
*  start date: Nov 30 00:00:00 2021 GMT
*  expire date: Dec 29 23:59:59 2022 GMT
*  subjectAltName: host "registry-1.docker.io" matched cert's "*.docker.io"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
} [5 bytes data]
> GET /v2/library/debian/blobs/sha256:05d2318291e38ea41118d6792f78087ae61232a28369b167c5faec3eb6c01630 HTTP/1.1
> Host: registry-1.docker.io
> User-Agent: curl/7.58.0
> Accept: */*
> Authorization: Bearer
>
{ [5 bytes data]
< HTTP/1.1 401 Unauthorized
< content-type: application/json
< docker-distribution-api-version: registry/2.0
< www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/debian:pull"
< date: Fri, 10 Dec 2021 16:44:15 GMT
< content-length: 157
< strict-transport-security: max-age=31536000
<
{ [157 bytes data]
100   157  100   157    0     0    132      0  0:00:01  0:00:01 --:--:--   132
* Connection #0 to host registry-1.docker.io left intact

ingshtrom commented 2 years ago

@khuuthuyky123 That is very odd that you received a 400 from Cloudflare. Could you try going to http://production.cloudflare.docker.com/cdn-cgi/trace or https://production.cloudflare.docker.com/cdn-cgi/trace in your browser (assuming this isn't a server you are running this from)?

What OS is this running on?

Do you always get the issue with pulling debian or is it intermittent?

docker / for-linux

docker pull http: server gave HTTP response to HTTPS client for debian and centOS #1291