Open benjamingwynn opened 1 year ago
/lifecycle frozen
Having the same issue here on Docker version 24.0.6-rd, build da4c87 for mac. Any updates?
== EDIT1 == Right after I asked this I've realized that docker desktop on MacOS runs inside of a Linuxkit VM and which has no access to the SSH tunnel running on the host. Still, curious how people are pushing images to remote internal registries from their Macs. My ugly solution for now:
docker save alpine:latest | ssh -C user@remote-internal-registry "docker load && docker tag alpine:latest localhost:5000/alpine:latest && docker push localhost:5000/alpine:latest" == EDIT2 == It is not that the docker VM does not have access to the tunnel on the host but that docker interprets "localhost" and "127.0.0.1" as the VM and not the host. The trick is to make the ssh tunnel available in all IPs on the host so you can point docker to something that is not localhost or 127.0.0.1. Using socat, for example:
socat TCP-LISTEN:5000,fork,reuseaddr TCP:127.0.0.1:5000
I can now point my docker push to another IP on my host and it will work:
❯ docker push 192.168.5.64:5000/ubuntu
Using default tag: latest
The push refers to repository [192.168.5.64:5000/ubuntu]
03fdf04efd9e: Pushing [==================================================>] 101.3MB
03fdf04efd9e: Pushed
latest: digest: sha256:781d090bf99d9b31a5a445ad2d42e516b5d677ca28638e4626f07d9df1e5cbf3 size: 529
...and that's because now we're listening on all ports (which may or may not be a security issue in your case depending on firewall rules, etc):
❯ netstat -vanp tcp | grep LISTEN | grep 5000
tcp46 0 0 *.5000 *.* LISTEN 131072 131072 11019 0 00000 00000006 0000000003f68f90 00000000 00000800 1 0 000001
tcp4 0 0 127.0.0.1.5000 *.* LISTEN 131072 131072 5971 0 00100 00000006 0000000003f665ee 00000000 00000900 1 0 000001
@laurentlgm that's a great workaround, however it seems quite dangerous and certainly not something I'd want in my deploy scripts.
Hopefully this can be resolved in Docker, but it doesn't seem like this is a huge priority for the docker team, sadly.
I ended up using a Linux VM in UTM to push Docker images to our remote docker hub via SSH - obviously not ideal either.
I found that the /etc/hosts
workaround in this issue https://github.com/docker/for-mac/issues/3611 works for this one as well. As in adding an alias for 127.0.0.1 to /etc/hosts
like
127.0.0.1 localhost registry.me
Description
We're connecting to a remote registry over SSH using a tunnel to deploy to a remote network.
Docker push always prints the following:
However I can clearly access the server just fine, as when I
curl 127.0.0.1:5000/v2/
, I get a valid result.I do not think this is an IPv6 vs IPv4 problem, as I'm using ipv4 loopback specifically rather than localhost.
Works as expected on Linux.
Related: https://github.com/docker/for-mac/issues/6141, https://github.com/docker/for-mac/issues/6055
Reproduce
ssh -NL 5000:127.0.0.1:5000 user@host
docker pull hello-world
docker tag hello-world 127.0.0.1:5000/hello-world
docker push 127.0.0.1:5000/hello-world
Expected behavior
docker push
should pushdocker version
docker info
Diagnostics ID
6F9316B5-F748-48D1-B2ED-A15F160469F2/20230608081429
Additional Info