search

docker / hub-feedback

Feedback and bug reports for the Docker Hub
https://hub.docker.com
233 stars 40 forks source link

IP Blocked?, getting 500 HTTP Server Errors when accessing docker.io #2164

Closed Richard-3 closed 2 years ago

Richard-3 commented 2 years ago

Hello,

We are getting 500 HTTP Status Error codes when doing docker pull or accessing docker.io, docker.com and hub.docker.com but only from one of our sites (accessing from IP 50.226.27.14). However www.docker.com returns sucessfully. Note; If we use a proxy so accessing from another IP the machines work fine.

Regards, Richard

$ docker pull hello-world
Using default tag: latest
Error response from daemon: received unexpected HTTP status: 500 Server Error
$ curl https://docker.io -v
*   Trying 54.81.89.50...
* TCP_NODELAY set
* Expire in 149871 ms for 3 (transfer 0x555d07ae8fb0)
* Expire in 200 ms for 4 (transfer 0x555d07ae8fb0)
* Connected to docker.io (54.81.89.50) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.docker.io
*  start date: Apr 25 00:00:00 2021 GMT
*  expire date: May 24 23:59:59 2022 GMT
*  subjectAltName: host "docker.io" matched cert's "docker.io"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: docker.io
> User-Agent: curl/7.64.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 500 Server Error
< cache-control: no-cache
< content-type: text/html
<
<html><body><h1>500 Server Error</h1>
An internal server error occured.
</body></html>

* TLSv1.2 (IN), TLS alert, close notify (256):
* Closing connection 0
ingshtrom commented 2 years ago

I am very sorry about this. That IP was blocked almost a year ago due to the IP making a lot of requests which were failing. Usually when we see this, one of two things happen... either (1) the user/company reaches out and realizes they have a misconfiguration somewhere, they fix it, and we unblock them OR (2) we never hear from them and the IP stays blocked. I think (2) happened here and maybe the IP rotated within the Comcast network or maybe it is a NAT Gateway IP and only one of the people behind that NAT were making those bad requests...

No matter how it happened, the IP has been unblocked for almost 24 hours now and we have yet to see any further requests coming in. If you wouldn't mind letting us know when you start using this IP again so we can double check traffic levels and success rate.

If we do not hear anything further and there is no concerning traffic from that IP, we will continue to keep it unblocked.

Thank you!

Richard-3 commented 2 years ago

If you wouldn't mind letting us know when you start using this IP again so we can double check traffic levels and success rate.

Thank you for your quick reply, can confirm we can now access from that site/IP. I'll let our end users know.