Can't specify clair external port

optiopay / klar

Integration of Clair and Docker Registry

MIT License

507 stars 140 forks source link

Can't specify clair external port #73

Closed jamatute closed 6 years ago

jamatute commented 6 years ago

Hi,

I'm exposing Clair behind port 80 instead of 6060, If I specify the port the APIv1 fails with a parsing error and the APIv3 gives an transport is closing error

CLAIR_ADDR=http://{{ clair_address}}:80 klar debian 
Analysing 1 layers
Failed to analyze using API v1: push image https://registry-1.docker.io/v2/library/debian:latest to Clair failed: can't even read an error message: invalid character '<' looking for beginning of value

Failed to analyze using API v3: push image https://registry-1.docker.io/v2/library/debian:latest to Clair failed: rpc error: code = Unavailable desc = transport is closing

Failed to analyze, exiting

The port is open but Clair logs doesn't show any activity

Klar version: 2.0 Clair version/image: quay.io/coreos/clair-git:latest Kubernetes version: v1.7.8-gke.0

Thanks

ppacher commented 6 years ago

This actually seems like your clair server returns a HTML document (invalid character '<' looking for beginning of value) instead of a valid JSON response. Make sure you have setup the server correctly.

The second error message (transport is closing) is just the result of klar trying V1 first and falling back to V3 on any error. Since clair has not been released with APIv3 yet the server is closing the connection.

hashmap commented 6 years ago

Closing because of inactivity, I hope the latest release fixed it. Let me know if the issue needs to be reopened.

Karreg commented 6 years ago

I ran on the same issue while trying klar today.

The issue is more clear with traces:

<---- HTTP RESPONSE:
HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 279
Content-Type: text/html
Date: Tue, 10 Jul 2018 08:19:13 GMT
Server: nginx/1.4.6 (Ubuntu)

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
</body>
</html>

ImageV1 decode error
Can't pull image: invalid character '<' looking for beginning of value

But while the issue seems clear, I was not able to find how to setup Clair on http, or klar to send https requests. I'll dig through the documentations of both tools, but any hint, if you have one, would help. Thanks!

Karreg commented 6 years ago

OK, found it. I mixed the two klar options DOCKER_INSECURE and REGISTRY_INSECURE. The second one seemed to be the one I needed because the registry is on https with self signed certificate. I will update the issue with further findings...