couldn't work with designated registry service port

rpardini / docker-registry-proxy

An HTTPS Proxy for Docker providing centralized configuration and caching of any registry (quay.io, DockerHub, k8s.gcr.io)

Apache License 2.0

912 stars 170 forks source link

couldn't work with designated registry service port #122

Closed changdongvan closed 2 years ago

changdongvan commented 2 years ago

I'm using the latest 0.6.4, when depolying with the standard 443 https registry service port, the proxy service is ok. However when using the designated port, such as https://xxx:5000/, the proxy service is broken. The docker client shows error info as belows: Error response from daemon: Get https://xxx:5000/v2/: Forbidden.

When getting rid of the proxy, it is ok to pull directly from the https://xxx:5000. so there is something wrong with the proxy service. Is there some config missing?

rpardini commented 2 years ago

No, you gotta understand this is about HTTPS (HTTP + TLS, usually 443) Man in the Middle proxying.

allannielsen commented 2 years ago

I have the same need, and it seems to be very easy to add this feature. I could not build the docker images in this project and get it to work - but I managed to fix the same problem in tiangolo/docker-registry-proxy

Here is what I think is needed:

In nginx.conf we need to at proxy_connect_allow all;
entrypoint.sh need to facilitate a way of adding a line in /etc/nginx/docker.targetHost.map. In this example it shall contain xxx xxx:5000. Should be done using an environment variable similar to REGISTRIES.