I have configured my GCP docker registry using HA Proxy. Here is my HA Proxy configuration.
frontend myfrontend
bind 0.0.0.0:8080
use_backend maven-repo if { path_beg -i /repository }
use_backend gcp-repo if { path_beg -i /dev-registry }
default_backend gcp-repo
backend maven-repo
server maven-repo mvn01-ashok-dev.net:443 ssl verify none check inter 5s
backend gcp-repo
server gcp-repo dev-docker.pkg.dev:443 ssl verify none check inter 5s
While pulling docker image from through HA Proxy, i am getting following error.
ashok#ubuntu:~$ docker pull localhost:8080/dev-registry/gateway-cluster-images/nextgen-nativebridge:1.1.0
Error response from daemon: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE html>\n<html lang=en>\n <meta charset=utf-8>\n <meta name=viewport content=\"initial-scale=1, minimum-scale=1, width=device-width\">\n <title>Error 404 (Not Found)!!1</title>\n <style>\n *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}#media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}#media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}#media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}\n </style>\n <a href=//www.google.com/><span id=logo aria-label=Google></span></a>\n <p><b>404.</b> <ins>That’s an error.</ins>\n <p>The requested URL <code>/v2/dev-registry/gateway-cluster-images/nextgen-nativebridge:1.1.0</code> was not found on this server. <ins>That’s all we know.</ins>\n"
Related
I have configured my harbor docker registry using HA Proxy. Here is my HA Proxy configuration.
frontend ashok_registry
bind 0.0.0.0:8080
use_backend maven-repo if { path_beg -i /repository }
use_backend harbor-repo if { path_beg -i /v2/dev-images/ }
backend maven-repo
server maven-repo mvn01-ashok-dev.net:443 ssl verify none check inter 5s
backend harbor-repo
server harbor-repo hub.ashok.com:443 ssl verify none check inter 5s
Here whenever i used multiple paths (/v2/dev-images) in path_beg. I am unable to pull the docker image. Getting following error
$ docker pull localhost:8080/dev-images/myapp/myapp-image:1.1.0
Error response from daemon: unauthorized: authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository
Here is my HAProxy server logs
Dec 28 12:39:42 hydlpt391 haproxy[40706]: 127.0.0.1:53422 [28/Dec/2022:12:39:42.908] ashok_registry ashok_registry/<NOSRV> -1/-1/-1/-1/0 400 0 - - PR-- 1/1/0/0/0 0/0 "<BADREQ>"
Dec 28 12:39:42 hydlpt391 haproxy[40706]: 127.0.0.1:53436 [28/Dec/2022:12:39:42.909] ashok_registry ashok_registry/<NOSRV> -1/-1/-1/-1/0 503 216 - - SC-- 1/1/0/0/0 0/0 "GET /v2/ HTTP/1.1"
Dec 28 12:39:43 hydlpt391 haproxy[40706]: 127.0.0.1:53448 [28/Dec/2022:12:39:42.914] ashok_registry harbor-repo/harbor-repo 0/0/756/309/1065 401 480 - - ---- 1/1/0/0/0 0/0 "HEAD /v2/dev-images/myapp/myapp-image/manifests/1.1.0 HTTP/1.1"
Dec 28 12:39:44 hydlpt391 haproxy[40706]: 127.0.0.1:53452 [28/Dec/2022:12:39:43.981] ashok_registry harbor-repo/harbor-repo 0/0/758/251/1009 401 632 - - ---- 1/1/0/0/0 0/0 "GET /v2/dev-images/myapp/myapp-image/manifests/1.1.0 HTTP/1.1"
If i remove multiple paths in the path_beg then iam able to pull the image through HAProxy
frontend ashok_registry
bind 0.0.0.0:8080
use_backend maven-repo if { path_beg -i /repository }
use_backend harbor-repo if { path_beg -i /v2/ }
backend maven-repo
server maven-repo mvn01-ashok-dev.net:443 ssl verify none check inter 5s
backend harbor-repo
server harbor-repo hub.ashok.com:443 ssl verify none check inter 5s
And pull command usage
docker pull localhost:8080/dev-images/myapp/myapp-image:1.1.0
1.0.0: Pulling from dev-images/myapp/myapp-image
213ec9aee27d: Already exists
24b464698217: Pull complete
4f4fb700ef54: Pull complete
b4c5e6d1ca25: Pull complete
4c437a1beb75: Pull complete
357d1bd31d98: Pull complete
72cf3d73d8a4: Pull complete
6476114140cd: Pull complete
f1f11b5c7106: Pull complete
Here I need /v2/dev-images/ in bath_beg because i have multiple /v2/ paths in multiple urls. How can i solve this issue?
I am trying to set a local development enviroment with nginx docker and local DNS containers, once I bring docker compose up and typed commands it response with:
$ nslookup ns.main.com
;; connection timed out; no servers could be reached
$dig #127.0.0.1 ns.main.com
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> #127.0.0.1 ns.main.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38715
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e9ba5744ce2779c601000000633878c753c784e7d4f38f3e (good)
;; QUESTION SECTION:
;ns.main.com. IN A
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Oct 01 11:28:39 CST 2022
;; MSG SIZE rcvd: 68
The test domain is not resolved and test page is not access, there is a step missing for create the environment,
The OS is Ubuntu 22.04.1 LTS.
Because local DNS conflict with network real DNS after running docker compose build it has to disable local resolution service with:
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
then run docker compose up -d
Noted that PC is not able to access internet.
docker compose file is:
services:
nginx:
build:
context: ./nginx/
ports:
- 80:80
volumes:
- ./nginx/html/:/usr/share/nginx/html/
- ./nginx/conf.d/:/etc/nginx/conf.d/
dns:
build:
context: ./dns/
restart: always
ports:
- 53:53
- 53:53/udp
volumes:
- ./dns/named.conf:/etc/bind/named.conf
- ./dns/zone/:/etc/bind/zone/
command: named -c /etc/bind/named.conf -g -u named
the structure and files for environment are:
the file details in services DNS:
Dockerfile file:
FROM alpine:latest
RUN apk add bind openrc
RUN rc-update -u named
named.conf file:
options {
directory "var/bind";
allow-transfer { "none"; };
allow-query { any; };
listen-on { any; };
};
zone "main.com" IN {
type master;
file "/etc/bind/zone/main.com";
};
zone "secondary.com" IN {
type master;
file "/etc/bind/zone/secondary.com";
};
dns/zone/main.com file:
$TTL 86400
# IN SOA ns.main.com. hostmaster.main.com. (
202 ; Serial
600 ; Refresh
3600 ; Retry
1209600) ; Expire
; 3600) ; Negative Cache TTL
# IN NS ns.main.com.
ns IN A 127.0.0.1
dns/zone/secondary.com file:
$TTL 86400
# IN SOA ns.secondary.com. hostmaster.secondary.com. (
202 ; Serial
600 ; Refresh
3600 ; Retry
1209600) ; Expire
;3600) ; Negative Cache TTL
# IN NS ns.secondary.com.
ns IN A 127.0.0.1
-- NGINX service:
Dockerfile file:
FROM nginx:latest
COPY ./html /usr/share/nginx/html
RUN apt-get update && apt-get install -y procps
nginx/conf.d/default.conf file:
server {
listen 80;
server_name main.com ns.main.com *.main.com;
location / {
root /usr/share/nginx/html/main;
index index.html;
}
}
server {
listen 80;
server_name secondary.com ns.secondary.com *.secondary.com;
location / {
root /usr/share/nginx/html/secondary;
index index.html;
}
}
nginx/html/main/index.html file:
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Docker Nginx</title>
</head>
<body>
<h2>Hello from Nginx container!</h2>
</body>
</html>
nginx/html/secondary/index.html file:
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Docker Nginx</title>
</head>
<body>
<h2>Hello from secondary</h2>
</body>
</html>
for access internet again it needs to rollback commands and deactivat/activate network/WIFI with:
sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved
Thanks in advance
When we do not disable systemd-resolved service, our PC goes to internet, because my domain name test is not registed then from outside our PC does not receive any resolved IP to routing packages so SERVFAIL is displayed.
Once we disable systemd-resolved we could access to local DNS service dockerized however locally DNS is solved with file in /etc/resolv.conf which has this default content:
nameserver 127.0.0.53
options edns0 trust-ad
search .
Since PC cannot resolved nslookup command, temporized and failed because server could not be reached, it is dockerized in localhost.
My solution during test is:
Disable local resolution service.
Add localhost to /etc/resolv.conf
nameserver 127.0.0.1
nameserver 127.0.0.53
options edns0 trust-ad
search .
Add localhost and external DNS to interface edns0 (WIFI in my case) for having external DNS resolution too.
Deactivate/activate interface.
nslookup is OK and my APP in docker compose NGINX service is reacheable.
Once I finish my work I can enable systemd-resolved and deactive and active interface. Also PC back to default once it is booting.
My architecture is as follows:
2 docker-dev-1 and docker-dev-2 nodes in a docker-dev VPC
2 docker-internal-1 and docker-internal-2 nodes in a docker-internal VPC
The firewall allows tcp:2377, 7946, udp:4789, 7946, esp as documented here
All of them are masters in order to facilitate testing for the moment. Docker version is 20.10.16. All the instances are exactly the same (packages, configuration...).
Currently I have a flask/jinja application running on docker-dev-X.
To connect to the database, the app passes by a reverse proxy which redirects the streams that arrives on port 3306 (MySQL) to a Cloud SQL instance of the docker-internal VPC.
The flask application is exposed via a reverse proxy that listens on port 8082.
Here is the docker daemon.json configuration:
{
"mtu": 1454,
"no-new-privileges": true
}
Everything works fine when I have only one docker-dev. However, as soon as I add the docker-dev-2 node, all streams with a large output passing through docker-dev-2 do not work.
Let me explain:
On docker-dev-1 :
dev#docker-dev-1:~$ curl localhost:8082/health
Ok
# With a heavier page
dev#docker-dev-1:~$ curl localhost:8082/auth/login
<!DOCTYPE html>
<html lang="en_GB">
<head>
... # Lots of HTMLs
</html>
No problem everything is working fine.
On docker-dev-2 :
dev#docker-dev-2:~$ curl localhost:8082/health
Ok
dev#docker-dev-2:~$ curl -I localhost:8082/health
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 May 2022 12:34:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
...
# With a heavier page
devdocker-dev-2:~$ curl localhost:8082/auth/login
^C # Timeout
# Same curl but shows only header
dev#docker-dev-2:~$ curl -I localhost:8082/auth/login
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 May 2022 10:43:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 222967 # Long Content-Length
Connection: keep-alive
...
As you can see, when I try to curl the /health --> No problem
When I try to curl /auth/login --> The request timeout, I have no answer
When I try to curl /auth/login to show only headers --> The request works
In a container, everything is working fine, on docker-dev-1 and on docker-dev-2 :
dev#docker-dev-2:~$ docker run -it --rm --name debug --network jinja_flask_network nicolaka/netshoot bash
bash-5.1# curl reverse_proxy_nginx/health:8082
Ok
bash-5.1# curl reverse_proxy_nginx:8082/auth/login
<!DOCTYPE html>
<html lang="en_GB">
<head>
... # Lots of HTMLs
</html>
So the problem doesn't seem to be in docker network.
The problem seems to be when the request output is too long.
I already reduced MTU to 1454 a few months ago to resolve a problem... (Seems to be the same problem but in docker network).
So, when the request is on docker-dev-1 --> No problem, the website is loading normally, But when the request is on docker-dev-2 --> Infinite loading results in a timeout.
I hope I was clear in my explanation, do you have any idea ?
I have a hosted container web app on azure which is working. but for
CI with the Gitlab container registry I need to call the webhook url
in gitlab-ci.yaml file.
when I called the webhook url with postman with POST request it's pulling the latest image for registry. when I made same request
in gitlab-ci.yaml file using curl it's showing an error Access is
denied due to invalid credentials.
$ curl -d -X POST https://$acr-image:SOME_SECRET_KEY#acr-image.scm.azurewebsites.net/docker/hook
curl: (6) Could not resolve host: POST
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
I have a docker container with tcserver on it with the UI of an application on it. I have a second docker container that is also running tcserver, but this one has the applications engine.
I am trying to get these two to talk to each other somehow, because when I access the UI on the web browser it says that it is not connected to the engine. How can I achieve this?
You need to link the new allotted ports of the App Engine container to the UI Container, because the container can only be accessed by other containers through port.
As simple as that:
docker run --name engine -d tcserver-engine
docker run --name lala --link engine:tc-engine -d tcserver-ui
Inside lala container you can get engine container using the selected alias, in this example tc-engine
Use name and link in your docker run command or docker-compose.yml file?
docker run -ti --name server1 -p 8111:8111 ikamman/docker-tc-server
docker run -ti --name server2 --link server1 -p 8112:8111 ikamman/docker-tc-server
docker exec server2 curl server1:8111
Will return like this:
$ docker exec server2 curl server1:8111
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3546 0 3546 0 0 3290 0 --:--:-- 0:00:01 --:--:-- 3292
<!--
Page: maintenance-welcome
Stage: FIRST_START_SCREEN
State revision: 12
Timestamp: Wed Jul 27 20:30:06 UTC 2016
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>TeamCity Maintenance — TeamCity</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="application-name" content="TeamCity"/>
<meta name="description" content="Powerful Continuous Integration and Build Server"/>
<link rel="icon" href="/img/icons/TeamCity512.png" sizes="512x512"/>