I'm trying to pull a docker image from our insecure private docker registry. But it fails with below given error.
Environment:-
Ubuntu 20.04.4 LTS
Docker version 20.10.16, build aa7e414
$ cat /etc/docker/daemon.json
{
"insecure-registries": ["private-registry:8080"]
}
Problem:-
$ docker pull private-registry:8080/docker/image/linux:1.1
Error response from daemon: received unexpected HTTP status: 502 Bad Gateway
$ sudo systemctl status docker.service
May 31 07:49:58 server-1 dockerd[3596]: time="2022-05-31T07:49:58.200818890+05:30" level=warning msg="Error getting v2 registry: Get \"https://private-registry>
May 31 07:49:58 server-1 dockerd[3596]: time="2022-05-31T07:49:58.200866976+05:30" level=info msg="Attempting next endpoint for pull after error: Get \">
May 31 07:49:58 server-1 dockerd[3596]: time="2022-05-31T07:49:58.208355568+05:30" level=info msg="Attempting next endpoint for pull after error: receiv>
May 31 07:49:58 server-1 dockerd[3596]: time="2022-05-31T07:49:58.211891361+05:30" level=error msg="Handler for POST /v1.41/images/create returned error>
Any help will be appreciated to solve this problem. thanks!
Problem solved after rebooting our docker private registry server.
Related
I've been following the instructions to set up a Proxy Repository for Docker. I am intending to set up a proxy for Docker hub, that is for https://index.docker.io/.
My setup details on Nexus
Nexus version 3.36.0-01
Installed via docker-compose
Generated/installed self-signed cert
Using built-in https/jetty, NOT reverse proxy
http listening on port 80
https listening on port 443
My setup details on Nexus docker proxy repo
Configured for https, port 8443
Proxy remote storage: https://registry-1.docker.io
Proxy docker index: "use docker hub", pre-filled as https://index.docker.io/
Allowing anonymous docker pull
Enabled Docker Bearer Token Realm
Enabled docker v1 API
Enabled foreign layer caching
My setup details on Ubuntu docker client
Trusted self-signed cert in /etc/docker/certs.d
Trusted self-signed cert in /usr/local/share/ca-certificates + update-ca-certificates
Enabled Docker daemon debugging in /etc/docker/daemon.json
Enabled Docker proxy via httpsProxy in /home/myuser/.docker/config.json
Enabled Docker proxy via httpsProxy in /etc/systemd/system/docker.service.d/https-proxy.conf, reloaded/restarted Docker daemon
My test from the client
docker pull hello-world:latest
returns error Error response from daemon: Get https://registry-1.docker.io/v2/: Bad Request
In debug logs:
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.190545462Z" level=debug msg="Calling HEAD /_ping"
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.190878019Z" level=debug msg="Calling GET /v1.40/info"
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.213218413Z" level=debug msg="Calling POST /v1.40/images/create?fromImage=hello-world&tag=latest"
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.213290250Z" level=debug msg="Trying to pull hello-world from https://registry-1.docker.io v2"
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.234803592Z" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: Bad Request"
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.234865780Z" level=info msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: Bad Request"
Nov 17 22:53:17 myclient dockerd[20160]: time="2021-11-17T22:53:17.234976364Z" level=error msg="Handler for POST /v1.40/images/create returned error: Get https://registry-1.docker.io/v2/: Bad Request"
Next Steps
I'm watching the logs on the server while this is happening. It shows no errors. However the client side seems to indicate the request is partly working.
I tried increasing org.apache.http.wire to DEBUG as per this other SO question/answer, but that also showed nothing.
How do I continue debugging?
If you examine the docker output you’ll notice it isn’t going to nexus, it is making the request to https://registry-1.docker.io. To pull from Nexus you need to prepend the host and port to the pull request.
docker pull hostname:8443/hello-world:latest
There isn’t any way in docker to have it default to a private registry btw, so you’ll always need to prepend host:port.
Tried raising this on GitHub but the Traefik bot doesn't think it is a bug:
What did you do?
Attempted to pull latest Docker image from DockerHub via Docker Compose and bring up the container
Ubuntu 18.04.1 (Kernel 4.15.0-42-generic)
What did you expect to see?
Successful start of Traefik container
What did you see instead?
Failed to start Traefik container
ERROR: for traefik Cannot start service traefik: OCI runtime create failed: sysctl "kernel.domainname" is not in a separate kernel namespace: unknown
Output of traefik version: (What version of Traefik are you using?)
Version: v1.7.6
Codename: maroilles
Go version: go1.11.3
Built: 2018-12-14_06:43:37AM
OS/Arch: linux/amd64
If applicable, please paste the log output in DEBUG level (--logLevel=DEBUG switch)
time="2018-12-16T08:44:09Z" level=error msg="vulcand/oxy/forward/websocket: Error when copying from backend to client: websocket: close 1006 (abnormal closure): unexpected EOF"
time="2018-12-16T09:06:09Z" level=error msg="vulcand/oxy/forward/websocket: Error when copying from backend to client: websocket: close 1006 (abnormal closure): unexpected EOF"
time="2018-12-16T09:28:00Z" level=error msg="vulcand/oxy/forward/websocket: Error when copying from backend to client: websocket: close 1006 (abnormal closure): unexpected EOF"
time="2018-12-17T11:56:28Z" level=error msg="vulcand/oxy/forward/websocket: Error when copying from client to backend: websocket: close 1006 (abnormal closure): unexpected EOF"
It would appear that the latest version of Traefik has deprecated the domainname parameter.
Removing this setting from Docker Compose allowed me to pull the latest image and bring up the container.
We are trying to set up a Docker repository in Nexus OSS (v3.3.2-02) in a Kubernetes cluster, and having issues logging in to it. We are intending to have a proxy set up for DockerHub, a private repo, and a group repo to tie the two together, using the below configurations
Hosted
Proxy
Group
giving us the following list:
But when I try to log in to the repository, it appears it's trying to forward me to a /v2 endpoint, which is throwing a 404 error:
> docker login -u <user> -p <pass> https://repo.myhost.com:443
Error response from daemon: login attempt to https://repo.myhost.com:443/v2/ failed with status: 404 Not Found
I would like to add that we have Maven and NPM repositories set up in this same instance and they're working, so it appears Nexus itself is OK, but there's something wrong with the Docker configuration.
I don't know why this request is trying to send me to the /v2 endpoint when trying to log in. What am I missing?
Docker requires very specific URL layout and does not allow for any context URL hence the need for Docker connectors to allow Docker client to connect to NXRM. Your screenshot shows you have configured Docker connector for your Docker hosted repository on port 444, but your terminal capture shows you're attempting to connect on port 443 which isn't your Docker connector port. The error message you have suggest your NXRM server indeed runs on port 443, but because of how Docker works you need to access it using port 444. Please try: docker login -u <user> -p <pass> https://repo.myhost.com:444 so it attempts to use your Docker connector port. Also, it's always a good idea to run the latest version of Nexus.
In an experiment I just ran (docker-machine, virtualbox, macOS), when the server was 1.13.1 (as was the docker cli), it made a graceful degradation from /v2 down to /v1, like so:
level=debug msg="Calling GET /_ping"
level=debug msg="Calling GET /v1.26/version"
level=debug msg="Calling GET /_ping"
level=debug msg="Calling GET /v1.26/version"
level=debug msg="Calling GET /_ping"
level=debug msg="Calling GET /v1.26/info"
level=debug msg="Calling POST /v1.26/auth"
level=debug msg="attempting v2 login to registry endpoint https://192.168.2.103:9999/v2/"
level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.2.103:9999/v2/: EOF"
level=debug msg="attempting v1 login to registry endpoint https://192.168.2.103:9999/v1/"
level=info msg="Error logging in to v1 endpoint, trying next endpoint: Get https://192.168.2.103:9999/v1/users/: dial tcp 192.168.2.103:9999: getsockopt: connection refused"
level=error msg="Handler for POST /v1.26/auth returned error: Get https://192.168.2.103:9999/v1/users/: dial tcp 192.168.2.103:9999: getsockopt: connection refused"
but after I upgraded the server to 17.06.0-ce (still with 1.13.1 cli), it only attempted /v2 and then quit:
level=debug msg="Calling GET /_ping"
level=debug msg="Calling GET /_ping"
level=debug msg="Calling GET /v1.30/version"
level=debug msg="Calling GET /_ping"
level=debug msg="Calling GET /v1.30/info"
level=debug msg="Calling POST /v1.30/auth"
level=debug msg="attempting v2 login to registry endpoint https://192.168.2.103:9999/v2/"
level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.2.103:9999/v2/: tls: oversized record received with length 21584"
level=error msg="Handler for POST /v1.30/auth returned error: Get https://192.168.2.103:9999/v2/: tls: oversized record received with length 21584"
So the answer appears to be that one either needs to teach Nexus to respond correctly to the /v2 endpoints (as it really should be doing already), or downgrade the dockerd back down to a version that speaks the /v1 api if that is the behavior you're after
Not sure if this is going to help, but the browser based URL does not have port number in it, and could login with my credentials. Example browser based URL below.
https://nexus.mysite.net/
However I had to key in the following
docker login -u -p https://nexus.mysite.net/
I am greeted with the following
Error response from daemon: login attempt to https://nexus.mysite.net/v2/ failed with status: 404 Not Found
Giving the right port number did not show up the above error and I could login from the CLI as follows.
docker login -u the-user-name -p the-password https://nexus.mysite.net:7000
(in my case the correct port number was 7000).
Hope this helps.
i can't save my docker images, when i try to save a container, it fails:
Error response from daemon: chtimes /var/lib/docker/tmp/docker-export-616188241/947b32c6be7d631920d03730a39f6878b18bd6fad548baf5a0cf8fd59e34ef7f: invalid argument
here is docker log:
time="2016-04-28T11:25:29.819354407+04:30" level=info msg="GET /v1.21/images/get?names=jenkins"
time="2016-04-28T11:25:30.001454111+04:30" level=error msg="Handler for GET /v1.21/images/get returned error: chtimes /var/lib/docker/tmp/docker-export-206252912/2f86385bd2bb77c88bcbefdb8d9b69824b5b16e419fc6023462312df97451b01: invalid argument"
time="2016-04-28T11:25:30.001689438+04:30" level=error msg="HTTP Error" err="chtimes /var/lib/docker/tmp/docker-export-206252912/2f86385bd2bb77c88bcbefdb8d9b69824b5b16e419fc6023462312df97451b01: invalid argument" statusCode=500
the same problem was reported in docker github and the solution was adding validate timestamp, but i don't know how to do that and i can't find a way, my kernel is updated. and docker version is 1.9.1
what is the problem?
Considering issue 20324, try first to:
upgrade docker to 1.11 (on CentOS)
run your container again
try and save it to see if the issue persists
I've installed Docker Toolbox in Windows 8.1 and have been following the installation tutorial. When getting to the step where you create and push your own image, I got this error when I attempted to run docker login ... .
### VIA Docker Quickstart Terminal
### docker login --username=myuser --password="mypass" --email=myemail#gmail.com
time="2015-11-17T03:20:58.160803558Z" level=debug msg="Calling POST /v1.21/auth"
time="2015-11-17T03:20:58.160838971Z" level=info msg="POST /v1.21/auth"
time="2015-11-17T03:20:58.169033324Z" level=debug msg="hostDir: /etc/docker/certs.d/https:/registry-win-tp3.docker.io/v1"
time="2015-11-17T03:20:58.169071565Z" level=debug msg="pinging registry endpoint https://registry-win-tp3.docker.io/v1/"
time="2015-11-17T03:20:58.169084660Z" level=debug msg="attempting v1 ping for registry endpoint https://registry-win-tp3.docker.io/v1/"
time="2015-11-17T03:20:58.898542338Z" level=debug msg="Error unmarshalling the _ping PingResult: invalid character '<' looking for beginning of value"
time="2015-11-17T03:20:58.898803841Z" level=debug msg="PingResult.Version: \"\""
time="2015-11-17T03:20:58.898818084Z" level=debug msg="Registry standalone header: ''"
time="2015-11-17T03:20:58.898836197Z" level=debug msg="PingResult.Standalone: true"
time="2015-11-17T03:20:58.898853685Z" level=debug msg="attempting v1 login to registry endpoint https://registry-win-tp3.docker.io/v1/"
time="2015-11-17T03:20:59.478756938Z" level=error msg="Handler for POST /v1.21/auth returned error: Unexpected status code [403] : <html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n\n"
time="2015-11-17T03:20:59.478815334Z" level=error msg="HTTP Error" err="Unexpected status code [403] : <html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n\n" statusCode=500
Trying to solve the issue, I tried running docker login ... from within the Docker default VM. And there it works!
### VIA default virtual machine (192.168.99.100)
### docker login --username=myuser --password="mypass" --email=myemail#gmail.com https://index.docker.io/v1/
time="2015-11-17T03:20:46.053333255Z" level=debug msg="Calling POST /v1.21/auth"
time="2015-11-17T03:20:46.053404176Z" level=info msg="POST /v1.21/auth"
time="2015-11-17T03:20:46.082796012Z" level=debug msg="hostDir: /etc/docker/certs.d/https:/index.docker.io/v1"
time="2015-11-17T03:20:46.082930763Z" level=debug msg="pinging registry endpoint https://index.docker.io/v1/"
time="2015-11-17T03:20:46.082946790Z" level=debug msg="attempting v1 ping for registry endpoint https://index.docker.io/v1/"
time="2015-11-17T03:20:46.082959103Z" level=debug msg="attempting v1 login to registry endpoint https://index.docker.io/v1/"
I notice that they're using two different URLs and that the first one encounters a parsing error. The credentials are obviously correct since they work from within the VM, unless the two domains don't share users. Are the URLs or the response being mangled by MINGW64?
Update February 2016
PR 19891 "Enable cross-platforms login to Registry" is supposed to fixed the issue
Use a daemon-defined Registry URL for docker login.
This allows a Windows client interacting with a Linux daemon to properly use the default Registry endpoint instead of the Windows specific one.
It is in commit 19eaa71 (maybe for docker 1.10?)
This is reported both in docker/docker issue 15612 and docker/docker issue 18019
After some analysis of the source code I’ve detected that we have different registry URLs for Windows and UNIX.
Windows: https://registry-win-tp3.docker.io/v1/
Unix: https://index.docker.io/v1/
The Windows url comes from a recent PR 15417 with the comment:
// Currently it is a TEMPORARY link that allows Microsoft to continue
// development of Docker Engine for Windows.
So it is possible this url won't work (unless you are on a very recent Windows Server 2016)
There seems to be a workaround in docker/hub-feedback issues 473, which involves:
specifying the default index registry of docker io,
docker login --username=myuser --password=mypassword --email=myemail https://index.docker.io/v1/
WARNING: login credentials saved in C:\Users\myuser\.docker\config.json
Login Succeeded
modifying the config.json file created by the previous step, in order to add the same credentials for index.docker.io for the registry-win:
config.json:
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "myhash",
"email": "myemail"
},
"https://registry-win-tp3.docker.io/v1/": {
"auth": "myhash",
"email": "mydomain"
}
}
}
After that, a docker push index.docker.io/myuser/myrepo:latest does work.