Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to push to harbor image with http

See original GitHub issue


  • Jib version: 1.5.0
  • Build tool: Gradle
  • OS: Mac OSX
  • Repository: Harbor

Description of the issue:

I have insecure harbor registry for now and trying to push it and pushing it with property sendCredentialsOverHttp=true but push always times out

Expected behavior:

Should be able to push

Steps to reproduce:

/gradlew jib -DsendCredentialsOverHttp=true -Djib.console=plain

jib-gradle-plugin Configuration:

jib {
    to {
        allowInsecureRegistries = true        
        tags = ['latest', '1.0.0-SNAPSHOT']
        auth {
            username = 'xyz'
            password = 'xyz'
    container {
        ports = ['8080']
        mainClass = "$mainClassName"
        args = ["run", mainVerticleName, "-conf staging.json"]
        jvmFlags = ['-Dvertx.logger-delegate-factory-class-name=io.vertx.core.logging.Log4j2LogDelegateFactory']


Log output:

➜ ./gradlew jib -DsendCredentialsOverHttp=true -Djib.console=plain
Starting a Gradle Daemon, 1 busy and 1 incompatible Daemons could not be reused, use --status for details

> Task :jib
Authentication over HTTP is enabled. It is strongly recommended that you do not enable this on a public network!

Containerizing application to,,
Retrieving registry credentials for
Getting base image
Building dependencies layer...
Building project dependencies layer...
Building resources layer...
Building classes layer...

> Task :jib FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':jib'.
> Connect to [,] failed: Operation timed out (Connection timed out)

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at

Deprecated Gradle features were used in this build, making it incompatible with Gradle 6.0.
Use '--warning-mode all' to show the individual deprecation warnings.

BUILD FAILED in 2m 40s
8 actionable tasks: 1 executed, 7 up-to-date

Additional Information:

Push works fine with docker command-line

docker tag xyz:1.0.0-SNAPSHOT

docker push

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:26 (15 by maintainers)

github_iconTop GitHub Comments

chanseokohcommented, Aug 22, 2019

@raizoor both the default connection timeout and the read timeout are set to 20 seconds by default (configurable with -Djib.httpTimeout), so I’m actually confused why it isn’t enforced.

I did an investigation, and I think it is the bug in recent Google HTTP Client versions that does not honor the given connection timeout. (Haven’t tested read timeout yet.) Jib 1.5.0 is affected, and I am positive that the timeout will work correctly on 1.4.0.

chanseokohcommented, Aug 21, 2019

@riyaz looked at your last log. No wonder it takes > 20 minutes (with 1.5.0). At least it is indeed working but very inefficient because Jib first tries HTTPS (port 443) before trying HTTP (port 80) for every access to your registry. And this HTTPS-to-HTTP failover can happen only when the HTTPS attempt times out. The log shows that the timeout is about 75 seconds. That is, for every HTTP request Jib makes to your registry, it first has to wait for ~75 seconds. But I do see that the plain http:// is very fast.

22:11:01.880 [INFO] [] -------------- REQUEST  --------------

22:12:17.265 [INFO] [org.gradle.api.Task] Failed to connect to over HTTPS. Attempting again with HTTP:
22:12:17.269 [INFO] [] -------------- REQUEST  --------------

22:12:17.269 [INFO] [] curl -v --compressed -H 'Accept: ' -H 'Accept-Encoding: gzip' -H 'User-Agent: jib 1.5.0 jib-gradle-plugin Google-HTTP-Java-Client/1.30.0 (gzip)' -- ''
22:12:17.484 [INFO] [] -------------- RESPONSE --------------
HTTP/1.1 401 Unauthorized
Date: Wed, 21 Aug 2019 16:42:17 GMT

22:12:17.500 [INFO] [] -------------- REQUEST  --------------

22:12:17.500 [INFO] [] curl -v --compressed -H 'Accept: */*' -H 'Accept-Encoding: gzip' -H 'Authorization: <Not Logged>' -H 'User-Agent: jib 1.5.0 jib-gradle-plugin Google-HTTP-Java-Client/1.30.0 (gzip)' -- ',push'
22:12:17.586 [INFO] [] -------------- RESPONSE --------------
HTTP/1.1 200 OK

That said, if you specify the port :80 in your image reference (e.g.,, I bet it will be very fast, as it will attempt the plain HTTP directly. Later you could add an additional tag using whatever means to have the correct name without the port part (:80). Another dirty hack would be to somehow configure your firewall or network so that any connection attempt to drops immediately as @briandealwis said.

But, I strongly recommend you make the port 443 work as a registry and close the insecure registry at port 80. I’m emphasizing again that by sending credentials over HTTP, anyone in the wild can capture and steal your username and password easily.

I have requested our infra team to setup ssl, meanwhile i have switched to aws ecr for now.

Given that you don’t have a secure registry, ECR seems rather the right choice. I would continue using it, at least until you set up SSL.

Regarding no network logs with gradle, --no-daemon seems to work sometime only, if we downgrade the gradle version to 4.10.3 it always works.

Thanks for the info. It’s good to know. We are baffled too.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Cannot push image v1.10.2 #11673 - goharbor/harbor - GitHub
I can't share the image, but i can tell you its 700MB. I setup Harbor with the Helm chart and using the filesystem...
Read more >
Pulling and Pushing Images in the Docker Client - Harbor docs
In your Docker client is not configured for insecure registries, you will see the following error when you attempt to pull or push...
Read more >
Pushing image to Harbor registry results in error "received ...
When trying to push image to Harbor registry We get the error "received unexpected HTTP status: 500 Internal Server Error"
Read more >
Pushing a Docker image - Amazon ECR - AWS Documentation
You can push your container images to an Amazon ECR repository with the docker push command. Amazon ECR also supports creating and pushing...
Read more >
HTTP API V2 - Docker Documentation
Resumable Push. Company X's build servers lose connectivity to docker registry before completing an image layer transfer. After connectivity returns, the build ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found