Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't push when using frontend as registry

See original GitHub issue

I have the frontend running on 80 and 443, proxying to the registry on 5000. When trying to push an image through the frontend to the registry, i get:

Error parsing HTTP response: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /v2/gitlab-ci/cloud-deploy/blobs/uploads/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.10 (Debian) Server at registry.magic-technik.de Port 80</address>\n</body></html>\n"

I’ve set the following EnvVars:

"ENV_DOCKER_REGISTRY_HOST=172.17.42.1",
"ENV_DOCKER_REGISTRY_PORT=5000",
"ENV_DOCKER_REGISTRY_USE_SSL=",
"ENV_REGISTRY_PROXY_FQDN=registry.example.com",
"ENV_REGISTRY_PROXY_PORT=443",

As a workaround i’m currently sending 80 to the frontend and 443 straight to the registry, but i’d like to use the frontend via HTTPS, too! 😉

Issue Analytics

State:
Created 8 years ago
Comments:12 (5 by maintainers)

Top GitHub Comments

2reactions

jc21commented, May 18, 2017

I’ve just encountered this issue for some strange reason. I pushed one image ok but then I tried to push another from a different server and I got this exact error message. After reading all of this I thought why not just proxy the registry commands straight through 😃 Here’s an nginx config that others might use for reference that works for us.

server {
    listen 80;
    server_name docker.internal;
    client_max_body_size 100M;
    proxy_set_header X-Forwarded-Scheme $scheme;

    # Registry passthrough
    location ~ /v2.* {
       proxy_pass http://127.0.0.1:5000;
    }

    # Frontend
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
}

0reactions

quickshiftincommented, Feb 4, 2018

This is still an issue, however the fix is trivial and I’ve created a PR.

The current Apache config is already setup to proxy all /v2/ requests straight to the registry

  # Proxy all docker REST API registry
  # requests to the docker registry server.

  <IfModule ssl_module>
     SSLProxyEngine on
     # SSLProxyVerify none
     SSLProxyCheckPeerCN off
     SSLProxyCheckPeerName off
  </IfModule>
  ProxyPreserveHost Off
  ProxyPass /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/
  ProxyPassReverse /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/

However, the FRONTEND_BROWSE_ONLY_MODE config that @jangrewe mentioned is prohibiting pushes currently. @kwk - please see my pull request to fix this.

@jc21 No need for nginx, just 3 more lines in the Apache config 😃