|
nginx proxy_cache prevents docker (1.10.2 ) image push to artifactory . August 10, 2016 05:34AM |
Registered: 7 years ago Posts: 1 |
Hi,
We are using Nginx as reverse proxy to push docker images to artifactory.
we recently upgraded to docker engine and when we try to push image we get : Unknown Blob error .
if i comment proxy_cache in configuration , it works .
please help me with the problem :
below is the Nginx configuration :
upstream artifactory_server {
server artifactory:8081;
keepalive 8;
}
proxy_cache_path /opt/oas/nginx/cache levels=1:2 keys_zone=artifactory_cache:10m max_size=70g inactive=30m;
proxy_temp_path /opt/oas/nginx/temp;
server {
listen 443;
server_name dockerlocal.oasdocker.scania.com;
access_log /var/log/nginx/dockerlocal.log;
error_log /var/log/nginx/dockerlocal.error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/dockerlocal.cert;
ssl_certificate_key /etc/nginx/ssl/dockerlocal.com.key;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Authorization "Basic b2FzZG9ja2VyOm9hc2RvY2tlcg==";
proxy_pass_header Server; # To help debugging, list the server that actually did the reply rather than nginx
proxy_read_timeout 900s;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2 {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))).*$" ) {
return 404;
}
proxy_cache artifactory_cache;
proxy_cache_lock on;
proxy_pass http://artifactory_server/artifactory/api/docker/docker-local/v2;
}
}
We are using Nginx as reverse proxy to push docker images to artifactory.
we recently upgraded to docker engine and when we try to push image we get : Unknown Blob error .
if i comment proxy_cache in configuration , it works .
please help me with the problem :
below is the Nginx configuration :
upstream artifactory_server {
server artifactory:8081;
keepalive 8;
}
proxy_cache_path /opt/oas/nginx/cache levels=1:2 keys_zone=artifactory_cache:10m max_size=70g inactive=30m;
proxy_temp_path /opt/oas/nginx/temp;
server {
listen 443;
server_name dockerlocal.oasdocker.scania.com;
access_log /var/log/nginx/dockerlocal.log;
error_log /var/log/nginx/dockerlocal.error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/dockerlocal.cert;
ssl_certificate_key /etc/nginx/ssl/dockerlocal.com.key;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Authorization "Basic b2FzZG9ja2VyOm9hc2RvY2tlcg==";
proxy_pass_header Server; # To help debugging, list the server that actually did the reply rather than nginx
proxy_read_timeout 900s;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2 {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))).*$" ) {
return 404;
}
proxy_cache artifactory_cache;
proxy_cache_lock on;
proxy_pass http://artifactory_server/artifactory/api/docker/docker-local/v2;
}
}
|
Re: nginx proxy_cache prevents docker (1.10.2 ) image push to artifactory . March 27, 2020 04:14PM |
Registered: 4 years ago Posts: 1 |
|
Re: nginx proxy_cache prevents docker (1.10.2 ) image push to artifactory . April 09, 2020 03:54AM |
Registered: 4 years ago Posts: 1 |
Hi,
We faced the same issue lately.
After hanging around, we found that the root cause was the default behavior of the proxy_cache, which converts the HEAD method to GET.
As docker push relies on some HEAD calls (see https://docs.docker.com/registry/spec/api/#pushing-an-image), it fails.
The following post helped us to fixed our configuration: https://serverfault.com/questions/530763/nginx-proxy-cache-key-and-head-get-request/626330
See also http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_convert_head
HTH
We faced the same issue lately.
After hanging around, we found that the root cause was the default behavior of the proxy_cache, which converts the HEAD method to GET.
As docker push relies on some HEAD calls (see https://docs.docker.com/registry/spec/api/#pushing-an-image), it fails.
The following post helped us to fixed our configuration: https://serverfault.com/questions/530763/nginx-proxy-cache-key-and-head-get-request/626330
See also http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_convert_head
HTH
Sorry, only registered users may post in this forum.
Online Users
Guests:
299
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|