Determining upload URL: parse "“https”..... first path segment in URL cannot contain colon

General
1

Hi guys.
I’m trying my local private registry but I fail:

-> $ podman push containers.mine.priv/dupa-kupa
Getting image source signatures
Copying blob e9702d2f3f11 [--------------------------------------] 8.0b / 2.0KiB | 2.0 MiB/s
...
Copying blob 81cbb519fcf1 [--------------------------------------] 8.0b / 2.5KiB | 3.1 MiB/s
Error: writing blob: determining upload URL: parse "“https”://containers.mine.priv/v2/dupa-kupa/blobs/uploads/86305117-1a9b-44cc-916c-624f7fc96530?_state=TTgcU9klTQDdsGG9_Nf5IjlC7sGcpxP1Db8zKW1zslt7Ik5hbWUiOiJkdXBhLWt1cGEiLCJVVUlEIjoiODYzMDUxMTctMWE5Yi00NGNjLTkxNmMtNjI0ZjdmYzk2NTMwIiwiT2Zmc2V0IjowLCJTdGFydGVkQXQiOiIyMDI2LTAzLTE2VDE3OjQ1OjMxLjIwNTM3NjgxMVoifQ%3D%3D": first path segment in URL cannot contain colon

I use Apache for reverse proxy, which I think does work:

-> $ curl https://containers.mine.priv/v2/_catalog
{"repositories":[]}

Do you know what might be not working or working wrong?

A snippet of registry’s log:

10.9.4.8 - - [16/Mar/2026:17:49:37 +0000] "HEAD /v2/dupa-kupa/blobs/sha256:1e0cb9b967b0f70896c70e46df9aa572dee6f2ce7f10ff25c357cc0b4d453413 HTTP/1.1" 404 157 "" "containers/5.39.1 (github.com/containers/image)" INFO[0286] response completed go.version=go1.20.8 http.request.host=containers.mine.priv http.request.id=c1878dff-2f9c-40e4-99b3-4056e81c326e http.request.method=POST http.request.remoteaddr=10.1.1.101 http.request.uri="/v2/dupa-kupa/blobs/uploads/" http.request.useragent="containers/5.39.1 (github.com/containers/image)" http.response.duration=29.155461ms http.response.status=202 http.response.written=0
10.9.4.8 - - [16/Mar/2026:17:49:37 +0000] "POST /v2/dupa-kupa/blobs/uploads/ HTTP/1.1" 202 0 "" "containers/5.39.1 (github.com/containers/image)"
ERRO[0286] response completed with error err.code="blob unknown" err.detail=sha256:81cbb519fcf1da945c3ae175dfb7ebafdde2f3dd4d052680b6b5cb84ac8d5180 err.message="blob unknown to registry" go.version=go1.20.8 http.request.host=containers.mine.priv http.request.id=746d7c5b-db0a-4552-9b6f-d2e25ab3c2b2 http.request.method=HEAD http.request.remoteaddr=10.1.1.101 http.request.uri="/v2/dupa-kupa/blobs/sha256:81cbb519fcf1da945c3ae175dfb7ebafdde2f3dd4d052680b6b5cb84ac8d5180" http.request.useragent="containers/5.39.1 (github.com/containers/image)" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.041414ms http.response.status=404 http.response.written=157 vars.digest="sha256:81cbb519fcf1da945c3ae175dfb7ebafdde2f3dd4d052680b6b5cb84ac8d5180" vars.name=dupa-kupa

All thoughts shared are much appreciated.
many thanks, L.

1 Like
2

Can you reproduce the issue with Docker as well? This is a Docker community forum but you are using podman so it is hard to tell whether it is a general registry issue or podman issue.

What are you using for your private registry? Just the registry image or something like Harbor?

I just searched for the error message about parsing URL and the first result is another podman issue

3

This is RHEL/Centos and from what I gathered, no docker there, not officially and unofficially - that would also defeat the purpose, similarly many would say… ehh.. not supported.
Complete bits to reproduce - this is on Centos 10:

-> $ { export _NAME=containers.mine.priv; export _PATH=/00-REPOs/container.repo/; echo; }; podman run -dt --restart=always --volume ${_PATH}/certs:/certs --volume ${_PATH}/auth:/auth --volume $_PATH/registry:/var/lib/registry --publish 10.9.4.8:8443:443 -e ENVIRONMENT=production -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/containers.mine.priv.crt -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_KEY=/certs/containers.mine.priv.key --name ${_NAME} docker.io/library/registry:2

But I’ve tried - with the same results - registry:3
Here is Apache’s proxy:

-> $ cat containers.mine.priv.isOn 

<VirtualHost containers.mine.priv:443>
  ServerAdmin webdev@lemko.xyz
  ServerName containers.mine.priv

  ErrorLog /var/log/httpd/containers.mine.priv_80-error_log
  CustomLog /var/log/httpd/containers.mine.priv_80-access_log common

  SSLProxyEngine  on
  SSLProxyVerify  none

  SSLProxyCACertificateFile /etc/ipa/ca.crt
  SSLCertificateFile      /etc/pki/tls/certs/containers.mine.priv.crt
  SSLCertificateKeyFile   /etc/pki/tls/private/containers.mine.priv.key

  RequestHeader set X-Forwarded-Proto “https”
  RequestHeader set X-Forwarded-Port “443”

  #Header set Host "containers.mine.priv"
  #Header set "Docker-Distribution-Api-Version" "registry/2.0"

  ProxyPreserveHost on
  ProxyPass         / https://10.9.4.8:8443/
  ProxyPassReverse  / https://10.9.4.8:8443/

</VirtualHost>

I do not have, not at hand, an OS which officially supports docker to test/reproduce.

4

Ah… to fellow “podmanians” (seems sometimes I need different font, different background as opposed to terminal to see obvious things clearly) simple fix is(though the verdict is rushed and more testing is healthier)…

  RequestHeader set X-Forwarded-Proto “https”
  RequestHeader set X-Forwarded-Port “443”

  RequestHeader set X-Forwarded-Proto https
  RequestHeader set X-Forwarded-Port 443
1 Like