Docker for Windows Artifactory Mirror

Hi all

We are using Docker at work and have come to a small issue and not sure if it because of our setup or if its a bug with Docker.

First of all we setup a Registry mirror in Artifactory, which seems to be working ok.

some of our users have had access to the public docker registry blocked by the firewall, for reasons.

when these users attempt to pull images down that have configured and logged into the mirror registry they cannot get them, they receive a TLS handshake timeout error.

users that do have access to the public registry do not get this and everything works as expected.

Main question is this…

When configured and logged into a registry mirror do you need access to the public registry directly? To be clear our Artifactory mirror registry does have access to the public registry

hey @TechMachineX
from image it seems, you are trying to get base image `docker/compose:1.23.2 from dockerhub( registry-1.docker.io/v2/).
So basically docker first tries to get image locally. If not found, then goes to dockerhub. And since it was not accessible for first users, it was showing timeout from those users.

Thanks @nitishmowall
So you are saying even though this user has a correctly configured a Registry Mirror (to our internal Artifactory) it will still go to the public registry?

I would have thought as these images are all in our internal registry, it would get them from there. Maybe I’m just not understanding the idea behind the registry mirror setting?

hey @TechMachineX
can you check that you have or not have the image on the registry mirror to clear all the doubt ?

yea, we have a number of images.

I think I may need to also look at Artififactory, something odd just happened and I’m not 100% sure if it was something I did or not.

ok please check and do share your finding

Looks like our internal Artifactory is having trouble making connection to Docker Hub (read timeouts) caused by our internet filter and disabling its own mirror capabilities,

Docker for Windows is then falling back to what I assume is built in defaults and attempts to get the image directly from Docker Hub.

That’s fine for our users that have Docker Hub access, as they will at least get the image. but will fail for those that have been blocked.

ok now you know what was the reason
thanks for sharing