When performing a docker push I notice that the docker engine makes many network requests to my private registry and each request establishes a
new TCP/IP connection to the registry and establishes a new HTTPS (TLS) connection and tears it down after the response is received.
This seems like a lot of overhead, is there any way to keep the HTTP connection open such that one TCP/IP connection is used for one push operation? I found the --max-concurrent-uploads option for dockerd but setting that to one simply forces the connections to be sequential (it still connects and disconnects to the registry multiple times during one push operation).
For example, from my client I issue the command:
$ docker push myregistryserver:5000/myimage The push refers to a repository [myregistryserver:5000/myimage] 5f70bf18a086: Pushed 7ec0e0cc3ce5: Pushed 5d7fac3611f2: Pushed 60ab55d3379d: Pushed latest: digest: sha256:0a39a08cd3348c4ef9a2041fb53a0c71a05ede21a8a979bf7ea2f0ddc1fe
df73 size: 13614
During that operation I see 35 TCP/IP connections.
Every request has the “Connection: Close” HTTP header on it and the connection is closed by the docker engine when the request is complete.
For example one request is:
HEAD /v2/base1/blobs/sha256:00d19003217b69eca457158912c38a2ab5f6ae78a99c2512d2e56696248c3cf3 HTTP/1.1 Host: myregistryserver:5000 User-Agent: docker/17.03.0-ce go/go1.7.5 git-commit/3a232c8 kernel/4.4.52-boot2docker os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \(windows\)) Authorization: Basic <snip>== Connection: close
And response is:
HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Set-Cookie: JSESSIONID=7AE8446BA990B9964E3A613C9E5B7FEE; Path=/; HttpOnly X-Application-Context: application:5000 Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Wed, 21 Jun 2017 16:20:49 GMT Connection: close
Following this the connection is closed, then I get a new connection and another HEAD operation.
Why not keep the connection open and send the second HEAD request down the same TCP/IP connection (this is HTTP 1.1 so connections can be kept alive). Maybe there is an option to make Docker do this that I am not aware of?
Any help much appreciated.