Docker makes many network connections to private registry

General Discussions General
1

Hi,

When performing a docker push I notice that the docker engine makes many network requests to my private registry and each request establishes a

new TCP/IP connection to the registry and establishes a new HTTPS (TLS) connection and tears it down after the response is received.

This seems like a lot of overhead, is there any way to keep the HTTP connection open such that one TCP/IP connection is used for one push operation? I found the --max-concurrent-uploads option for dockerd but setting that to one simply forces the connections to be sequential (it still connects and disconnects to the registry multiple times during one push operation).

For example, from my client I issue the command:

$ docker push myregistryserver:5000/myimage
The push refers to a repository [myregistryserver:5000/myimage]
5f70bf18a086: Pushed
7ec0e0cc3ce5: Pushed
5d7fac3611f2: Pushed
60ab55d3379d: Pushed
latest: digest: sha256:0a39a08cd3348c4ef9a2041fb53a0c71a05ede21a8a979bf7ea2f0ddc1fe

df73 size: 13614

During that operation I see 35 TCP/IP connections.
Every request has the “Connection: Close” HTTP header on it and the connection is closed by the docker engine when the request is complete.
For example one request is:

HEAD /v2/base1/blobs/sha256:00d19003217b69eca457158912c38a2ab5f6ae78a99c2512d2e56696248c3cf3 HTTP/1.1
Host: myregistryserver:5000
User-Agent: docker/17.03.0-ce go/go1.7.5 git-commit/3a232c8 kernel/4.4.52-boot2docker os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \(windows\))
Authorization: Basic <snip>==
Connection: close

And response is:

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Set-Cookie: JSESSIONID=7AE8446BA990B9964E3A613C9E5B7FEE; Path=/; HttpOnly
X-Application-Context: application:5000
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 21 Jun 2017 16:20:49 GMT
Connection: close

Following this the connection is closed, then I get a new connection and another HEAD operation.
Why not keep the connection open and send the second HEAD request down the same TCP/IP connection (this is HTTP 1.1 so connections can be kept alive). Maybe there is an option to make Docker do this that I am not aware of?

Any help much appreciated.