Docker Community Forums

Share and learn in the Docker community.

Docker pull from docker.io - error response from daemon: ... read: connection reset by peer

This error is occurring today on an Alpine Linux server that had been working normally for several months. The last time I did a pull was a few weeks ago.

Error:

# docker --log-level debug pull alpine:latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": read tcp 192.168.100.214:37344->23.23.116.141:443: read: connection reset by peer

Details

OS: Alpine Linux v3.13 (3.13.4)
Docker version 20.10.3, build 48d30b5b32e99c932b4ea3edca74353feddd83ff
Current containers are running normally on the server.
There is no proxy server between this server and the internet, only a corporate firewall.
The firewall hasn’t been modified since before docker was installed on this server.
The errors are occurring both before and after an OS update.
I have a CentOS 7 server on the same subnet that is working correctly.
I have confirmed connectivity to the url

# curl "https://registry-1.docker.io/v2/"
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

/var/log/docker.log

time="2021-04-02T13:22:10.881465261-04:00" level=warning msg="Error getting v2 registry: Get \"https_//registry-1.docker.io/v2/\": read tcp 192.168.100.214:59826->35.169.249.115:443: read: connection reset by peer"
time="2021-04-02T13:22:10.881592163-04:00" level=info msg="Attempting next endpoint for pull after error: Get \"https_//registry-1.docker.io/v2/\": read tcp 192.168.100.214:59826->35.169.249.115:443: read: connection reset by peer"
time="2021-04-02T13:22:10.890732936-04:00" level=error msg="Handler for POST /v1.41/images/create returned error: Get \"https_//registry-1.docker.io/v2/\": read tcp 192.168.100.214:59826->35.169.249.115:443: read: connection reset by peer"

(links in log have been modified to avoid new user link posting limit)

How can I troubleshoot this further?

I am getting the same error message as well:

nutanix@k8s-harbor-registry:~/Desktop$ hostnamectl
Static hostname: k8s-harbor-registry
Icon name: computer-vm
Chassis: vm
Machine ID: 3bc5f5582f314a1198abfc1434f4fee0
Boot ID: 3e3aa0a99d5149ef809336e069452c20
Virtualization: vmware
Operating System: Ubuntu 20.04.2 LTS
Kernel: Linux 5.8.0-53-generic
Architecture: x86-64

nutanix@k8s-harbor-registry:~/Desktop$ sudo docker version
Client: Docker Engine - Community
Version: 20.10.6
API version: 1.41
Go version: go1.13.15
Git commit: 370c289
Built: Fri Apr 9 22:47:17 2021
OS/Arch: linux/amd64
Context: default
Experimental: true

Server: Docker Engine - Community
Engine:
Version: 20.10.6
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8728dd2
Built: Fri Apr 9 22:45:28 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0

nutanix@k8s-harbor-registry:~/Desktop$ date; sudo docker run -it busybox; date
Monday 24 May 2021 04:12:39 AM IST
Unable to find image ‘busybox:latest’ locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/library/busybox/manifests/sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff: read tcp 192.168.139.139:55902->52.55.168.20:443: read: connection reset by peer.
See ‘docker run --help’.
Monday 24 May 2021 04:12:42 AM IST

I have installed docker on a VM using VMware workstation. 192.168.139.139 is the custom NAT network that I have added to the VM. VMware workstation version is 16.1.2 build-17966106.

Now, this is not an OS issue as I tried the same on CentOS 7 and CentOS 8.

Troubleshooting done:

1.) Disabled firewall.
2.) Updated DNS to 8.8.8.8
3.) Confirmed that there are no proxy used outside VM.
4.) Confirmed that there are no proxy configured for proxy as well using below command:

sudo systemctl show --property=Environment docker

5.) Journalctl logs does not have much info to troubleshoot further.

"May 24 04:12:42 k8s-harbor-registry dockerd[6687]: time=“2021-05-24T04:12:42.977490444+05:30” level=info msg=“Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/library/busybox/manifests/sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff: read tcp 192.168.139.139:55902->52.55.168.20:443: read: connection reset by peer”
May 24 04:12:42 k8s-harbor-registry dockerd[6687]: time=“2021-05-24T04:12:42.978638390+05:30” level=error msg=“Handler for POST /v1.41/images/create returned error: Get https://registry-1.docker.io/v2/library/busybox/manifests/sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff: read tcp 192.168.139.139:55902->52.55.168.20:443: read: connection reset by peer”

Any help is much appreciated.!!

I do have the same problem but only on some NAT IPs. It’s working fine on eg. 129.41.46.1, 129.41.46.2 but failing on eg. 129.41.46.0, 129.41.46.3, 129.41.46.4 - are some of those IPs blocked on a docker.io side? Any help would be much appreciated.