Docker registry mirror not using proxy credentials

Docker Engine
1

With the new rate limits in effect, I’m trying to setup the official docker proxy in mirror mode. I’m behind a corporate firewall, so our whole organization seems to be counting as a single unauthenticated user. I have an account and I’ve configured my proxy with the credentials so I can have my own rate limit, but i still get rate limit errors. It seems like the registry in mirror mode is not using the proxy credentials for all pulls.

Registry config.yaml:

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
http:
  addr: 0.0.0.0:443
  tls:
    certificate: /certs/<my-mirror>.crt
    key: /certs/<my-mirror>.key
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io
  username: <username>
  pass: <password>

Startup command:

docker run -d \
    --restart=always \
    --name registry \
    -v /etc/docker/registry/config.yml:/etc/docker/registry/config.yml \
    -v /data/registry:/var/lib/registry \
    -v /certs:/certs \
    -p 443:443 \
    registry:2

My client is configured like:

{
  "debug": true,
  "registry-mirrors": ["https://<my-mirror>"]
}

I still get rate limit errors, both in the client and the proxy. Clearly the client is calling the proxy because the proxy logs show it calling back to dockerhub. But the proxy doesn’t use the provided credentials when pulling something like “docker pull alpine:latest”

1 Like