Only hello-world and search works

casonbradley431 · August 18, 2025, 4:49pm

The command docker run hello-world works perfectly indicating that the set up is correct, but when I try to pull any image it gets stuck during Pulling fs layer. The search works, so there’s a connection to the hub, but other than that nothing works.

I run a VM Linux Mint, but also tried with Kubuntu and Debian with the same result. Proxy or not doesn’t matter either.

rimelek · August 18, 2025, 4:54pm

Did you have the hello-world image already pulled before? What happens when you run

docker pull hello-world

?

casonbradley431 · August 18, 2025, 7:11pm

If I do it right now it says

Status: Image is up to date for hello-world:latest

I deleted the image and reran the command

Status: Downloaded newer image for hello-world:latest

rimelek · August 19, 2025, 2:17pm

I know you wrote the issue happens with every other image, but because you couldn’t have tried all, please, try this one too:

docker pull alpine

This is a small image, so if it has to do anything with size, it should work. If the image is public, please, also share what image you tried to pull exactly that didn’t work.

casonbradley431 · August 19, 2025, 6:00pm

It’s the same for every image out there.

First it gets stuck for pretty long time:

sudo docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
9824c27679d3: Waiting

then runs a retry for other several minutes and returns an error:

9824c27679d3: Waiting 9824c27679d3: Downloading  3.735MB/3.735MB
read tcp 192.168.64.21:38978->172.66.1.46:443: read: connection timed out

Ubuntu:

sudo docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
b71466b94f26: Pulling fs layer

The error:

b71466b94f26: Downloading  29.66MB/29.66MB
read tcp 192.168.64.21:58278->162.159.141.50:443: read: connection timed out

Node:

sudo docker pull node
Using default tag: latest
latest: Pulling from library/node
f014853ae203: Pulling fs layer 
6d6401b7636b: Pulling fs layer 
cffef7dc6f99: Pulling fs layer 
1e6ffe3614ab: Waiting 
0424d66cc45d: Waiting 
e6931704a864: Waiting 
fd5f28d2ecab: Waiting 
2b5f5b1e055d: Waiting

The error:

read tcp 192.168.64.21:38078->172.66.1.46:443: read: connection timed out

By the end of all of this there’s still only hello-world image.

I also installed Podman and it works fine right off the bat.

rimelek · August 20, 2025, 6:25pm

It looks like a network issue. The IP address is a cloudflare IP.

I have similar IPs if I run a proxy and route the docker daemon traffic through it.

proxy-1  | 1755713332.962    485 172.18.0.3 TCP_TUNNEL/200 5269 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.196.144.154 -
proxy-1  | 1755713333.451    474 172.18.0.3 TCP_TUNNEL/200 17610 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.196.144.154 -
proxy-1  | 1755713333.882    414 172.18.0.3 TCP_TUNNEL/200 6309 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.196.144.154 -
proxy-1  | 1755713334.297    405 172.18.0.3 TCP_TUNNEL/200 5474 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.196.144.154 -
proxy-1  | 1755713334.401    509 172.18.0.3 TCP_TUNNEL/200 5474 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.196.144.154 -
proxy-1  | 1755713334.573    273 172.18.0.3 TCP_TUNNEL/200 4481 CONNECT docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443 - HIER_DIRECT/162.159.141.50 -
proxy-1  | 1755713334.615    212 172.18.0.3 TCP_TUNNEL/200 6963 CONNECT docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443 - HIER_DIRECT/162.159.141.50 -
proxy-1  | 1755713416.169    408 172.18.0.3 TCP_TUNNEL/200 5153 CONNECT registry-1.docker.io:443 - HIER_DIRECT/98.85.9.239 -
proxy-1  | 1755713416.571    398 172.18.0.3 TCP_TUNNEL/200 10438 CONNECT auth.docker.io:443 - HIER_DIRECT/3.226.118.171 -
proxy-1  | 1755713417.053    479 172.18.0.3 TCP_TUNNEL/200 5267 CONNECT registry-1.docker.io:443 - HIER_DIRECT/98.85.9.239 -
proxy-1  | 1755713417.541    477 172.18.0.3 TCP_TUNNEL/200 11955 CONNECT registry-1.docker.io:443 - HIER_DIRECT/98.85.9.239 -
proxy-1  | 1755713418.027    471 172.18.0.3 TCP_TUNNEL/200 5693 CONNECT registry-1.docker.io:443 - HIER_DIRECT/98.85.9.239 -
proxy-1  | 1755713418.495    458 172.18.0.3 TCP_TUNNEL/200 5474 CONNECT registry-1.docker.io:443 - HIER_DIRECT/98.85.9.239 -
proxy-1  | 1755713418.517    480 172.18.0.3 TCP_TUNNEL/200 5474 CONNECT registry-1.docker.io:443 - HIER_DIRECT/98.85.9.239 -
proxy-1  | 1755713418.759    261 172.18.0.3 TCP_TUNNEL/200 6234 CONNECT docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443 - HIER_DIRECT/162.159.141.50 -
proxy-1  | 1755713419.572   1052 172.18.0.3 TCP_TUNNEL/200 28907663 CONNECT docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443 - HIER_DIRECT/162.159.141.50 -

The output shows when I ran docker pull hello-world and when I ran docker pull ubuntu next time. Both are connecting to CloudFlare. It doesn’t have to pull the image when it is already pulled so it is not logged then, only the registry auth requests.

proxy-1  | 1755713887.931    433 172.18.0.3 TCP_TUNNEL/200 5153 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.207.195.157 -
proxy-1  | 1755713888.309    373 172.18.0.3 TCP_TUNNEL/200 10439 CONNECT auth.docker.io:443 - HIER_DIRECT/54.237.23.78 -
proxy-1  | 1755713888.806    493 172.18.0.3 TCP_TUNNEL/200 5267 CONNECT registry-1.docker.io:443 - HIER_DIRECT/44.207.195.157 -

If I delete the hello-world image and pull again, it is logged again.

proxy-1  | 1755713971.356    474 172.18.0.3 TCP_TUNNEL/200 6309 CONNECT registry-1.docker.io:443 - HIER_DIRECT/13.223.135.59 -
proxy-1  | 1755713971.850    484 172.18.0.3 TCP_TUNNEL/200 5474 CONNECT registry-1.docker.io:443 - HIER_DIRECT/13.223.135.59 -
proxy-1  | 1755713971.862    496 172.18.0.3 TCP_TUNNEL/200 5474 CONNECT registry-1.docker.io:443 - HIER_DIRECT/13.223.135.59 -
proxy-1  | 1755713972.122    257 172.18.0.3 TCP_TUNNEL/200 4459 CONNECT docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443 - HIER_DIRECT/162.159.141.50 -
proxy-1  | 1755713972.124    268 172.18.0.3 TCP_TUNNEL/200 6965 CONNECT docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443 - HIER_DIRECT/162.159.141.50 -

I see no 172.* IP in my outputs, but it is only because this is what was resolved and cached first to me. If I use nslookup, I get the IP you see in the output:

 nslookup docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com

Server:		fe80::1%12
Address:	fe80::1%12#53

Non-authoritative answer:
Name:	docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
Address: 172.66.1.46
Name:	docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
Address: 162.159.141.50

But at least one of the IPs work from your error messages and I assume the other would too.

You can check local firewalls or any firewall in your LAN network. VPN can also cause problems sometimes, not just proxies.

Topic		Replies	Views
[SOLVED] Cannot pull any image from Docker Hub General	6	30352	May 31, 2016
Unable to pull hello-world image Docker Desktop	2	1881	May 9, 2016
Can't pull down hello world images General	5	6309	May 22, 2017
Docker desktop fails pulling images Docker Desktop dockerhub , docker , windows	8	3207	April 14, 2025
Issue in pulling the ubuntu image General	15	7193	September 14, 2015

Only hello-world and search works

Related topics