Docker Community Forums

Share and learn in the Docker community.

Unable to run registry as a pull-through cache


#1

Hi,

I’m trying to set up a private registry for my team. I’m running it inside Windows container. Simple scenario works fine, but I’m not able to set it up as a proxy for the Docker Hub. Docker Hub is blocked inside our network unless you’re using proxy, Host machine have HTTP_PROXY and HTTPS_PROXY env variables correctly setup. After container starts I see this in the log:

time=“2018-12-18T13:11:03+02:00” level=warning msg=“No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.s
ecret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable.” go.version=go1.10 instance.id=c78a8e26-feef-4789-9b99-f38da33ea123 version=“v2.6.2+unknown”
time=“2018-12-18T13:11:03+02:00” level=info msg=“Starting upload purge in 9m0s” go.version=go1.10 instance.id=c78a8e26-feef-4789-9b99-f38da33ea123 version=“v2.6.2+unknown”
time=“2018-12-18T13:11:03+02:00” level=info msg=“redis not configured” go.version=go1.10 instance.id=c78a8e26-feef-4789-9b99-f38da33ea123 version=“v2.6.2+unknown”
time=“2018-12-18T13:11:03+02:00” level=info msg=“using inmemory blob descriptor cache” go.version=go1.10 instance.id=c78a8e26-feef-4789-9b99-f38da33ea123 version=“v2.6.2+unknown”
time=“2018-12-18T13:11:03+02:00” level=info msg=“Starting cached object TTL expiration scheduler…” go.version=go1.10 instance.id=c78a8e26-feef-4789-9b99-f38da33ea123 version=“v2.6.2+unknown”
panic: Get https://registry-1.docker.io/v2/: dial tcp 34.233.151.211:443: i/o timeout

When I use -e HTTP_PROXY={PROXY} -e HTTPS_PROXY={PROXY} to run container it fails at the same place but with slightly different error: t/http: TLS handshake timeout

Behavior is the same on both CE and EE versions of Docker. Also, running the same image on a different machine which doesn’t require proxy works totally fine.

How can I setup registry to correctly work behind the proxy?


(Frippe75) #2

Seeing “the same” issue. At least trying to setup what you are doing.
But I see that my registry container is trying to resolve registry-1.docker.io instead of heading to my proxy. I.e not respecting my HTTP_PROXY / HTTPS_PROXY variables.

Checked that both are set…
> $ docker exec -t dockerregistry_registry_1 echo $HTTP_PROXY
> http://webproxy:3128

10.0.1.99 is my DNS server…

 panic: Get https://This text will be hiddenregistry-1\.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 10.0.1.99:53: read udp 172.17.0.2:59322->10.0.1.99:53: i/o timeout
 goroutine 1 [running]:

(Frippe75) #3

Maybe I solved it. Did not test fully but I initially had my proxy env’s due to them being part of the docker host. But I added them to my docker-compose.yml and now it looks better… Try it!


#4

Hi,

I’m getting all errors in initial post when I set HTTP_PROXY and HTTPS_PROXY in Dockerfile, so they’re set on container level not on the host. Btw, are you running registry in Linux or Windows container? I’m running in Windows one.