Reputation: 19388
Artifactory host name resolution to docker registry
I am trying to push a docker image into a newly created docker repo in Artifactory. For this I tag the image as follows,
docker tag ubuntu mNginxLb.mycompany.com/artifactory/api/docker/<repo_key>
and then push the image but get the following error
docker push mNginxLb.mycompany.com/artifactory/api/docker/<repo_key>/ubuntu
The push refers to a repository [mNginxLb.mycompany.com/artifactory/api/docker/<repo_key>/ubuntu] (len: 1)
unable to ping registry endpoint https://mNginxLb.mycompany.com/v0/
v2 ping attempt failed with error: Get https://mNginxLb.mycompany.com/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://mNginxLb.mycompany.com/v1/_ping: x509: certificate signed by unknown authority
Is this a problem with the certificate signing authority or with the hostname resolution? I checked to see if other repositories work well with the SSL certificate so I am not sure if the problem is of the certificates. Here is my nginx conf:
upstream artifactory_lb {
server mNginxLb.mycompany.com:8081;
server mNginxLb.mycompany.com backup;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/my-certs/myCert.pem;
ssl_certificate_key /etc/nginx/ssl/my-certs/myserver.key;
client_max_body_size 2048M;
location / {
proxy_set_header Host $host:$server_port;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
server_name mNginxLb.mycompany.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/my_local_repo_key/$1/$2;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://artifactory_lb;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
UPDATE:
After updating the certificate to one by CA, this error goes away , although I still cant push images and get a 403 forbidden error. The command I use is
docker push host:port/The push refers to a repository [host:port/image_name] (len: 1)
Sending image list
Error: Status 403 trying to push repository ubuntu: "<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.22 - Error report</title><style type=\"text/css\">H1 {f
ont-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#5
25D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;c
olor:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;backgro
und:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><bod
y><h1>HTTP Status 403 - </h1><div class=\"line\"></div><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>Access to the speci
fied resource has been forbidden.</u></p><hr class=\"line\"><h3>Apache Tomcat/8.0.22</h3></body></html>"image_name
The docker client gives the following error While the artifactory logs show the following
"GET /v2/ HTTP/1.1" 404 466 "-" "docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.13.0-24-generic os/linux arch/amd64"
172.28.144.202 - - [22/Dec/2015:11:06:00 -0500] "GET /v2/ HTTP/1.1" 404 466 "-" "docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.13.0-24-generic os/linux arch/amd64"
"GET /v1/_ping HTTP/1.1" 404 470 "-" "docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.13.0-24-generic ] "PUT /v1/repositories/ubuntu/ HTTP/1.1" 403 449 "-" "docker/1.9.1 go/go1.4.2 git-commit/a34a1d5 kernel/3.13.0-24-generic os/linux arch/amd64"
Upvotes: 4
Views: 1664
Answers (2)
Reputation: 19388
The problem was that I had configured artifactory with the V1 docker API but was trying to push an image that supported the v2 API
Upvotes: 0
Reputation: 1312
Docker treats everything after the hostname as the repository name (with optionally a namespace) and the tag. This means you need to use the port you have assigned (2222) with the hostname only. The context path is going to be the repository name.
In your case it should be:
docker tag ubuntu mNginxLb.mycompany.com:2222/ubuntu
docker push mNginxLb.mycompany.com:2222/ubuntu
Notice that the latest tag is implicit. Another example could be:
docker tag ubuntu:15.10 mNginxLb.mycompany.com:2222/ubuntu:15.10
Upvotes: 2
Related Questions
- Artifactory Docker Login to Repository Localhost
- Redirecting to docker registry with nginx
- Octopus Deploy can't use Artifactory Docker registry
- What's the right setup to replicate a remote docker registry on artifactory
- Artifactory and multiple docker repositories with nginx using embedding the repository name in the image name
- Docker registry on Artifactory - login failed
- Problems setting up artifactory as a docker registry
- Artifactory as docker Registry - docker-remote-cache stays empty
- Docker: Refer to registry by ip address
- artifactory as docker registry