Docker proxy error

Nxues Version:3.37.0-01
System Version:CentOS 7.6 X86

Create a repository,Format is docker,Type is proxy.

The newly created repository does not have any docker images, the client host pulls the image in the Nexus docker warehouse through the docker pull command, Nexus docker repository accurate configuration proxy docker hub Url address,Nexus gets the docker image through the proxy and caches it in the Nexus docker proxy repository,The client pulls the mirror successfully.

Something incredible is coming.

The client cleans up all images fetched from the Nexus docker proxy repository,Change the URL value in “Remote Storage” in the Nexus docker proxy repository to a value that cannot be accessed normally,My actual practice is to manually modify the “/etc/hosts” file in the local linux system with the domain name configured by “Remote Storage”, and point the valid domain name of the source to the unreachable IP address.

After some time, I execute docker pull command from client,Get the cached docker image from the nexus docker agent repository,Failed to get image.

docker error info"error pulling image configuration: download failed after attempts=1: unknown blob"

Personally, I understand that docker images already exist in the Nexus repository. Even if the configured proxy is unreachable, the client should be able to obtain the existing images correctly.

If the client pulls an image that does not exist in the Nexus repository, the proxy connection is unreachable, and the client cannot obtain the image. This inability to obtain images is understandable.

I would like to know about the Nexus docker proxy warehouse. When the configured proxy URL address is unreachable, and the existing image in the warehouse is obtained, what is the correct execution process of Nexus? How to achieve proxy unreachable, so that cached docker images can be obtained correctly.

Looking forward to reply, thank you.

Hi Kry,

Thank you for posting. This is a community forum, where people come seeking help from fellow community members. Your post sounds like a bug report, so if you would like to report a bug in our product please do so in our issue tracker and ideally please reproduce you issue and immediately afterwards generate a file and attach to your report, so we can look at the logs of what’s happening on your instance.

What you described sounds like a bug, but I can’t say that for certain. Docker images are build from multiple layers that can be shared by multiple unrelated images. This means you might have locally cached layers prior to your test that were downloaded not through your Nexus Repository hence are missing. This is just a speculation on my side. I would like to kindly ask you to re-do your test following these steps:

  1. Purge all locally cached Docker content from your machine.
  2. Optionally, purge all content from your Docker repository in your Nexus Repository.
  3. Pull some image(s) on your machine via your Nexus Repository docker-proxy.
  4. Put your Docker proxy repository in your Nexus Repository in Blocked mode or use any other method of stopping communication between your Nexus Repository and the remote Docker registry from where you’re pulling images.
  5. Purge all locally cached Docker content from your machine (same as step 1).
  6. Pull some images image(s) via the same Nexus Repository. Remember it has to be the same image(s) as you have pulled previously in step 3.
  7. Everything should be working just fine, but if it didn’t please generate a file and attach it to your bug report in our issue tracker.
1 Like

Hi Dawid Sawa
Thank you for your reply!

Conclusion: The Docker agent repository contains images, which cannot be fetched by docker pull.
Strictly follow the steps presented test,The pictures provided are explained below.

I tried to upload the file in the community, it said that I am a new user and cannot upload.

Hi Dawid Sawa
issue tracker URL :Log in - Sonatype JIRA (NEXUS-33296)
Upload the file in the attachment。

Figure 1.png and Figure 2.png Represents the correct Nexus docker proxy configuration

Figure 3.png corresponds to your step 3, blocking communication between the Nexus Docker agent and the remote Docker registry,In the Nexus Web UI Browse, you can clearly see the status information unavailable,Here is a question, Manually block communication between the Nexus repository and the remote Docker registry, will the Web ui Browse status be automatic? Status update cycle? Click the refresh function key in the web ui, the status is displayed as normal, Communication is broken should not be normal,Because when I blocked remote docker communication, I found that the status was not updated for a long time, so I was forced to manually restart the Nexus service and refresh the Browse status.

Figure 4.png is the configuration information of the server, including the unreachable repo.cluster.z .

Figure 5.png is to execute the docker pull command to pull the image. Before pulling, I have deleted the directory specified by Docker Root Dir and restarted the docker service,Repository has been cached image,The result shows that the pull was unsuccessful.

Figure 6.png Restore the communication between Nexus and the remote docker registry. The figure shows that the remote domain repo.cluster.z is reachable. Executing the docker pull command to pull the image failed, guessing that the Nexus server did not update the communicable state, and was forced to restart the Nexus service manually. I tried to pull the image here. Based on the picture it can be seen that it was successful.

Validation also found a status update problem? At the same time, the status information cannot be fully displayed? I tried to get the API interface of the status from the API documentation, but no available API interface was found. How to check more and more complete status changes correctly?