Hi Team,
We have set up a proxy Docker registry in Nexus, with a remote repository being proxied from https://registry.opencode.de. In Harbor, we configured a replication rule with a pull-based replication mode. The source registry in Harbor is set as the Nexus proxy registry, with the remote repository configured as “opencode” in Nexus.
Our goal is to replicate images in Harbor via the Nexus proxy, using the URL pattern https://nexusexmaple.com/bwi/bundesmessenger/backend/container-images/**. However, we are encountering a 401 unauthorized error from https://registry.opencode.de, as indicated in the Nexus logs.
++++++++++++++++
[08/Mar/2024:13:47:04 +0000] @ "GET https://gitlab.opencode.de/jwt/auth?service=container_registry&scope=registry%3Acatalog%3A
HTTP/1.1" 200 2550 392 “Nexus/3.64.0-04 (OSS; Linux; 4.14.65-gentoo; amd64; 1.8.0_392)” [qtp1414918440-1023]
[08/Mar/2024:13:47:04 +0000] @ “GET https://registry.opencode.de/v2/_catalog
HTTP/1.1” 401 162 1025 “Nexus/3.64.0-04 (OSS; Linux; 4.14.65-gentoo; amd64; 1.8.0_392)” [qtp1414918440-1023]
++++++++++++++++
Interestingly, we can successfully replicate images from Harbor when attempting to replicate one image at a time. For example, if we use the URL https://nexusexmaple.com/bwi/bundesmessenger/backend/container-images/bundesmessenger-call, the replication works without issues.
Related logs from Nexus
+++++++++++++++++
[08/Mar/2024:09:13:09 +0000] - “GET https://gitlab.opencode.de/jwt/auth?service=container_registry&scope=repository%3Abwi%2Fbundesmessenger%2Fbackend%2Fcontainer-images%2Fbundesmessenger-call%3Apull
HTTP/1.1” 200 2607 314 “Nexus/3.64.0-04 (OSS; Linux; 4.14.65-gentoo; amd64; 1.8.0_392)” [qtp1414918440-580]
[08/Mar/2024:09:13:10 +0000] - “GET https://registry.opencode.de/v2/bwi/bundesmessenger/backend/container-images/bundesmessenger-call/blobs/sha256:7288cfc48d463d9589db9727752633ec0fb105506a17fcbd07cbebadaa26a58f
HTTP/1.1” 307 0 765 “Nexus/3.64.0-04 (OSS; Linux; 4.14.65-gentoo; amd64; 1.8.0_392)” [qtp1414918440-580]
[08/Mar/2024:09:13:10 +0000] - “GET https://s3b.wx-one.com/oc-registry/docker/registry/v2/blobs/sha256/72/7288cfc4xxxxxxxx27752633ec0fb105506a17fcbd07cbebadaa26a58f/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=jfMxc**********240308%2**-Amz-Signature=6c******
HTTP/1.1” 200 622 173 “Nexus/3.64.0-04 (OSS; Linux; 4.14.65-gentoo; amd64; 1.8.0_392)” [qtp1414918440-580]
+++++++++++++++++
We are seeking assistance in identifying the reason behind our ability to replicate one image at a time, while encountering a 401 unauthorized error when attempting to replicate all images from the repository https://nexusexmaple.com/bwi/bundesmessenger/backend/container-images/.
It’s worth noting that we have checked Harbor logs, but there are no reported errors related to the replication process on the Harbor side.