Help setting up Docker Proxy

cmariage · December 15, 2023, 4:18pm

Hello!

What do I need?

I have trouble setting up a proxy Docker repository.
My objective is to have the possibility to pull a Jupyter Notebook image from my Nexus repository.

So I would want to set up a proxy Docker repo toward Quay

Where do I have trouble?

After setting it up, there is no content in the proxy repo.

Trying a docker pull on the newly set up repository does not work neither.

What I did?

Here are screenshots of the repo settings:

I also tried followed the example in the Sonatype documentation, but I was not able to see the content of https://registry-1.docker.io

https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/proxy-repository-for-docker

I have Nexus OSS version 3.44.0-01

What did I do wrong? Could you please help me?

Thanks!

PS: I would have liked to post more screenshots, but I can’t as I am a new member.

mpiggott · December 15, 2023, 5:26pm

You need to be more specific than does not work in order for anyone to suggest anything as this does not describe what you attempted nor what the result was.

mprescott · December 15, 2023, 5:57pm

Clément, a couple of things. First of all, proxies don’t fill up with the remote content automatically, they only cache what you pull through it. Secondly, the Remote repository URL may not be correct, that looks like the address of the specific image rather than the registry that contains the image.

cmariage · December 18, 2023, 8:48am

Yes, sorry I wrote this in a hurry and forgot to add some logs.

So, I am trying to pull a Jupyter notebook image (quay.io/jupyter/base-notebook:notebook-7.0.6) from my Nexus repo.

After setting up the proxy repository as shown in my first post, I try a docker pull, which fails because I don’t understand how the routing works:

cmariage · December 18, 2023, 8:57am

Thank you for the explanation.

Regarding the Jupyter repository, I think you are right, because https://quay.io/repository/jupyter/base-notebook?tab=tags seems to be an image with many tags.

I have tried to change the remote storage URL:

cmariage · December 18, 2023, 8:58am

Then I have tried to do a docker pull again, with no success:

mpiggott · December 18, 2023, 2:13pm

In the repository config remove the path from the URL.

cmariage · December 18, 2023, 2:52pm

I have removed the the path from the URL:

I am still not able to do a pull :')

cmariage@mdx-port-cma:~$ docker pull repo.medexprim.net/jupyter_docker/jupyter/base-notebook:notebook-7.0.6
Error response from daemon: manifest for repo.medexprim.net/jupyter_docker/jupyter/base-notebook:notebook-7.0.6 not found: manifest unknown: manifest unknown
cmariage@mdx-port-cma:~$
cmariage@mdx-port-cma:~$ docker pull repo.medexprim.net/jupyter_docker/base-notebook:notebook-7.0.6
Error response from daemon: manifest for repo.medexprim.net/jupyter_docker/base-notebook:notebook-7.0.6 not found: manifest unknown: manifest unknown
cmariage@mdx-port-cma:~$
cmariage@mdx-port-cma:~$ docker pull repo.medexprim.net/jupyter/base-notebook:notebook-7.0.6
Error response from daemon: manifest for repo.medexprim.net/jupyter/base-notebook:notebook-7.0.6 not found: manifest unknown: manifest unknown
cmariage@mdx-port-cma:~$

mpiggott · December 18, 2023, 3:06pm

Does Nexus have errors?

cmariage · December 18, 2023, 4:31pm

Not exactly.

I found out that whatever URL I target when doing a docker pull, Nexus tries to search in the same repository.

In my Nexus, I have a first docker repository with the enterprise products named “docker”:

If I do a docker pull to pull an existing image, it works. Note the address in the log (https://repo.medexprim.net/repository/docker/v2[...])

Existing image in repo.medexprim.net/repository/docker/v2/support/storescu_listener/manifests/1.0.0

docker pull repo.medexprim.net/support/storescu_listener:1.0.0

31.33.105.217 - - [18/déc./2023:17:18:02 +0100] "GET /repository/docker/v2/ HTTP/1.1" 401 - 113 3 "docker/23.0.6 go/go1.19.9 git-commit/9dbdbd4 kernel/5.15.133.1-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/23.0.6 \(linux\))" [qtp1025017468-145376]
31.33.105.217 - deploy [18/déc./2023:17:18:02 +0100] "HEAD /repository/docker/v2/support/storescu_listener/manifests/1.0.0 HTTP/1.1" 200 - 0 10 "docker/23.0.6 go/go1.19.9 git-commit/9dbdbd4 kernel/5.15.133.1-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/23.0.6 \(linux\))" [qtp1025017468-145295]

However, when I try to do a docker pull to get an image from the “jupyter_docker” proxy repository, as said earlier it does not work. What is interesting is that Nexus tries to look in the same repository:

Trying to target repo.medexprim.net/repository/jupyter_docker/v2/jupyter/base-notebook:notebook-7.0.6, we get repo.medexprim.net/repository/docker/v2/jupyter/base-notebook/manifests/notebook-7.0.6

docker pull repo.medexprim.net/jupyter/base-notebook:notebook-7.0.6

31.33.105.217 - - [18/déc./2023:17:07:30 +0100] "GET /repository/docker/v2/ HTTP/1.1" 401 - 113 172 "docker/23.0.6 go/go1.19.9 git-commit/9dbdbd4 kernel/5.15.133.1-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/23.0.6 \(linux\))" [qtp1025017468-144740]
31.33.105.217 - deploy [18/déc./2023:17:07:30 +0100] "HEAD /repository/docker/v2/jupyter/base-notebook/manifests/notebook-7.0.6 HTTP/1.1" 404 - 0 74 "docker/23.0.6 go/go1.19.9 git-commit/9dbdbd4 kernel/5.15.133.1-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/23.0.6 \(linux\))" [qtp1025017468-145050]
31.33.105.217 - deploy [18/déc./2023:17:07:30 +0100] "GET /repository/docker/v2/jupyter/base-notebook/manifests/notebook-7.0.6 HTTP/1.1" 404 - 138 11 "docker/23.0.6 go/go1.19.9 git-commit/9dbdbd4 kernel/5.15.133.1-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/23.0.6 \(linux\))" [qtp1025017468-145299]

Which explains why I can not get anything, as Nexus does not know I want to search in jupyter_docker proxy repo when I do a docker pull in the first place.

Is this something I can configure?

mpiggott · December 18, 2023, 9:07pm

Oh I assumed you’d followed the help site - you need to configure either an HTTP(S) connector port or use a reverse proxy. Docker clients do not work outside the context root of URLs:

https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry#DockerRegistry-DockerPortScalability

cmariage · December 19, 2023, 1:23pm

Ah ah sorry there are many intricated pages. Plus, I am not very proficient with proxies, nor I am the one that did the install so it is not easy for me. Thanks for your answer as I was able to investigate further.

Nginx is already installed on the server. I have tried several nginx configurations to expose multiple registries but with no success (as usual).

However, I read in the documentation that there is an easier way to have multiple accessible Docker registries in Nexus: Docker Groups.
This seems to be the normal way I guess?

I created a Docker group, containing both registries “docker” and “jupyter_docker”. It has the port 8123 which was the port used by the “docker” registry (for which I disabled the port).

I am now able to pull images from both registries, the proxy docker registry works well as well!

cmariage@mdx-port-cma:~$ docker pull repo.medexprim.net/jupyter/base-notebook:notebook-7.0.6
notebook-7.0.6: Pulling from jupyter/base-notebook
cbe3537751ce: Pull complete
[...]
e52f5bc138a4: Pull complete
Digest: sha256:c52b5d5fe4b32836945776dc98f6569aff9865e827b107ce73790ea7be3b5c46
Status: Downloaded newer image for repo.medexprim.net/jupyter/base-notebook:notebook-7.0.6
repo.medexprim.net/jupyter/base-notebook:notebook-7.0.6

The image is now cached in the proxy Docker registry and accessible from my Nexus server.

Maybe I should have asked what is the usual way to have multiple Docker registries first.
Anyway, a bit sorry that I was not able to make the reverse proxy work as wanted, but thank you for the help.