"I/O error: Read timed out" pulling large Docker layer using Docker Proxy Repository

We have configured a Docker Proxy Repository that connects to an Azure Container Registry (ACR). We are unable to pull larger Image Layers due to the following errors:
org.apache.http.wire - http-outgoing-182066 << "[read] I/O error: Read timed out"
These timeouts occur exactly 20 seconds after the layer read begins.

Our “Connection/Socket timeout” System Setting just happens to be set to 20 seconds. This applies to all connection types, not just Docker, so we would like to leave this setting as is.

A large Docker Layer could take minutes to download. How can we configure the system to allow these slow Docker Pulls to occur without using the “Connection/Socket timeout” setting?
I have seen elsewhere that there are various Java options files that can control specific attributes of the various connectors. Is there a Java option that I can set to extend the timeout solely for Docker Proxy Repositories?

This isn’t a direct answer to your question but FYI, IIUC, the timeout happens after X seconds of inactivity from the client. So, the size of the layer shouldn’t matter…my guess is there’s some stalling in between (maybe due to size, but not on the NXRM end).

The problem was caused by a security scanner connected to our Proxy server. Incoming data is scanned for vulnerabilities. Large “blobs” of data (big Container Images) were timing out the security scanner.

1 Like

Hi ,
I have some problem at docker container sonatype/nexus3:3.30.1 . Any workaround or setting to solve it?Or how can I disable security scanner ?



That is a question for your network administrators. This is not a problem with Nexus, this is a problem with your network configuration.