Proxy a private Docker Registry in Group

help

#1

We are using Nexus v3.13 as Docker Registry and Docker Hub Proxy, matched in a Group. The Docker Deamon is configured to use this group as registry mirror.
Now we want to add a private registry to this registry mirror group. I configured the new registry in nexus as proxy with its own port and pulling images works perfectly.
Then I added this proxy to the registry mirror group, but it is not possible to pull the images over the group.
Nexus logger output:
Is the remote url a valid docker endpoint? Remote host https://<private-reg>:5000/ with path /v2/library/<image-name>/manifests/v0.0.1 did not return the expected response. Error message: manifest unknown

The private registry is using the offical Docker registry and the path to the endpoint should looks like this:
https://<private-reg>:5000/v2/<image-name>/tags/list/v0.0.1 or
https://<private-reg>:5000/v2/_catalog for the whole images

It seems similar to this issue:

Or is there a way to configure the path to the catalog?

Regards,
Andreas


#2

Hi Andreas,
To me, your issue is not clear.
Were the hosted and dockerhub proxy working and now the private registry isn’t? Or were they working and now nothing is? Or was nothing working?

Also, your URLs are showing as “https://:5000” to me. Is that a typo or host removed for privacy or is it actually like that?
-Joe


#3

Hi Joe,

the setup looks like this:

docker hub            https://<external-private-registry>:5000
       |                                |
       |                                |            http://<nexus-private-registry>:5000 (push)
nexus-docker-hub-proxy    nexus-external-private-proxy:8085             |
       |                                |                               |
       ---------------------- nexus-docker-group:5001--------------------
                                        |
                                        V
   developer-system:docker-deamon.json:registry-mirrors:[http://<nexus-registry>:5001] (as well in insecure registry)

Pulling from Docker Hub and internal Registry over the nexus-docker-group is working with docker pull <image-name>:tag, but is not working from external-private-registry.
Pulling images from external-private-registry over the configured nexus-external-private-proxy is running with docker pull <nexus-external-private-proxy>:8085/<image-name>:tag and direct with docker pull <external-private-registry>:5000/<image-name>:tag , but not over the nexus-docker-group with docker pull <image-name>:tag. Pulling over the group throws the nexus logger message like in my first post. Or is there any prefix to attach, from which registry it should be pulled?

I hope, the setup and issue is now more understandable.

Andreas


#4

Hi again,
That is indeed much more clear, unfortunately, what you describe sounds like a bug.
I can’t think of a reason why the proxy would work and the group not work if the other group members work.
I am wondering if there’s anything in the nexus.log at the same time.
However, I feel at this point I’m debugging your problem which I do not feel is the intention of this forum. Feel free to continue to follow up here but my advice is to file a ticket on issues.sonatype.com and include a support zip (documented here: https://help.sonatype.com/display/NXRM3/Support+Features#SupportFeatures-CreatingaSupportZIP) right after you have your issue so we can see the log as well as your config. Tickets on issues.sonatype.com default to non-public by default so any private information will be limited to between you and Sonatype. If that’s still of concern, at least the nexus.log I think will be helpful.
Maybe others have more ideas.
Best,
Joe Tom