RESOLVED
I am behind a corporate proxy and I never set my no_proxy variable in /etc/systemd/system/docker.service.d/http-proxy.conf. Once I set the variable there everything worked as intended
I'm running a docker registry behind traefik, I can navigate to the URL via a browser and can see the traffic in the reverse proxy logs and container logs, but when I docker push Im getting a bad gateway
registry-compose.yml
version: '3'
services:
local-registry:
container_name: registry
image: registry:2.6
restart: unless-stopped
volumes:
- registry-data:/var/lib/registry
- ./config.yml:/etc/docker/registry/config.yml
labels:
- traefik.enable=true
- traefik.http.routers.registry.entrypoints=https
- traefik.http.routers.registry.rule=Host(`registry.mydomain.com`)
- traefik.http.routers.registry.tls=true
- traefik.http.services.registry.loadbalancer.server.port=5000
volumes:
registry-data:
driver: local
driver_opts:
o: bind
type: none
device: ${PWD}/registry-data
networks:
default:
name: traefik
registry config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
host: https://registry.mydomain.com
relativeurls: true
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
traefik compose.yml
version: '3'
services:
reverse-proxy:
image: traefik:2.9.4
container_name: traefik-reverse-proxy
restart: unless-stopped
command:
- --api.insecure=true
- --providers.docker
- --providers.docker.exposedByDefault=false
- --entrypoints.https.address=:443
- --entrypoints.http.address=:80
- --metrics.prometheus=true
- --entryPoints.metrics.address=:8082
- --metrics.prometheus.entryPoint=metrics
- --entrypoints.registry.address=:5000
- --log.level=DEBUG
- --providers.file.directory=/configuration/
- --providers.file.watch=true
ports:
- 80:80
- 5000:5000
- 8080:8080
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config/:/configuration/
networks:
default:
name: traefik
I can curl and curl -X PUT the domain and get back {} which tells me I can hit the API, but if I docker push I get bad gateway. I have removed all proxy settings and added no_proxy variables to rule that out. as this is a local registry and I am behind a corporate proxy
for different entrypoint+tls configurations here is what I have tried so far
REGISTRY_HTTP_ADDR=:443
http Entrypoints=443
http Entrypoints=443 + catchall redirect
http Entrypoins=443 + tcp Entrypoints=5000
http Entrypoints=443 + tcp Entrypoints=443
http Entrypoints=443 + tcp Entrypoints=5000 + catchall redirect
http Entrypoints=443 + tcp Entrypoints=443 + catchall redirect
http Entrypoints=443 (Traefik TLS disabled) + tcp Entrypoints=443 w/ TLS Passthrough
http entrypoint=5000
http entrypoint=5000 + catchall redirect
http Entrypoints=5000 + tcp Entrypoints=5000
http Entrypoints=5000 + tcp Entrypoints=5000 + catchall redirect
I have also tried traefik versions 2, 2.6.4, and 2.9.4 and latest
I have also followed the documentation for an airgapped registry and edited /etc/docker/daemon.json
{
"allow-nondistributable-artifacts": ["registry.mydomain.com"]
}