Good Day. In my Nexus (inside Docker swarm) i create Docker Registry Repo and connect it to S3 blob store. My Nexus stay behind Traefik Proxy. When I try to push to the docker registry - I get the error (and it doesn't matter if I'm using local storage or s3):
docker push registry.company.group/ubuntu:dev
Getting image source signatures
Copying blob 2f140462f3bc done
Copying blob 63c99163f472 done
Copying blob ccdbb80308cc done
Copying config 7e0aa2d69a [======================================] 3.2KiB / 3.2KiB
Writing manifest to image destination
Error: error copying image to the remote destination: Error writing manifest: Error uploading manifest dev to registry.company.group/ubuntu: blob unknown: blob unknown to registry
Nexus Log:
2021-06-15 10:44:31,927+0300 WARN [qtp2096883010-3808] registry-user org.sonatype.nexus.repository.docker.internal.V2Handlers - Is the remote url a valid docker endpoint? Remote host https://registry-1.docker.io/ with path /v2/library/ubuntu/blobs/sha256:ccdbb80308cc5ef43b605ac28fac29c6a597f89f5a169bbedbb8dec29c987439 did not return the expected response. Error message: blob unknown to registry
2021-06-15 10:44:35,894+0300 ERROR [qtp2096883010-3807] registry-user org.sonatype.nexus.repository.docker.internal.orient.V2ManifestUtilImpl - Manifest refers to missing layer: sha256:7e0aa2d69a153215c790488ed1fcec162015e973e49962d438e18249d16fa9bd for: ubuntu/dev in repository RepositoryImpl$$EnhancerByGuice$$765e645e{type=hosted, format=docker, name='docker-registry'}
2021-06-15 10:44:35,925+0300 WARN [qtp2096883010-3807] registry-user org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: PUT /v2/ubuntu/manifests/dev: 400 - org.sonatype.nexus.repository.docker.internal.V2Exception: Invalid Manifest
Nexus Traefik setup (8081 for components like maven,nuget and etc; 8083 - docker group; 5000 docker hosted registry):
# nexus
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.nexus.entrypoints=websecure"
- "traefik.http.routers.nexus.rule=Host(`nexus.company.group`)"
- "traefik.http.routers.nexus.service=nexus"
- "traefik.http.services.nexus.loadbalancer.server.port=8081"
- "traefik.http.services.nexus.loadbalancer.passhostheader=true"
# # docker proxy
- "traefik.http.routers.docker-proxy.entrypoints=websecure"
- "traefik.http.routers.docker-proxy.rule=Host(`registry.company.group`) && Method(`GET`,`HEAD`)"
- "traefik.http.routers.docker-proxy.service=registry-proxy"
- "traefik.http.services.registry-proxy.loadbalancer.server.port=8083"
- "traefik.http.services.registry-proxy.loadbalancer.passhostheader=true"
# docker hosted
- "traefik.http.routers.registry.entrypoints=websecure"
- "traefik.http.routers.registry.rule=Host(`registry.company.group`) && Method(`POST`,`PUT`,`DELETE`,`PATCH`)"
- "traefik.http.routers.registry.service=registry"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
- "traefik.http.services.registry.loadbalancer.passhostheader=true"
But if i use NGINX outside of mine docker swarm i dont have problem with push and pull to nexus.
But i don't know how to use the same config in Traefik
server {
listen 443 ssl;
server_name "docker.company.group";
ssl_certificate /etc/nginx/ssl/cp.group.crt;
ssl_certificate_key /etc/nginx/ssl/cp.group.key;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# Allow connections from API clients only
if ($http_user_agent !~ docker ) {
return 404;
}
if ($request_method ~* (POST|PUT|DELETE|PATCH) ) {
rewrite ^/(.*)$ /docker-private/$1 last;
}
rewrite ^/(.*)$ /docker-group/$1 last;
location /docker-private {
rewrite ^/docker-private(.*)$ $1 break;
proxy_pass http://10.10.3.30:5000;
}
location /docker-group {
rewrite ^/docker-group(.*)$ $1 break;
proxy_pass http://10.10.3.30:8083;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}