Requests to docker private registry behind nginx are handled by an HTTPS vhost

0
votes

I have a docker private registry container serving behind Nginx in HTTP.

Everythings works fine until I add an HTTPS server configuration. docker pull and docker push requests are handled by this HTTPS vhost rather than the docker registry vhost (access logs are printed under HTTPS domain, docker registry domain got nothing).

So, obviously, I got 404 errors.

Deleting this HTTPS config makes it work again.

This is my docker registry conf under /etc/nginx/sites-enabled:

server {
    listen 80;
    server_name docker-registry.my-domain.com;
    access_log /data/log/nginx/$server_name.access.log;
    client_max_body_size 0;

    location ~ \.*$ {
        proxy_pass http://localhost:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $http_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
    }
}

And the HTTPS vhost under /etc/nginx/sites-enabled:

server {
    listen 443 ssl;
    server_name foobar.my-domain.com;
    ssl_certificate /etc/nginx/certs/foobar.my-domain.com/crt;
    ssl_certificate_key /etc/nginx/certs/foobar.my-domain.com/key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    access_log /data/log/nginx/$server_name.access.log;

    location ~ \.*$ {
        proxy_pass http://localhost:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $http_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
    }
}

server {
    listen 80;
    server_name foobar.my-domain.com;
    return 301 https://$server_name$request_uri;
}

When I use <my-ip>:5000 as insecure-registries rather than the domain name of docker registry, everything works also fine.

When I use curl to send request to http://docker-registry.my-domain.com/v2/<my-image>/manifests/latest, access log of docker registry prints 401 Unauthorized as expected.

Do I misconfigure Nginx?

Docker version:

Client: Docker Engine - Community
 Version:           18.09.0-ce-beta1
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        78a6bdb
 Built:             Thu Sep  6 22:41:53 2018
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0-ce-beta1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       78a6bdb
  Built:            Thu Sep  6 22:49:35 2018
  OS/Arch:          linux/amd64
  Experimental:     true

Many thanks!

--------------- Updates ---------------------------

I find that it works fine if I remove the protocol ssl after listen in HTTPS config.

1
dockernginxhttps

1 Answers

0
votes

Finally I found, if ssl is also enabled in docker-registry.my-domain.com, everything works fine. I don't know why, but it really works.