'Docker registry behind Apache httpd proxy - push fails AH01097 AH01084 Broken pipe

the idea is to let a private docker repository run behind an Apache httpd server, but the push fails with errors (broken pipe), see below:

Does anyone have such a configuration running and can give me some tips or a link to a suitable documentation?

The system is Linux-Mint 20.1, Docker installation is from "https://download.docker.com/linux/ubuntu bionic stable"

The push starts, it looks like something is uploaded, but then all threads jump to retry until finally a timeout occurs

This works:

  • docker login xxxxx.dnsuser.de:443
  • docker pull xxxxx.dnsuser.de:443/v2/hello-world:latest
  • docker push localhost:5000/hello-world:latest
  • curl -X GET https://xxxx:[email protected]:443/v2/v2/_catalog

I'm quite new with docker and I'm also not an expert in the other topics ... but I played a lot with the config without success.

enter image description here

Apache error log

enter image description here

docker-compose.yaml

version: '3'
 
services:
  registry:
    image: registry:latest
    ports:
      - 127.0.0.1:5000:5000
    # environment:
    #   REGISTRY_AUTH: htpasswd
    #   REGISTRY_AUTH_HTPASSWD_REALM: Registry
    #   REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password

    volumes:
      - /tmp/registry:/var/lib/registry
      # - /tmp/auth/:/auth

Apache httpd config

<VirtualHost *:443>
  ServerName  xxxxxxxxx.dnsuser.de
  SSLEngine   on

  DocumentRoot /var/www/

  SSLProxyEngine            on
  # SSLProxyVerify          none 
  # SSLProxyCheckPeerCN     off
  # SSLProxyCheckPeerName   off
  # SSLProxyCheckPeerExpire off
  # ProxyPreserveHost       on
  # ProxyRequests           off
  # Header             always set "Docker-Distribution-Api-Version" "registry/2.0"
  # Header             onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
  # Header             add X-Forwarded-Proto "https"

  ProxyPass         /v2 "http://localhost:5000"
  ProxyPassReverse  /v2 "http://127.0.0.1:5000"

  <Location /v2>
    Order deny,allow
    Allow from all
    AuthName "fritz"
    AuthType basic
    AuthUserFile /etc/apache2/htpasswd
    Require user fritz
  </Location>

  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/xxxxxxxxx.dnsuser.de/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxxxx.dnsuser.de/privkey.pem
</VirtualHost>
dockerapacheproxydocker-registry


Solution 1:[1]

Try to config Apache similar to for example nginx. Disable proxy, disable buffering etc.

Make also sure you set proxy_set_header X-Forwarded-Proto https or however the equivalent is called on Apache.

nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
nginx.ingress.kubernetes.io/proxy-max-temp-file-size: 10000m(might be redundant with the above setting)
nginx.ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/proxy-body-size: "0"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Vad1mo

Related Questions