Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Unable to push docker images to registry behind apache proxy |
|
| Author |
|
ajex
Joined: 17 Oct 2023
Posts: 3
Location: Saudi Arabia
|
 Posted: Tue 17 Oct '23 17:51 Post subject: Unable to push docker images to registry behind apache proxy |
 |
|
Hello All,
I am trying to push docker images to our private Gitlab registry which is behind the Apache reverse proxy.
Whenever I try to push it says some layers already exists and for some it keeps on retrying and finall gives
"received unexpected HTTP status: 502 Bad Gateway"
Logs on Apache server shows:
[Tue Oct 17 18:42:00.643521 2023] [proxy_http:error] [pid 141429:tid 140656336918272] [client 10.70.100.46:57886] AH01097: pass request body failed to 10.70.107.12:5000 (10.70.107.12) from 10.70.100.46 ()
[Tue Oct 17 18:42:06.275378 2023] [proxy:error] [pid 141428:tid 140655766509312] (32)Broken pipe: [client 10.70.100.46:57901] AH01084: pass request body failed to 10.70.107.12:5000 (10.70.107.12)
[Tue Oct 17 18:42:06.275504 2023] [proxy_http:error] [pid 141428:tid 140655766509312] [client 10.70.100.46:57901] AH01097: pass request body failed to 10.70.107.12:5000 (10.70.107.12) from 10.70.100.46 ()
I have apache version 2.4.37.
Any help would be highly appreciated.
Thanks |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 18 Oct '23 8:39 Post subject: |
|
|
| Please post the relevant reverse proxy part of your configuration. |
|
| Back to top |
|
ajex
Joined: 17 Oct 2023
Posts: 3
Location: Saudi Arabia
|
| Posted: Wed 18 Oct '23 8:49 Post subject: Apache reverse proxy config: |
|
|
Below is my reverse proxy config:
| Code: |
<VirtualHost *:80>
ServerName registry-example.com
#Redirect permanent / https://registry-example.com/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://registry-example.com/ [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName registry-example.com
SSLEngine On
SSLProtocol TLSv1.2 TLSv1.3
SSLCipherSuite TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384
# SSL Certificate and Key files
SSLCertificateFile /etc/ssl/ca.crt
SSLCertificateKeyFile /etc/ssl/wild.key
SSLCACertificateFile /etc/ssl/DigiCertCA.crt
# SSL Proxy Settings
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
# Add HSTS header
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
#Increase proxy and request timeouts
Timeout 600
ProxyTimeout 600
SetEnv proxy-sendchunked
SetEnv proxy-sendcl
ProxyPreserveHost On
ProxyPass / http://10.10.10.2:5000/ connectiontimeout=40 timeout=60 Keepalive=On min=20 acquire=20 retry=0
ProxyPassReverse / http://10.10.10.2:5000/
AllowEncodedSlashes NoDecode
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects.*
Header add X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
RequestHeader set Host "registry-example.com"
LimitRequestBody 0
</VirtualHost>
|
Mod note: added code tags |
|
| Back to top |
|
ajex
Joined: 17 Oct 2023
Posts: 3
Location: Saudi Arabia
|
| Posted: Wed 18 Oct '23 8:52 Post subject: Update |
|
|
This is to let you know that I am using Apache version 2.4.37 and it has certain vulnerabilities like:
CVE-2023-27522 and CVE-2023-25690
Can these cause issue when I try to push the image to the docker registry running behind the Apache Proxy Server. |
|
| Back to top |
|
|
|
|
|
|
