logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Unable to push docker images to registry behind apache proxy
Author
ajex



Joined: 17 Oct 2023
Posts: 3
Location: Saudi Arabia

PostPosted: Tue 17 Oct '23 17:51    Post subject: Unable to push docker images to registry behind apache proxy Reply with quote

Hello All,

I am trying to push docker images to our private Gitlab registry which is behind the Apache reverse proxy.
Whenever I try to push it says some layers already exists and for some it keeps on retrying and finall gives
"received unexpected HTTP status: 502 Bad Gateway"

Logs on Apache server shows:
[Tue Oct 17 18:42:00.643521 2023] [proxy_http:error] [pid 141429:tid 140656336918272] [client 10.70.100.46:57886] AH01097: pass request body failed to 10.70.107.12:5000 (10.70.107.12) from 10.70.100.46 ()
[Tue Oct 17 18:42:06.275378 2023] [proxy:error] [pid 141428:tid 140655766509312] (32)Broken pipe: [client 10.70.100.46:57901] AH01084: pass request body failed to 10.70.107.12:5000 (10.70.107.12)
[Tue Oct 17 18:42:06.275504 2023] [proxy_http:error] [pid 141428:tid 140655766509312] [client 10.70.100.46:57901] AH01097: pass request body failed to 10.70.107.12:5000 (10.70.107.12) from 10.70.100.46 ()

I have apache version 2.4.37.

Any help would be highly appreciated.
Thanks
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7318
Location: Germany, Next to Hamburg

PostPosted: Wed 18 Oct '23 8:39    Post subject: Reply with quote

Please post the relevant reverse proxy part of your configuration.
Back to top
ajex



Joined: 17 Oct 2023
Posts: 3
Location: Saudi Arabia

PostPosted: Wed 18 Oct '23 8:49    Post subject: Apache reverse proxy config: Reply with quote

Below is my reverse proxy config:
Code:

<VirtualHost *:80>
    ServerName registry-example.com
    #Redirect permanent / https://registry-example.com/
    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://registry-example.com/ [NE,R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName registry-example.com

    SSLEngine On
    SSLProtocol TLSv1.2 TLSv1.3
    SSLCipherSuite TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384

    # SSL Certificate and Key files
    SSLCertificateFile /etc/ssl/ca.crt
    SSLCertificateKeyFile /etc/ssl/wild.key
    SSLCACertificateFile /etc/ssl/DigiCertCA.crt

    # SSL Proxy Settings
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off

    # Add HSTS header
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

    #Increase proxy and request timeouts
    Timeout 600
    ProxyTimeout 600

    SetEnv proxy-sendchunked
    SetEnv proxy-sendcl

    ProxyPreserveHost On
    ProxyPass / http://10.10.10.2:5000/ connectiontimeout=40 timeout=60 Keepalive=On min=20 acquire=20 retry=0
    ProxyPassReverse / http://10.10.10.2:5000/

    AllowEncodedSlashes NoDecode

    RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects.*

    Header add X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set Host "registry-example.com"

    LimitRequestBody 0

</VirtualHost>


Mod note: added code tags
Back to top
ajex



Joined: 17 Oct 2023
Posts: 3
Location: Saudi Arabia

PostPosted: Wed 18 Oct '23 8:52    Post subject: Update Reply with quote

This is to let you know that I am using Apache version 2.4.37 and it has certain vulnerabilities like:
CVE-2023-27522 and CVE-2023-25690
Can these cause issue when I try to push the image to the docker registry running behind the Apache Proxy Server.
Back to top


Reply to topic   Topic: Unable to push docker images to registry behind apache proxy View previous topic :: View next topic
Post new topic   Forum Index -> Apache