Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input Future failed with Error while pushing image to private docker registry #393

Closed
gintautassulskus opened this issue Jun 6, 2018 · 15 comments
Closed

Input Future failed with Error while pushing image to private docker registry #393

gintautassulskus opened this issue Jun 6, 2018 · 15 comments
Assignees
@coollog
Milestone
0.9.1

Comments

@gintautassulskus
Copy link

Description of the issue:
Command mvn compile jib:build fails with

SEVERE: Input Future failed with Error
java.lang.StackOverflowError

while pushing the image to a private docker registry.

Expected behavior:

The image to be pushed successfully.

Steps to reproduce:

Not sure about this one. Some notable aspects of my configuration:

  • Load Balancer is configured to accept HTTPS 443 only
  • Ingress is secured with a tls certificate to provide https connection with TLS termination
  • The private docker registry is not secured: no tls and no password.

jib-maven-plugin Configuration:

            <plugin>
                    <groupId>com.google.cloud.tools</groupId>
                    <artifactId>jib-maven-plugin</artifactId>
                    <version>0.1.7</version>
                    <configuration>
                        <registry>docker-registry.cluster.local</registry>
                        <repository>demoapp</repository>
                        <tag>built-with-jib</tag>
                        <mainClass>com.example.demo.DemoApplication</mainClass>
                        <enableReproducibleBuilds>true</enableReproducibleBuilds>
                    </configuration>
                </plugin>

I have ommited the credHelpers configuratuon because the private docker repository is not secured.

Log output: 

[INFO] Pushing image as docker-registry.cluster.local/demoapp:built-with-jib
[INFO] 
[INFO] RUNNING  Building and pushing image
[INFO] RUNNING  Retrieving registry credentials for docker-registry.cluster.local
[INFO] RUNNING  Retrieving registry credentials for docker-registry.cluster.local
[INFO] No credentials could be retrieved for registry docker-registry.cluster.local
[INFO] Checking credentials from docker-credential-gcr
[INFO] Retrieving registry credentials for docker-registry.cluster.local : 11.78 ms
[INFO] RUNNING  Authenticating with push to docker-registry.cluster.local
[INFO] RUNNING  Building application layers
[INFO] RUNNING  Building dependencies layer
[INFO] RUNNING  Building resources layer
[INFO] RUNNING  Building classes layer
[INFO] Building application layers : 2.147 ms
[INFO] RUNNING  Setting up to push layers
[INFO] Building dependencies layer : 6.088 ms
[INFO] Setting up to push layers : 3.209 ms
[WARNING] The system does not have docker-credential-gcr CLI
[INFO] No credentials could be retrieved for registry gcr.io
[INFO] Retrieving registry credentials for docker-registry.cluster.local : 27.784 ms
[INFO] RUNNING  Authenticating pull from gcr.io
[INFO] Building classes layer : 15.153 ms
[INFO] Building resources layer : 41.586 ms
[INFO] Authenticating pull from gcr.io : 475.456 ms
[INFO] RUNNING  Pulling base image manifest
[INFO] Pulling base image manifest : 499.365 ms
[INFO] RUNNING  Setting up base image caching
[INFO] Setting up base image caching : 0.743 ms
[INFO] RUNNING  Pulling base image layer sha256:ba7c544469e514f1a9a4dec59ab640540d50992b288adbb34a1a63c45bf19a24
[INFO] RUNNING  Pulling base image layer sha256:8171e68b0292aeaa0e4d4127e797391fcb6becd202b1c6b65f6d6f80244a79bd
[INFO] RUNNING  Pulling base image layer sha256:1cc7b33784d180ad7d46decd2f24b3e34804e8955fe9771e135c42840237e097
[INFO] Pulling base image layer sha256:8171e68b0292aeaa0e4d4127e797391fcb6becd202b1c6b65f6d6f80244a79bd : 0.666 ms
[INFO] RUNNING  Setting up to push layers
[INFO] Pulling base image layer sha256:ba7c544469e514f1a9a4dec59ab640540d50992b288adbb34a1a63c45bf19a24 : 0.381 ms
[INFO] Setting up to push layers : 0.923 ms
[INFO] Pulling base image layer sha256:1cc7b33784d180ad7d46decd2f24b3e34804e8955fe9771e135c42840237e097 : 1.064 ms
[INFO] Authenticating with push to docker-registry.cluster.local : 342240.236 ms
[INFO] RUNNING  Pushing BLOB sha256:e284665cc3282200f29c695c15c6424a7f659e64b21073cb68d4de492a599b09
[INFO] RUNNING  Pushing BLOB sha256:df0e86cb92bfa8ae506bed53e83a81238797203b4e4c85f9d623f673613fa2ef
[INFO] RUNNING  Pushing BLOB sha256:14a63e790248ad1117badfea1177a71432b254cc35a152348f70ff6c04aa541f
[INFO] Pushing BLOB sha256:df0e86cb92bfa8ae506bed53e83a81238797203b4e4c85f9d623f673613fa2ef : 0.669 ms
[INFO] Pushing BLOB sha256:e284665cc3282200f29c695c15c6424a7f659e64b21073cb68d4de492a599b09 : 0.358 ms
[INFO] Pushing BLOB sha256:14a63e790248ad1117badfea1177a71432b254cc35a152348f70ff6c04aa541f : 1.15 ms
Jun 06, 2018 10:39:43 PM com.google.common.util.concurrent.AggregateFuture$RunningState handleException
SEVERE: Input Future failed with Error
java.lang.StackOverflowError
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.ssl.Debug.getBooleanProperty(Debug.java:184)
        at sun.security.ssl.SSLSessionImpl.<init>(SSLSessionImpl.java:767)
        at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:661)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:206)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2267)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:91)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
        at com.google.api.client.http.apache.ApacheHttpRequest.execute(ApacheHttpRequest.java:65)
        at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:981)
        at com.google.cloud.tools.jib.http.Connection.send(Connection.java:97)
        at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint(RegistryClient.java:250)
        at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint(RegistryClient.java:302)
        <<<the last line is repeated until the stack trace is cut>>>
       
[INFO] RUNNING  Pushing BLOB sha256:ba7c544469e514f1a9a4dec59ab640540d50992b288adbb34a1a63c45bf19a24
[INFO] RUNNING  Pushing BLOB sha256:8171e68b0292aeaa0e4d4127e797391fcb6becd202b1c6b65f6d6f80244a79bd
[INFO] RUNNING  Pushing BLOB sha256:1cc7b33784d180ad7d46decd2f24b3e34804e8955fe9771e135c42840237e097
[INFO] Pushing BLOB sha256:8171e68b0292aeaa0e4d4127e797391fcb6becd202b1c6b65f6d6f80244a79bd : 0.948 ms
[INFO] Pushing BLOB sha256:ba7c544469e514f1a9a4dec59ab640540d50992b288adbb34a1a63c45bf19a24 : 0.6 ms
[INFO] Pushing BLOB sha256:1cc7b33784d180ad7d46decd2f24b3e34804e8955fe9771e135c42840237e097 : 1.379 ms
[INFO] RUNNING  Pushing new image
[INFO] Pushing new image : 0.141 ms
[INFO] Building and pushing image : 342628.102 ms
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:44 min
[INFO] Finished at: 2018-06-06T22:39:43+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:0.1.7:build (default-cli) on project demo: Build image failed: StackOverflowError -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
@gintautassulskus
Copy link
Author

gintautassulskus commented Jun 6, 2018
edited
Loading

Additional info.

If the load balancer is configured with https redirect false, then jib fails with:

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:0.1.7:build (default-cli) on project demo: 
Build image failed, perhaps you should make sure your Internet is up and that the registry you are pushing to exists: 
Connection to http://docker-registry.cluster.local refused: Connection refused -> [Help 1]

With the https redirect set to true, jib throws the StackOverflow error described in the first post.

@coollog coollog added this to the 0.9.1 milestone Jun 29, 2018
@coollog
Copy link
Contributor

coollog commented Jun 29, 2018

We've released version 0.9.1 that allows using a registry over HTTP if the parameter allowInsecureRegistries is set to true. Can you try updating to 0.9.1 and see if your problem is fixed?

@velo
Copy link
Contributor

velo commented Jul 11, 2018

I'm having a similar problem with 0.9.3

I also run a private docker registry, on private network using registry:2

allowInsecureRegistries is set to true

        <configuration>
          <from>
            <image>gcr.io/distroless/java</image>
          </from>
          <to>
            <image>${docker.registry}jib/${project.artifactId}:${imageTag}</image>
          </to>
          <container>
            <jvmFlags>
              <jvmFlag>-Xms350M</jvmFlag>
              <jvmFlag>-Xmx350M</jvmFlag>
              <jvmFlag>-server</jvmFlag>
              <jvmFlag>-XX:MetaspaceSize=20m</jvmFlag>
              <jvmFlag>-XX:MaxNewSize=64m</jvmFlag>
              <jvmFlag>-XX:NewSize=64m</jvmFlag>
              <jvmFlag>-XX:+UseConcMarkSweepGC</jvmFlag>
            </jvmFlags>
            <mainClass>${main.class}</mainClass>
            <ports>
              <port>18080</port>
            </ports>
          </container>
          <allowInsecureRegistries>true</allowInsecureRegistries>
        </configuration>

[INFO] Finalizing...
[DEBUG] RUNNING	Building container configuration
[DEBUG] RUNNING	Pushing BLOB digest: sha256:3cc6e30db129c453660e6c5b40ac04dd569f0e504d60b0e7568da24a6c62db68, size: 38708620
[DEBUG] TIMED	Building container configuration : 0.919 ms
[DEBUG] Building container configuration : 0.919 ms
[DEBUG] TIMING	Pushing container configuration
[DEBUG] RUNNING	Pushing container configuration
[DEBUG] TIMING	Pushing BLOB digest: sha256:881a33c6884afb3308f76ebb8e8d0783f69941cb5253ecd413127931a8f782d9, size: 851
[DEBUG] RUNNING	Pushing BLOB digest: sha256:881a33c6884afb3308f76ebb8e8d0783f69941cb5253ecd413127931a8f782d9, size: 851
[DEBUG] TIMED	Pushing container configuration : 37.074 ms
[DEBUG] Pushing container configuration : 37.074 ms
Jul 11, 2018 3:06:09 PM com.google.common.util.concurrent.AggregateFuture$RunningState handleException
SEVERE: Got more than one input Future failure. Logging failures after the first
org.apache.http.client.ClientProtocolException
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:643)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
	at com.google.api.client.http.apache.ApacheHttpRequest.execute(ApacheHttpRequest.java:65)
	at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:981)
	at com.google.cloud.tools.jib.http.Connection.send(Connection.java:124)
	at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:169)
	at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:225)
	at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:139)
	at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint(RegistryClient.java:321)
	at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob(RegistryClient.java:232)
	at com.google.cloud.tools.jib.builder.steps.PushBlobStep.call(PushBlobStep.java:82)
	at com.google.cloud.tools.jib.builder.steps.PushBlobStep.call(PushBlobStep.java:35)
	at com.google.common.util.concurrent.CombinedFuture$CallableInterruptibleTask.runInterruptibly(CombinedFuture.java:181)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.ProtocolException: The server failed to respond with a valid HTTP response
	at org.apache.http.impl.conn.DefaultResponseParser.parseHead(DefaultResponseParser.java:109)
	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:210)
	at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:271)
	at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:227)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:209)
	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:292)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:126)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:483)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
	... 17 more

@briandealwis
Copy link
Member

I just tried this on 0.9.3 with no issue. What does your registry logs show?

@chanseokoh
Copy link
Member

chanseokoh commented Jul 11, 2018
edited
Loading

@velo it's failing when you are pushing an image to your private registry. Can you try curl http://${docker.registry}jib and see what the server returns?

@briandealwis
Copy link
Member

Good catch @chanseokoh: maybe a missing a trailing / in your docker.registry, or in your to-image

@velo
Copy link
Contributor

velo commented Jul 11, 2018

Sure can @chanseokoh .

FWIW, here is my effective pom. I should have replaced all that non-sense of placeholders:

      <plugin>
        <groupId>com.google.cloud.tools</groupId>
        <artifactId>jib-maven-plugin</artifactId>
        <version>0.9.3</version>
        <configuration>
          <from>
            <image>gcr.io/distroless/java</image>
          </from>
          <to>
            <image>192.168.1.101:5000/thelastpickle/service-jib:marvin-SNAPSHOT</image>
          </to>
          <container>
            <jvmFlags>
              <jvmFlag>-Xms350M</jvmFlag>
              <jvmFlag>-Xmx350M</jvmFlag>
              <jvmFlag>-server</jvmFlag>
              <jvmFlag>-XX:MetaspaceSize=20m</jvmFlag>
              <jvmFlag>-XX:MaxNewSize=64m</jvmFlag>
              <jvmFlag>-XX:NewSize=64m</jvmFlag>
              <jvmFlag>-XX:+UseConcMarkSweepGC</jvmFlag>
            </jvmFlags>
            <mainClass>com.thelastpickle.Main</mainClass>
            <ports>
              <port>18080</port>
            </ports>
          </container>
          <allowInsecureRegistries>true</allowInsecureRegistries>
        </configuration>
      </plugin>

curl attemps:

$ curl  192.168.1.101:5000 -v
* Rebuilt URL to: 192.168.1.101:5000/
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET / HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact


$ curl  192.168.1.101:5000/thelastpickle -v
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET /thelastpickle HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact


$ curl  192.168.1.101:5000/thelastpickle/ -v
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET /thelastpickle/ HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact


$ curl  192.168.1.101:5000/thelastpickle/service-jib -v
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET /thelastpickle/service-jib HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact


$ curl  192.168.1.101:5000/thelastpickle/service-jib:marvin-SNAPSHOT -v
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET /thelastpickle/service-jib:marvin-SNAPSHOT HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact

All return left intact.

To make sure all was working fine, I downloaded distroless/java and tagged to match my private registry:

$ docker pull gcr.io/distroless/java
Using default tag: latest
latest: Pulling from distroless/java
Digest: sha256:8c259d09ca199cd0e2bf108d701f6c6ecd5eef58a7b5061e88474f0c59425bcc
Status: Image is up to date for gcr.io/distroless/java:latest


$ docker tag gcr.io/distroless/java 192.168.1.101:5000/distroless/java


$ docker push 192.168.1.101:5000/distroless/java
The push refers to repository [192.168.1.101:5000/distroless/java]
ce50d0a86442: Pushed 
6189abe095d5: Pushed 
a9872a8d1d84: Pushed 
latest: digest: sha256:daefa58624f9c75e36e5303101c41f85c13abc586e38e373589605d2c0e0b4c9 size: 949


$ docker pull 192.168.1.101:5000/distroless/java
Using default tag: latest
latest: Pulling from distroless/java
Digest: sha256:daefa58624f9c75e36e5303101c41f85c13abc586e38e373589605d2c0e0b4c9
Status: Image is up to date for 192.168.1.101:5000/distroless/java:latest

All working primo.

@velo
Copy link
Contributor

velo commented Jul 11, 2018

This is what I got on registry logs when run mvn com.google.cloud.tools:jib-maven-plugin:0.9.3:build:

2018/07/11 21:41:39 http: TLS handshake error from 192.168.1.207:61824: remote error: tls: unknown certificate
2018/07/11 21:41:39 http: TLS handshake error from 192.168.1.207:61832: remote error: tls: unknown certificate
2018/07/11 21:41:39 http: TLS handshake error from 192.168.1.207:61833: remote error: tls: unknown certificate
2018/07/11 21:41:39 http: TLS handshake error from 192.168.1.207:61834: tls: first record does not look like a TLS handshake
2018/07/11 21:41:39 http: TLS handshake error from 192.168.1.207:61835: tls: first record does not look like a TLS handshake
2018/07/11 21:41:41 http: TLS handshake error from 192.168.1.207:61864: remote error: tls: unknown certificate
2018/07/11 21:41:41 http: TLS handshake error from 192.168.1.207:61868: tls: first record does not look like a TLS handshake
2018/07/11 21:41:42 http: TLS handshake error from 192.168.1.207:61900: remote error: tls: unknown certificate
2018/07/11 21:41:42 http: TLS handshake error from 192.168.1.207:61901: tls: first record does not look like a TLS handshake
2018/07/11 21:41:44 http: TLS handshake error from 192.168.1.207:61926: remote error: tls: unknown certificate
2018/07/11 21:41:44 http: TLS handshake error from 192.168.1.207:61927: tls: first record does not look like a TLS handshake
2018/07/11 21:41:48 http: TLS handshake error from 192.168.1.207:61994: remote error: tls: unknown certificate
2018/07/11 21:41:48 http: TLS handshake error from 192.168.1.207:61996: tls: first record does not look like a TLS handshake
2018/07/11 21:41:48 http: TLS handshake error from 192.168.1.207:61995: remote error: tls: unknown certificate
2018/07/11 21:41:48 http: TLS handshake error from 192.168.1.207:61997: tls: first record does not look like a TLS handshake

@coollog
Copy link
Contributor

coollog commented Jul 11, 2018

@velo Do you happen to be using a self-signed certificate for your private registry? (Suggested as a feature in #543)

@velo
Copy link
Contributor

velo commented Jul 11, 2018

Yes I am

@chanseokoh
Copy link
Member

chanseokoh commented Jul 11, 2018
edited
Loading 

$ curl  192.168.1.101:5000/thelastpickle/service-jib:marvin-SNAPSHOT -v
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET /thelastpickle/service-jib:marvin-SNAPSHOT HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact

The server is not responding. No output given from the server. The connection is just left open.

Do you see difference between

curl http://192.168.1.101:5000 -v

and

curl https://192.168.1.101:5000 -v

? My guess is that, your server at port 5000 does not expect HTTP but HTTPS.

@coollog
Copy link
Contributor

coollog commented Jul 11, 2018

@velo okay, we will add support for it as part of #543

@velo
Copy link
Contributor

velo commented Jul 11, 2018

@chanseokoh I think you are correct:

$ curl https://192.168.1.101:5000 -v -k
* Rebuilt URL to: https://192.168.1.101:5000/
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=NZ; ST=Wellington; L=Wellington; O=The Last Pickle; OU=Sam; CN=docker registry
*  start date: Jan  9 02:34:45 2018 GMT
*  expire date: Jan  9 02:34:45 2019 GMT
*  issuer: C=NZ; ST=Wellington; L=Wellington; O=The Last Pickle; OU=Sam; CN=docker registry
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fd822805800)
> GET / HTTP/2
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< cache-control: no-cache
< content-type: text/plain; charset=utf-8
< content-length: 0
< date: Wed, 11 Jul 2018 22:10:43 GMT
< 
* Connection #0 to host 192.168.1.101 left intact


$ curl http://192.168.1.101:5000 -v
* Rebuilt URL to: http://192.168.1.101:5000/
*   Trying 192.168.1.101...
* TCP_NODELAY set
* Connected to 192.168.1.101 (192.168.1.101) port 5000 (#0)
> GET / HTTP/1.1
> Host: 192.168.1.101:5000
> User-Agent: curl/7.54.0
> Accept: */*
> 

* Connection #0 to host 192.168.1.101 left intact

@chanseokoh
Copy link
Member

@velo thanks. Yeah, at the moment, if you have <allowInsecureRegistries>true</allowInsecureRegistries>, we just drop HTTPS and talk to your repository with HTTP. That's the issue #543 that @coollog just said. We need to add support for bypassing insecure HTTPS connection.

@coollog
Copy link
Contributor

coollog commented Jul 12, 2018

Closing unless this issue persists.

@coollog coollog closed this as completed Jul 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@coollog coollog

Labels
None yet
Projects
None yet
Milestone
0.9.1
Development

No branches or pull requests
5 participants
@velo @briandealwis @coollog @chanseokoh @gintautassulskus