0

I'm trying to set up a docker environment where a local, insecure mirror is used to speed up things. It's ok to have it insecure since it's just a local lab environment.

I'm using Sonatype Nexus Repository Manager OSS 3.35.0-02 as the local mirror.

I've set up the docker configuration as per documentation, with:

{
  "registry-mirrors": ["http://192.168.8.10:8181"], 
  "insecure-registries": ["192.168.8.10:8181"]
}

docker info seems to confirm that the settings have been loaded:

Registry: https://index.docker.io/v1/
 Labels:
Experimental: false
Insecure Registries:
 192.168.8.10:8181
 127.0.0.0/8
Registry Mirrors:
 http://192.168.8.10:8181/

Now, I can test that Nexus is working properly because this works:

docker rmi alpine:3.13.3 ; docker pull 192.168.8.10:8181/alpine:3.13.3

in the sense that the image is downloaded and I can see that it appears in the Nexus repo.

But running the plain command:

docker rmi alpine:3.13.4 ; docker pull alpine:3.13.4

seems to bypass the mirror since the image is downloaded, but it doesn't show up in the Nexus repository.

This happens both with macOS BigSur 11.5.1 + Docker Desktop 1.4.0 and a Vagrant VM running Ubuntu Server 20.04 with Docker version 20.10.7, build 20.10.7-0ubuntu1~20.04.2.

Thanks.

Improve this question

2 Answers 2

Reset to default
1

While I still haven't solved the problem in a clean way, I found a workaround. Prepending the image name with the mirror name makes the pull operation work fine with the mirror, but the problem is that the image tag keeps the mirror name, i.e.:

$ docker pull 192.168.8.10:8181/alpine:3.13.4
$ docker image ls
REPOSITORY                         TAG               IMAGE ID         CREATED         SIZE
192.168.8.10:8181/alpine           3.13.4            49f356fa4513   2 years ago     5.61MB

But I can fix that by adding a clean tag and removing the 'dirty' one after pulling the image:

$ docker image tag 192.168.8.10:8181/alpine:3.13.4 alpine:3.13.4
$ docker image rm 192.168.8.10:8181/alpine:3.13.4
$ docker image ls
REPOSITORY                       TAG               IMAGE ID       CREATED         SIZE
alpine                           3.13.4            49f356fa4513   2 years ago     5.61MB
Improve this answer
0

Your image name is wrong. There's no equivalent for:

192.168.8.10:8181/alpine:3.13.3

on Docker Hub. When you pull alpine:3.13.4, it is actually pulling docker.io/library/alpine:3.13.4. So your mirror needs to have the following image:

192.168.8.10:8181/library/alpine:3.13.3

And the design of registry mirroring is to always go to the upstream source when the mirror fails. These are mirrors, not an access control system.

Improve this answer
7
  • The image name is not wrong, in the sense that Docker syntax interprets 192.168.8.10:8181 as the repo from which the image is downloaded. And it's my Nexus, that actually works as it is instructed to download the original from Docker Hub. Infact it works. That command line is just the demonstration that the Nexus mirror is working.
    – Fabrizio Giudici
    Commented Mar 31, 2023 at 12:24
  • @FabrizioGiudici you were demonstrating that the image exists on the mirror and then asking why the next docker pull command did not pull that image. My answer above is explaining that docker will not try to pull from that path on the mirror and the mirror needs to store the image in a different location.
    – BMitch
    Commented Mar 31, 2023 at 13:41
  • That Docker is not pulling the image from the mirror is obvious, otherwise I wouldn't have posted this question. But I don't see your "explanation". You're only saying it doesn't do, but why are the mirror settings ignored?
    – Fabrizio Giudici
    Commented Mar 31, 2023 at 13:59
  • @FabrizioGiudici when the pull from the mirror fails, it falls back to pulling from Hub.
    – BMitch
    Commented Mar 31, 2023 at 14:08
  • But the mirror is not failing. That's what I don't understand.
    – Fabrizio Giudici
    Commented Mar 31, 2023 at 16:30

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .