Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-15805

HTTPS on Artifactory's Tomcat does not support Docker Registries

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Docker, Tomcat
    • Labels:
      None

      Description

      Symptoms: With an Artifactory's bundled Tomcat server configured to host the Artifactory application on an HTTPS port (Such as 8443), Docker requests will fail when using the "Embedded Tomcat" method.

      Steps to reproduce:
      0. Have / create a pair of SSL certificates to use with Artifactory:

      openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

      1. Configure Artifactory's Tomcat server to host an HTTPS port by modifying the $ART_HOME/tomcat/conf/server.xml (Add the below snippet to this file):
      <Connector port="8081" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/home/jfrog/programs/artifactory-pro-5.2.1/certs/domain.crt" SSLCertificateKeyFile="/home/jfrog/programs/artifactory-pro-5.2.1/certs/domain.key" SSLProtocol="TLSv1" />

      2. Add the insecure registry to the Docker Daemon (/etc/docker/daemon.json):

      { "insecure-registries":["localhost:8443"] }

      3. Attempt a "docker login":
      docker login localhost:8443
      Username (admin): admin
      Password:
      Login Succeeded

      4. Attempt a pull or push and observe a timeout:
      docker push localhost:8443/docker/tag-new

      The push refers to a repository [localhost:8443/docker/tag-new]

      f999ae22f308: Pushing [==================================================>] 3.584 kB

      malformed HTTP response "\x15\x03\x03\x00\x02\x02P"

      In the Artifactory request logs, instead of the usual Docker requests, there are instead 202 "Accepted" HTTP replies, indicating Artifactory is not sending the correct information to the Docker client:

      20180202104835|39|REQUEST|0:0:0:0:0:0:0:1|admin|GET|/api/docker/null/v2/token|HTTP/1.1|200|0

      20180202104836|141|REQUEST|0:0:0:0:0:0:0:1|admin|HEAD|/api/docker/docker/v2/nginx-new/blobs/sha256:6edc05228666c8ac9ec17c7dbbd8477c1a68e5569ce9f917d3cf47574
      ba4633f|HTTP/1.1|404|0

      20180202104836|28|REQUEST|0:0:0:0:0:0:0:1|admin|POST|/api/docker/docker/v2/nginx-new/blobs/uploads/|HTTP/1.1|202|0

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                patrickr Patrick Russell
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: