[RTFACT-15805] HTTPS on Artifactory's Tomcat does not support Docker Registries Created: 02/Feb/18  Updated: 17/Feb/19  Resolved: 06/May/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Docker, Tomcat
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Patrick Russell Assignee: Unassigned
Resolution: Won't Do Votes: 2
Labels: None

Issue Links:
Duplicate
is duplicated by RTFACT-15867 pushing to docker registry returns ma... Resolved

 Description   

Symptoms: With an Artifactory's bundled Tomcat server configured to host the Artifactory application on an HTTPS port (Such as 8443), Docker requests will fail when using the "Embedded Tomcat" method.

Steps to reproduce:
0. Have / create a pair of SSL certificates to use with Artifactory:

openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

1. Configure Artifactory's Tomcat server to host an HTTPS port by modifying the $ART_HOME/tomcat/conf/server.xml (Add the below snippet to this file):
<Connector port="8081" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/home/jfrog/programs/artifactory-pro-5.2.1/certs/domain.crt" SSLCertificateKeyFile="/home/jfrog/programs/artifactory-pro-5.2.1/certs/domain.key" SSLProtocol="TLSv1" />

2. Add the insecure registry to the Docker Daemon (/etc/docker/daemon.json):

{ "insecure-registries":["localhost:8443"] }

3. Attempt a "docker login":
docker login localhost:8443
Username (admin): admin
Password:
Login Succeeded

4. Attempt a pull or push and observe a timeout:
docker push localhost:8443/docker/tag-new

The push refers to a repository [localhost:8443/docker/tag-new]

f999ae22f308: Pushing [==================================================>] 3.584 kB

malformed HTTP response "\x15\x03\x03\x00\x02\x02P"

In the Artifactory request logs, instead of the usual Docker requests, there are instead 202 "Accepted" HTTP replies, indicating Artifactory is not sending the correct information to the Docker client:

20180202104835|39|REQUEST|0:0:0:0:0:0:0:1|admin|GET|/api/docker/null/v2/token|HTTP/1.1|200|0

20180202104836|141|REQUEST|0:0:0:0:0:0:0:1|admin|HEAD|/api/docker/docker/v2/nginx-new/blobs/sha256:6edc05228666c8ac9ec17c7dbbd8477c1a68e5569ce9f917d3cf47574
ba4633f|HTTP/1.1|404|0

20180202104836|28|REQUEST|0:0:0:0:0:0:0:1|admin|POST|/api/docker/docker/v2/nginx-new/blobs/uploads/|HTTP/1.1|202|0


Generated at Fri Sep 20 18:12:53 UTC 2019 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.