Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

After successfully logging into my registry, the image push fails as it's trying against the local IP #1270

Open
1 of 3 tasks
TomHart opened this issue Nov 30, 2024 · 1 comment

Comments

@TomHart
Copy link

TomHart commented Nov 30, 2024

Contributing guidelines

I've found a bug, and:

  • The documentation does not mention anything about my problem
  • There are no open or closed issues that are related to my problem

Description

I have a registry running locally, externally accessibly via registry.example.com. The Github action can log into my registry fine, but the docker push fails. Has anyone had this before?

Expected behaviour

Docker image pushes to my registry

Actual behaviour

It resolves the internal IP address and tries to push there

#38 [auth] sharing credentials for registry.example.com
#38 DONE 0.0s
#37 exporting to image
#37 33.19 error: failed to copy: failed to do request: Put "https://192.168.1.171/v2/repo-name/blobs/uploads/941b40a9-d6fb-4701-aded-385eec9dcb55?_state=_syVg7StDX9rNYAzmMqpuTIdHItl9e_dkJQ29zDiiO17Ik5hbWUiOiJob3BraW5zb24tY21zIiwiVVVJRCI6Ijk0MWI0MGE5LWQ2ZmItNDcwMS1hZGVkLTM4NWVlYzlkY2I1NSIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAyNC0xMS0zMFQxMDowNjoxNi43MjM4NDAxMDJaIn0%3D&digest=sha256%3A17f01ce0086807fa706f33dba43b139ee9b1f8b38eed3825f6eea4005d7a4d3d": dial tcp 192.168.1.171:443: i/o timeout

Repository URL

No response

Workflow run URL

No response

YAML workflow

-   name: Login to My Registry
                uses: docker/login-action@v3
                with:
                    registry: ${{ vars.DOCKER_REGISTRY }}
                    username: ${{ vars.DOCKER_USERNAME }}
                    password: ${{ secrets.DOCKER_PASSWORD }}

            -   name: Login to My Pull Registry
                uses: docker/login-action@v3
                with:
                    registry: ${{ vars.DOCKER_PULL_REGISTRY }}
                    username: ${{ vars.DOCKER_USERNAME }}
                    password: ${{ secrets.DOCKER_PASSWOR

            -   name: Build Docker image
                uses: docker/build-push-action@v6
                with:
                    provenance: false # Fails with or without this, just here from testing
                    push: true
                    tags: |
                        registry.example.com/${{ github.event.repository.name }}:${{ github.sha }}
                        registry.example.com/${{ github.event.repository.name }}:latest
                    cache-from: type=gha
                    cache-to: type=gha,mode=max
                env:
                    BUILDKIT_PROGRESS: plain
                    DOCKER_BUILDKIT_DEBUG: "true"

Workflow logs

No response

BuildKit logs


Additional info

No response

@TomHart
Copy link
Author

TomHart commented Nov 30, 2024

My nginx config to expose the registry

server {
    server_name registry.example.com;
    location / {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin 'https://registry-ui.example.com';
            add_header Access-Control-Allow-Methods 'GET, OPTIONS, PUT, POST, DELETE';
            add_header Access-Control-Allow-Credentials 'true';
            add_header Access-Control-Allow-Headers 'Accept, *';
            add_header Content-Type text/plain;
            add_header Content-Length 0;
            return 204;
        }
    
        proxy_pass http://192.168.1.171;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    
        add_header Access-Control-Allow-Origin 'https://registry-ui.example.com';
        add_header Access-Control-Allow-Methods 'GET, OPTIONS, PUT, POST, DELETE';
        add_header Access-Control-Allow-Credentials 'true';
        add_header Access-Control-Allow-Headers 'Accept, *';
    
        client_max_body_size 2G;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/registry.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/registry.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant