Description
Hi,
we've found an issue with installation where
- Harbor (docker registry) works only via HTTPS (and return 308 redirect to https for all plain reqests)
- Harbor has s3 storage backend connected via http protocol
In this case registry returns
Location: http://ceph.storage.local/harbor05/docker/registry/v2/blobs/sha256/d1/d1eca21af2432ccd13f82f7d5d346a9158523fb32a5462042c7ceba25c6ffdda/data?some_X-Amz_args
for HTTPS request to the registry
GET v2/dockerhub-proxy/oguzpastirmaci/gpu-burn/blobs/sha256:d1eca21af2432ccd13f82f7d5d346a9158523fb32a5462042c7ceba25c6ffdda
As I understand, this behavior controls by storage_service: redirect parameter, but I can't change this (not my infrastructure)
enroot.conf config file has ENROOT_ALLOW_HTTP option, but it sets HTTP as a prefer protocol, which is incorrect in our case
if [ -n "${ENROOT_ALLOW_HTTP-}" ]; then
readonly curl_proto="http"
readonly curl_opts=("--proto" "=http,https" "--retry" "${ENROOT_TRANSFER_RETRIES}" "--connect-timeout" "${ENROOT_CONNECT_TIMEOUT}" "--max-time" "${ENROOT_TRANSFER_TIMEOUT}" "-SsL")
else
readonly curl_proto="https"
readonly curl_opts=("--proto" "=https" "--retry" "${ENROOT_TRANSFER_RETRIES}" "--connect-timeout" "${ENROOT_CONNECT_TIMEOUT}" "--max-time" "${ENROOT_TRANSFER_TIMEOUT}" "-SsL")
fi
To fix my concrete issue I've just changed above script to
if [ -n "${ENROOT_ALLOW_HTTP-}" ]; then
readonly curl_proto="https"
readonly curl_opts=("--proto" "=http,https" "--retry" "${ENROOT_TRANSFER_RETRIES}" "--connect-timeout" "${ENROOT_CONNECT_TIMEOUT}" "--max-time" "${ENROOT_TRANSFER_TIMEOUT}" "-SsL")
else
readonly curl_proto="https"
readonly curl_opts=("--proto" "=https" "--retry" "${ENROOT_TRANSFER_RETRIES}" "--connect-timeout" "${ENROOT_CONNECT_TIMEOUT}" "--max-time" "${ENROOT_TRANSFER_TIMEOUT}" "-SsL")
fi
But, I believe that it will be better to add extra option like ENROOT_PREFER_HTTPS which will describe my situation/setup