Home > database >  Failed to push docker image to remote registry using ssh tunnel
Failed to push docker image to remote registry using ssh tunnel

Time:08-18

I'm trying to push a docker image from our development server to a system via ssh tunnel. The registry is running on port 443 on the remote system. I have the tunnel setup correctly, but when I go to do the docker push, it doesn't push to the remote registry. If I take down the tunnel, then I get connection refused, so I have some confidence there that is setup correctly.

This is my tunnel: ssh -L 10101:(IP Address):443 jump

[user@devserver target (develop)]$ docker images | grep application
program/application                                aee3b0c8c-08-17-2022-06-09-57-422   c79b292fdebd   5 hours ago     276MB
[user@devserver target (develop)]$ docker tag program/application:aee3b0c8c-08-17-2022-06-09-57-422 localhost:10101/program/application:aee3b0c8c-08-17-2022-06-09-57-422
[user@devserver target (develop)]$ docker images | grep application
program/application                                aee3b0c8c-08-17-2022-06-09-57-422   c79b292fdebd   5 hours ago     276MB
localhost:10101/program/application                aee3b0c8c-08-17-2022-06-09-57-422   c79b292fdebd   5 hours ago     276MB
[user@devserver target (develop)]$ docker push localhost:10101/program/application:aee3b0c8c-08-17-2022-06-09-57-422
The push refers to repository [localhost:10101/program/application]
8c47cda4a82b: Layer already exists
c51a173c1f9f: Layer already exists
bc9669b66ca9: Layer already exists
fa5795d612c9: Layer already exists
002c8b92d017: Layer already exists
9b0964cf7e12: Layer already exists
a7318ad177b0: Layer already exists
3c85054ce964: Layer already exists
413ce048394c: Layer already exists
4117d2b8a3fe: Layer already exists
8d46ca9b4f93: Layer already exists
174f56854903: Layer already exists
aee3b0c8c-08-17-2022-06-09-57-422: digest: sha256:63b0072cf4a45c805a32e025abdc8aed64d63936fdac81569c0cba10f43b4f26 size: 2831
[user@devserver target (develop)]$ docker images | grep application
program/application                                aee3b0c8c-08-17-2022-06-09-57-422   c79b292fdebd   5 hours ago     276MB
localhost:10101/program/application                aee3b0c8c-08-17-2022-06-09-57-422   c79b292fdebd   5 hours ago     276MB

Then if I tear down the tunnel:

[user@devserver target (develop)]$ docker push localhost:10101/program/application:aee3b0c8c-08-17-2022-06-09-57-422
The push refers to repository [localhost:10101/program/application]
Get "http://localhost:10101/v2/": dial tcp [::1]:10101: connect: connection refused
[user@devserver target (develop)]$

But on the remote system, I don't see it there:

[root@system-2 scripts]# docker images -a | grep application
[root@system-2 scripts]#

CodePudding user response:

That behavior seems normal. If a system happens to be running both a registry service and a Docker daemon, they are separate, and the images that are pushed into the registry won't be visible to the Docker daemon, unless it manually pulls them back out of the registry.

In principle (up to TLS certificate issues) you should be able to run on the remote system something like

[root@system-2 scripts]# docker pull localhost:443/program/application:aee3b0c8c-08-17-2022-06-09-57-422

to get a copy of the image from the registry into the remote daemon.

More generally, you can never docker push an image directly from one Docker daemon to another; push and pull are always interactions between a Docker daemon and a registry, not between two Docker daemons.

  • Related