harbor icon indicating copy to clipboard operation
harbor copied to clipboard

Published 20 hours ago verified publisher icon goharbor

unable to push when behind reverse proxy: unauthorized: authorize header needed to send HEAD to repository

Open billyburly opened this issue 2 years ago • 5 comments

New deployment of 2.5. Trying to run behind haproxy (my ssl terminator) and/or nginx. podman login works, but when I go to do a podman push the image doesn't transfer, and i get the following error.

#podman push wr/app-base:0.0.1 harbor.mydomain.com/library/wr/app-base:0.0.1
Getting image source signatures
Copying blob c550c8e0f355 [--------------------------------------] 1.0MiB / 151.3MiB
Copying blob fa498c409329 [--------------------------------------] 5.0MiB / 758.0MiB
Error: writing blob: uploading layer chunked: unauthorized: authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository

If I configure podman to directly talk to harbor it works

#podman push wr/app-base:0.0.1 harbor:8040/library/wr/app-base:0.0.1
Getting image source signatures
Copying blob c550c8e0f355 done
Copying blob fa498c409329 done
Copying config 424c60fc75 done
Writing manifest to image destination
Storing signatures

billyburly avatar May 04 '22 02:05 billyburly

Could you provide your nginx configuration? It seems your haproxy trim auth header when proxy requests.

chlins avatar May 05 '22 05:05 chlins

This is the config for the upstream nginx server

nginx.conf

worker_processes 1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    gzip  on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/x-javascript text/javascript application/json;

    set_real_ip_from  %%%;
    real_ip_recursive on;

    geoip_country /usr/share/GeoIP/GeoIP.dat;
    geoip_city /usr/share/GeoIP/GeoIPCity.dat;
    geoip_proxy 10.47.0.1;
    geoip_proxy_recursive on;

    include /etc/nginx/sites/*.conf;
}

harbor.conf

upstream harbor {
  server 127.0.0.1:8040;
}

server {
    listen 80 proxy_protocol;
    server_name harbor.%%%.com;

    client_max_body_size 0;
    chunked_transfer_encoding on;

    location / {
        proxy_pass http://harbor/;
        proxy_set_header  Host              $http_host;
        proxy_set_header  X-Real-IP         $remote_addr;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;

        proxy_buffering off;
        proxy_request_buffering off;
   }
}

billyburly avatar May 10 '22 14:05 billyburly

You could refer to https://github.com/goharbor/harbor/issues/3114.

chlins avatar May 11 '22 01:05 chlins

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] avatar Jul 05 '22 09:07 github-actions[bot]

@billyburly did you resolve the problem?

wy65701436 avatar Aug 04 '22 07:08 wy65701436

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] avatar Oct 03 '22 09:10 github-actions[bot]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.

github-actions[bot] avatar Nov 03 '22 09:11 github-actions[bot]