Skip to content

Please remove IP from blacklist  #1864

New issue
New issue
Closed
Closed
Please remove IP from blacklist #1864

Description

@canariecaf

canariecaf
openedon Aug 11, 2019

Problem description

hub.docker.com is issuing error 500's when it was working as expected before a few days ago with no changes. Investigating further it appears this error 500 is a blacklisting strategy

Our infrastructure appears as one NAT address of 205.189.33.36 and are requesting to be unblocked.

*   Trying 3.223.74.179...
* Connected to hub.docker.com (3.223.74.179) port 443 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
* found 743 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.docker.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=*.docker.com
* 	 start date: Tue, 16 Jul 2019 00:00:00 GMT
* 	 expire date: Sun, 16 Aug 2020 12:00:00 GMT
* 	 issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* 	 compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: hub.docker.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 500 Server Error
< Cache-Control: no-cache
< Connection: close
< Content-Type: text/html
< 
<html><body><h1>500 Server Error</h1>
An internal server error occured.
</body></html>

* Closing connection 0

We have reviewed other open items like:
#1305
and are opening this one to avoid unnecessary noise to others not impacted but who have experienced the same thing

How we got here:

We use Harbor as our private registry but unfortunately it does not have a pull-through cache capability yet -- but appears to be coming: goharbor/harbor#8082

For us this is an operational issue for not just a single host but many as we are but a single NAT address and do need this IP capable of communicating with hub.docker.com.

We are working on putting up a pull-through registry cache in the next few days and want to do it properly.

If there's another pathway to pursue this request or if this is an erroneous assumption on the blacklisting, please let us know.
Thank you!

Chris.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions