Actions
Issue #1256
closedThe httpd configuration is not acceptable to the Docker client
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version - Docker:
master
Platform Release:
2.8.0
Target Release - Docker:
2.0.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
There are a few issues with the httpd configuration for Docker v2:
- Docker is written in Go and thus it suffers from this bug:
https://github.com/golang/go/issues/5742
We need to rework the httpd config so that it works around this limitation. - The default httpd configuration in Fedora uses mod_mime_magic, which adds content-type and content-encoding headers to
the responses. These headers confuse the Docker client, so we should configure httpd not to do that for these paths. - The SSL options in the current config do not make much sense. They do things like exporting the client certificate into
the environment, when this config only serves flat files. It also has strange client certificate settings when client
certificates are not required for these views. - The Docker client may expect to see the Docker-Distribution-API-Version set to registry/2.0 on all requests.
Actions
Reconfigure the httpd vhost to better suit the Docker client.
This commit fixes a few issues with the httpd configuration for Docker v2:
Docker is written in Go and thus it suffers from this bug:
https://github.com/golang/go/issues/5742
This commit removes most SSL directives from the httpd configuration because they were causing httpd to want to renegotiate with the client (causing the issue), and they were unnecessary to begin with. The SSL options in the config did not make much sense. They did things like exporting the client certificate into the environment, when this config only serves flat files. It also had strange client certificate settings when client certificates are not required for these views.
The default httpd configuration in Fedora uses mod_mime_magic, which adds content-type and content-encoding headers to the responses. These headers confuse the Docker client, so this commit configures httpd not to do that for these paths.
The Docker client expects to see the Docker-Distribution-API-Version set to registry/2.0 on all requests.
https://pulp.plan.io/issues/1256
fixes #1256