How can I troubleshoot Docker pull failing with HTTP 503 error? - docker-for-windows

I’ve used docker some in the past , I’m trying to introduce it at a new environment, but cannot get docker pull working. Keeps failing with 503 response.
What I could use help with is finding the underlying cause of this issue, so I can have the net/it admins fix whatever it is, be it firewall, ssl, proxy authentication, (all the usual suspects running docker/windows in a corporate network, ya know.)
Where can I look to see the root cause of pull failures to help them out? Also any specific diagnostic tests I could run to help figure this out would help.
I am able to hit registry-1.docker.io in general:
e.g.
curl https://registry-1.docker.io/v2/
{“errors”:[{“code”:“UNAUTHORIZED”,“message”:“authentication required”,“detail”:null}]}
I’ve poked through the logs in %localappdata%/docker, but have not been able to find anything.
the only thing I found at all was in dockerd.log:
2021-08-19T13:59:06Z dockerd time=“2021-08-19T13:59:06.656666400Z” level=debug msg="pulling blob “sha256:9da81141e74e38839836e81c2691d3c7ac54bf34272e5d4a636fc032150506a4"”
2021-08-19T13:59:06Z dockerd time=“2021-08-19T13:59:06.994330700Z” level=info msg=“Download failed, retrying (1/5): received unexpected HTTP status: 503 Service Unavailable”
Which does not really help. I know docker registry is not down, so this is not really a 503 from docker.
System info
OS: Windows 10 19043, WSL2 enabled (VM with virtualization enabled, if that matters)
Docker version 20.10.7, build f0df350
repro steps:
docker run -d -p 80:80 docker/getting-started
Unable to find image ‘docker/getting-started:latest’ locally
latest: Pulling from docker/getting-started
540db60ca938: Retrying in X seconds (repeats countdown a few times with increasing wait times )
0ae30075c5da: Retrying in X seconds
9da81141e74e: Retrying in X seconds
b2e41dd2ded0: Waiting
7f40e809fb2d: Waiting
758848c48411: Waiting
23ded5c3e3fe: Waiting
38a847d4d941: Waiting
docker: received unexpected HTTP status: 503 Service Unavailable. (finally)
See ‘docker run --help’.
Thanks.
JS

Answering my own question: I ran docker through fiddler, by setting the docker proxy to localhost:8888. Inspecting the body of the 503 response in fiddler, I was able to see the cause: The corporate firewall rules were blocking executable file transfers.

Related

Unable to establish SSL connection upon wget on windows, accessing NASA CDDIS

I've been using wget to pull some .rnx files from the CDDIS NASA archives. This has been working no problem for ~200 iterations until now. Not sure what happened.
I'm receiving an SSL connection error that occurs on other files in the CDDIS website. when I try the same command for, say, www.google.com, the index file is downloaded fine to the given output directory.
I have found this solution thread for linux which seems like my issue:
Unable to establish SSL connection upon wget on Ubuntu 14.04 LTS
or
Unable to establish SSL connection, how do I fix my SSL cert?
I am on Windows 11. To be completely honest despite some googling and toying around with the ports (302/443) based on that thread, it's all a bit opaque on how I can fix this issue myself. Would really appreciate a bit more of a breakdown on how I might approach this problem.
>wget -P C:\Users\name\Desktop\brdc http://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz
--2022-05-01 17:47:05-- http://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz
Resolving cddis.nasa.gov (cddis.nasa.gov)... 198.118.199.52
Connecting to cddis.nasa.gov (cddis.nasa.gov)|198.118.199.52|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz [following]
--2022-05-01 17:47:05-- https://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz
Connecting to cddis.nasa.gov (cddis.nasa.gov)|198.118.199.52|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://urs.earthdata.nasa.gov/oauth/authorize?client_id=gDQnv1IO0j9O2xXdwS8KMQ&response_type=code&redirect_uri=https%3A%2F%2Fcddis.nasa.gov%2Fproxyauth&state=aHR0cDovL2NkZGlzLm5hc2EuZ292L2FyY2hpdmUvZ25zcy9kYXRhL2RhaWx5LzIwMjEvMDAxLzIxcC9CUkRDMDBJR1NfUl8yMDIxMDAxMDAwMF8wMURfTU4ucm54Lmd6 [following]
--2022-05-01 17:47:05-- https://urs.earthdata.nasa.gov/oauth/authorize?client_id=gDQnv1IO0j9O2xXdwS8KMQ&response_type=code&redirect_uri=https%3A%2F%2Fcddis.nasa.gov%2Fproxyauth&state=aHR0cDovL2NkZGlzLm5hc2EuZ292L2FyY2hpdmUvZ25zcy9kYXRhL2RhaWx5LzIwMjEvMDAxLzIxcC9CUkRDMDBJR1NfUl8yMDIxMDAxMDAwMF8wMURfTU4ucm54Lmd6
Resolving urs.earthdata.nasa.gov (urs.earthdata.nasa.gov)... 198.118.243.33
Connecting to urs.earthdata.nasa.gov (urs.earthdata.nasa.gov)|198.118.243.33|:443... connected.
Unable to establish SSL connection.

cURL and SMTP error after SSL and clodflare

I have a wordpress site.Everything was running fine but after I activated SSL sertificate and Cloudflare things got messed up.
I am trying to send emails via mailgun smtp. but I got this error.
smtp error
I googled for this one and I tried to change from google DNS to openDNS but no success
Also when I want to install a plugin these errors shows up
install error
However I can upload plugins manually so it should not be a permission issue.
I am running Nginx and here are my iptables
iptables
And to check ports Listening
Listen
Since this is curl error I tried to run:
curl -v https://mydomain.info
In a perfect world it should return html but I got this instead:
curl: (6) Could not resolve host: mydomain.info
If anyone has any idea where to look for answers I would really appreciate that.

- Restcomm Olympus WebRTC WSS error,

We are trying to use RESTCOMM OLYMPUS by making few customizations as part of our application. The main customization is that we have deployed OLYMPUS war on our Apache TOmcat web server and the OUTBOUND PROXY is properly pointed to the same server where RESTCOMM is running.
So far all is good, but recently we got the issue that "getUserMedia()" deprecation issue because of insecure origin issue by chromium fix.
So, it means we need to use HTTPS and WSS. I can see that just around 7 days back OLYMPUS code has been updated on GITHUB to use WSS if HTTPS has been used in browser location bar.
So first we have installed self signed CERT and enabled SLL config on TOMCAT so that our customized OLYMPUS UI is accessed via https from Tomcat. And then we used WSS protocol to connect to OUTBOUND PROXY. Bt we got the below error
"WebSocket connection to 'wss:/:5082/' failed: Error in connection establishment: net::ERR_TIMED_OUT
WSMessageChannel:createWebSocket(): websocket connection has failed:[object Event]"
Then we thought that in addition to TOMCAT ( where WAR is deployed) we need to install self singed cert and SSL config on RESTCOMM as well. So we did it by following http://docs.telestax.com/restcomm-enable-https-secure-connector-on-jboss-as-7-or-eap-6/ and also we have used WSS protocol.
But this time also we got the error but with a different error code though
"WebSocket connection to 'wss:/:5083/' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
WSMessageChannel:createWebSocket(): websocket connection has failed:[object Event]"
Can i request the forums to explain if we are missing any thin here?
Thanks in advance
I would suggest to use the mobicents RestComm docker image instead of using the zip bundle, because for docker image all settings are handled automatically and https/wss should work out of the box. Here are some quick steps to get you started:
Install docker in your Ubuntu if not already there
Download RestComm docker image:
$ docker pull mobicents/restcomm:latest
Start docker image:
$ docker run -e SECURE="true" -e SSL_MODE="allowall" -e USE_STANDARD_PORTS="true" -e VOICERSS_KEY="VOICERSS_KEY_HERE" --name=restcomm -d -p 80:80 -p 443:443 -p 9990:9990 -p 5060:5060 -p 5061:5061 -p 5062:5062 -p 5063:5063 -p 5060:5060/udp -p 65000-65535:65000-65535/udp mobicents/restcomm:latest
Now you should be able to reach your RestComm instance Admin UI at:
https://<host ip address>/
Make sure that you don't have any servers running in your host at the ports used by the docker container above, or you'll have to use different ports (please refer to the docker hub page for such options)
Best regards,
Antonis Tsakiridis

Errror reading from remote server returned by /jenkins

I am using Jenkins and currently Jenkins is running fine in the background; however, when i am trying to access Jenkins using browser the homepage of Jenkins is not accessible. When I access it I get "Error reading from remote server ( 502 )". Has anyone encountered such an issue? What could be the workaround?
Try to remove proxy: export http_proxy="" && curl http://servername:portnumber/destinationpath/
or use https instead of http or vice-versa ( check which port is your jenkins running on )
Is it running on apache/nginx/whatever? Restart that. Restart Jenkins once more. Check the server configuration regarding those.
Did restart of iptables post which I have seen the issue to be resolved.
service iptables restart

Apache Daemon trying to Ping on CentOS but not working (SELinux issue)

I have developped an application in php. One of its functions is to ping an external server.
However, when this action was fired nothing happened. I checked the SELinux log and generated a policy to allow apache daemon to ping (ping works fine if log in as apache user). After installing that policy, no error is shown on SELinux log, but on the httpd log appears a lot of times:
ping: recvmsg: Permission denied
I know it is a SELinux configuration problem (Socket connection maybe?) because if I disable it, it works nice, but this is not an option for me.
I have redirected the output of the ping command to a text file and, after firing the action, this is the result:
PING myhost (myip) 56(84) bytes of data.
--- myhost ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 13002ms
So I am kind of stuck at this point. Anyone can help me?
Thanks a lot.
After a fresh install it all worked. Don't mess with policies, kids.