public.ecr.aws 拉取失败 #65

New Issue

Closed

opened 2025-08-30 00:52:43 +08:00 by Rirmach · 2 comments

Rirmach commented 2025-08-30 00:52:43 +08:00 (Migrated from github.com)

Copy Link

从 public.ecr.aws 拉取 docker 镜像时失败

版本：

xxx@xxx:~$ hubproxy
未找到config.toml，使用默认配置
HubProxy 启动成功
监听地址: 0.0.0.0:5000
限流配置: 200请求/1小时
版本号: v1.1.6
项目地址: https://github.com/sky22333/hubproxy

配置：

[registries."public.ecr.aws"]
upstream = "public.ecr.aws"
authHost = "public.ecr.aws"
authType = "anonymous"
enabled = true

日志：

Aug 30 00:36:06 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:06 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:06 | 200 |     105.605µs |        10.0.0.1 | GET      "/v2/"
Aug 30 00:36:06 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:08 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:08 | 200 |  1.571089644s |        10.0.0.1 | HEAD     "/v2/public.ecr.aws/docker/library/golang/manifests/1.23-bookworm"
Aug 30 00:36:08 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:08 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:08 | 200 |   722.22314ms | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/manifests/sha256:167053a2bb901972bf2c1611f8f52c44d5fe7e762e5cab213708d82c421614db"
Aug 30 00:36:08 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:09 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:09 | 200 |  678.174183ms | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/manifests/sha256:e87b2a5f6df2dff71ea330d55d54f4979eb380ae58a7e3aabc9d53121243e689"
Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 |  1.570708581s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505"
Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 |  1.592189165s | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3"
Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 |   1.60040567s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34"
Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 |  1.761848643s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877"
Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 |  1.003673368s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34"
Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 |  1.012537463s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3"
Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 |  998.561482ms |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877"
Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 |   999.63933ms | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505"
Aug 30 00:36:13 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:14 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:14 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:14 | 500 |  1.001685179s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505"
Aug 30 00:36:15 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:16 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:16 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:16 | 500 |  1.001751653s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505"
Aug 30 00:36:17 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:17 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:17 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:18 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:18 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:18 | 500 |  999.966813ms | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3"
Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:18 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:18 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:18 | 500 |  1.005683137s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34"
Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:18 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:18 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:18 | 500 |  1.012063223s | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877"
Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP:
Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 |  1.002530124s | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505"
Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 |  999.123114ms |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3"
Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 |  1.038061926s | dc00:10::68e7:82ff:fe8f:64eb | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34"
Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 |  1.013925419s |        10.0.0.1 | GET      "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877"

实际拉取命令：

xxx@xxx:~$ docker pull docker-proxy.example.com:8080/public.ecr.aws/docker/library/golang:1.23-bookworm
1.23-bookworm: Pulling from public.ecr.aws/docker/library/golang
f014853ae203: Already exists 
6d6401b7636b: Already exists 
cffef7dc6f99: Already exists 
d64c83132511: Retrying in 1 second 
d5791340ef18: Retrying in 1 second 
01b3c4a0d5c8: Retrying in 1 second 
4f4fb700ef54: Waiting 
error pulling image configuration: download failed after attempts=6: received unexpected HTTP status: 500 Internal Server Error
xxx@xxx:~$ docker pull public.ecr.aws/docker/library/golang:1.23-bookworm
1.23-bookworm: Pulling from docker/library/golang
f014853ae203: Already exists 
6d6401b7636b: Already exists 
cffef7dc6f99: Already exists 
d64c83132511: Pull complete 
d5791340ef18: Pull complete 
01b3c4a0d5c8: Pull complete 
4f4fb700ef54: Pull complete 
Digest: sha256:167053a2bb901972bf2c1611f8f52c44d5fe7e762e5cab213708d82c421614db
Status: Downloaded newer image for public.ecr.aws/docker/library/golang:1.23-bookworm
public.ecr.aws/docker/library/golang:1.23-bookworm
xxx@xxx:~$ docker pull docker-proxy.example.com:8080/docker.gitea.com/runner-images:ubuntu-latest
ubuntu-latest: Pulling from docker.gitea.com/runner-images
80c4c39d8c6a: Pull complete 
e716c4626da7: Pull complete 
00472f22f5b9: Pull complete 
ea1437fa0f29: Pull complete 
75ca9b569219: Pull complete 
bd9ddc54bea9: Pull complete 
Digest: sha256:41915f7815dc95f8ac258cace2dab85b0d7fef40926ad24b5b15d4a06a2375f5
Status: Downloaded newer image for docker-proxy.example.com:8080/docker.gitea.com/runner-images:ubuntu-latest
docker-proxy.example.com:8080/docker.gitea.com/runner-images:ubuntu-latest

推测可能是 AWS 针对匿名拉取也有一套挑战/认证流程，而 hubproxy 尚未实现。

从 public.ecr.aws 拉取 docker 镜像时失败 版本： ```shell xxx@xxx:~$ hubproxy 未找到config.toml，使用默认配置 HubProxy 启动成功 监听地址: 0.0.0.0:5000 限流配置: 200请求/1小时 版本号: v1.1.6 项目地址: https://github.com/sky22333/hubproxy ``` 配置： ```toml [registries."public.ecr.aws"] upstream = "public.ecr.aws" authHost = "public.ecr.aws" authType = "anonymous" enabled = true ``` 日志： ```log Aug 30 00:36:06 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:06 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:06 | 200 | 105.605µs | 10.0.0.1 | GET "/v2/" Aug 30 00:36:06 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:08 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:08 | 200 | 1.571089644s | 10.0.0.1 | HEAD "/v2/public.ecr.aws/docker/library/golang/manifests/1.23-bookworm" Aug 30 00:36:08 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:08 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:08 | 200 | 722.22314ms | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/manifests/sha256:167053a2bb901972bf2c1611f8f52c44d5fe7e762e5cab213708d82c421614db" Aug 30 00:36:08 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:09 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:09 | 200 | 678.174183ms | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/manifests/sha256:e87b2a5f6df2dff71ea330d55d54f4979eb380ae58a7e3aabc9d53121243e689" Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:09 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 | 1.570708581s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505" Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 | 1.592189165s | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3" Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 | 1.60040567s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34" Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:11 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:11 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:11 | 500 | 1.761848643s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877" Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:11 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 | 1.003673368s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34" Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 | 1.012537463s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3" Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 | 998.561482ms | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877" Aug 30 00:36:12 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:12 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:12 | 500 | 999.63933ms | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505" Aug 30 00:36:13 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:14 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:14 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:14 | 500 | 1.001685179s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505" Aug 30 00:36:15 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:16 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:16 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:16 | 500 | 1.001751653s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505" Aug 30 00:36:17 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:17 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:17 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:18 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:18 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:18 | 500 | 999.966813ms | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3" Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:18 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:18 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:18 | 500 | 1.005683137s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34" Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: dc00:10::68e7:82ff:fe8f:64eb (提纯后: dc00:10::68e7:82ff:fe8f:64eb, 限流段: dc00:10::/64), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:18 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:18 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:18 | 500 | 1.012063223s | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877" Aug 30 00:36:18 service hubproxy[2015789]: 请求IP: 10.0.0.1 (提纯后: 10.0.0.1), X-Forwarded-For: , X-Real-IP: Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 | 1.002530124s | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:16c42bcc0084d3c7903067887c2674a5ee85b8b0d0278ca60c43d983154ed505" Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 | 999.123114ms | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d5791340ef181f05ef1e99760e4be81cb2008d99b2bc1e56b2faa9b6295d0ac3" Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 | 1.038061926s | dc00:10::68e7:82ff:fe8f:64eb | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:01b3c4a0d5c8f9abfa7395525fc8c3e2d9b8d3fec47edaf0d9c58f6253797d34" Aug 30 00:36:19 service hubproxy[2015789]: 获取layer大小失败: HEAD https://public.ecr.aws/v2/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) Aug 30 00:36:19 service hubproxy[2015789]: [GIN] 2025/08/30 - 00:36:19 | 500 | 1.013925419s | 10.0.0.1 | GET "/v2/public.ecr.aws/docker/library/golang/blobs/sha256:d64c83132511ab5226f18a66abc03228a24fffcaf1ab1b4e9c9cdb64d16ad877" ``` 实际拉取命令： ```shell xxx@xxx:~$ docker pull docker-proxy.example.com:8080/public.ecr.aws/docker/library/golang:1.23-bookworm 1.23-bookworm: Pulling from public.ecr.aws/docker/library/golang f014853ae203: Already exists 6d6401b7636b: Already exists cffef7dc6f99: Already exists d64c83132511: Retrying in 1 second d5791340ef18: Retrying in 1 second 01b3c4a0d5c8: Retrying in 1 second 4f4fb700ef54: Waiting error pulling image configuration: download failed after attempts=6: received unexpected HTTP status: 500 Internal Server Error xxx@xxx:~$ docker pull public.ecr.aws/docker/library/golang:1.23-bookworm 1.23-bookworm: Pulling from docker/library/golang f014853ae203: Already exists 6d6401b7636b: Already exists cffef7dc6f99: Already exists d64c83132511: Pull complete d5791340ef18: Pull complete 01b3c4a0d5c8: Pull complete 4f4fb700ef54: Pull complete Digest: sha256:167053a2bb901972bf2c1611f8f52c44d5fe7e762e5cab213708d82c421614db Status: Downloaded newer image for public.ecr.aws/docker/library/golang:1.23-bookworm public.ecr.aws/docker/library/golang:1.23-bookworm xxx@xxx:~$ docker pull docker-proxy.example.com:8080/docker.gitea.com/runner-images:ubuntu-latest ubuntu-latest: Pulling from docker.gitea.com/runner-images 80c4c39d8c6a: Pull complete e716c4626da7: Pull complete 00472f22f5b9: Pull complete ea1437fa0f29: Pull complete 75ca9b569219: Pull complete bd9ddc54bea9: Pull complete Digest: sha256:41915f7815dc95f8ac258cace2dab85b0d7fef40926ad24b5b15d4a06a2375f5 Status: Downloaded newer image for docker-proxy.example.com:8080/docker.gitea.com/runner-images:ubuntu-latest docker-proxy.example.com:8080/docker.gitea.com/runner-images:ubuntu-latest ``` 推测可能是 AWS 针对匿名拉取也有一套挑战/认证流程，而 hubproxy 尚未实现。

sky22333 commented 2025-08-30 01:03:32 +08:00 (Migrated from github.com)

Copy Link

Amazon ECR应该跟Docker hub认证方法不兼容，authType = "anonymous"是默认Docker Hub v2 API的认证方法，此方法来自google/go-containerregistry库，其他方法需要你在这里自定义：eee0a3220c/src/handlers/docker.go (L601)

不过我看你日志未找到config.toml，使用默认配置，确定不是配置没应用的问题吧？

`Amazon ECR`应该跟Docker hub认证方法不兼容，`authType = "anonymous"`是默认`Docker Hub v2 API`的认证方法，此方法来自[google/go-containerregistry](https://github.com/google/go-containerregistry)库，其他方法需要你在这里自定义：https://github.com/sky22333/hubproxy/blob/eee0a3220c96cf232b0d2fc3bc59101974646096/src/handlers/docker.go#L601 不过我看你日志`未找到config.toml，使用默认配置`，确定不是配置没应用的问题吧？

Rirmach commented 2025-08-30 22:34:19 +08:00 (Migrated from github.com)

Copy Link

OK，有空我研究一下

OK，有空我研究一下

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

registry-alpha

v1.2.1

v1.2.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

Labels

Clear labels

bug

Something isn't working

enhancement

New feature or request

help wanted

Extra attention is needed

wontfix

This will not be worked on

已修复

已支持

已解决

重复问题

需要更多信息

预期行为

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

3344

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: 3344/hubproxy#65