12 "github.com/Sirupsen/logrus"
13 "github.com/docker/distribution/registry/client/transport"
14 registrytypes "github.com/docker/docker/api/types/registry"
17 // V1Endpoint stores basic information about a V1 registry endpoint.
18 type V1Endpoint struct {
24 // NewV1Endpoint parses the given address to return a registry endpoint.
25 func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
26 tlsConfig, err := newTLSConfig(index.Name, index.Secure)
31 endpoint, err := newV1EndpointFromStr(GetAuthConfigKey(index), tlsConfig, userAgent, metaHeaders)
36 if err := validateEndpoint(endpoint); err != nil {
43 func validateEndpoint(endpoint *V1Endpoint) error {
44 logrus.Debugf("pinging registry endpoint %s", endpoint)
46 // Try HTTPS ping to registry
47 endpoint.URL.Scheme = "https"
48 if _, err := endpoint.Ping(); err != nil {
49 if endpoint.IsSecure {
50 // If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
51 // in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
52 return fmt.Errorf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
55 // If registry is insecure and HTTPS failed, fallback to HTTP.
56 logrus.Debugf("Error from registry %q marked as insecure: %v. Insecurely falling back to HTTP", endpoint, err)
57 endpoint.URL.Scheme = "http"
60 if _, err2 = endpoint.Ping(); err2 == nil {
64 return fmt.Errorf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
70 func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
71 endpoint := &V1Endpoint{
72 IsSecure: (tlsConfig == nil || !tlsConfig.InsecureSkipVerify),
76 *endpoint.URL = address
78 // TODO(tiborvass): make sure a ConnectTimeout transport is used
79 tr := NewTransport(tlsConfig)
80 endpoint.client = HTTPClient(transport.NewTransport(tr, DockerHeaders(userAgent, metaHeaders)...))
84 // trimV1Address trims the version off the address and returns the
85 // trimmed address or an error if there is a non-V1 version.
86 func trimV1Address(address string) (string, error) {
92 if strings.HasSuffix(address, "/") {
93 address = address[:len(address)-1]
96 chunks = strings.Split(address, "/")
97 apiVersionStr = chunks[len(chunks)-1]
98 if apiVersionStr == "v1" {
99 return strings.Join(chunks[:len(chunks)-1], "/"), nil
102 for k, v := range apiVersions {
103 if k != APIVersion1 && apiVersionStr == v {
104 return "", fmt.Errorf("unsupported V1 version path %s", apiVersionStr)
111 func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
112 if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") {
113 address = "https://" + address
116 address, err := trimV1Address(address)
121 uri, err := url.Parse(address)
126 endpoint, err := newV1Endpoint(*uri, tlsConfig, userAgent, metaHeaders)
134 // Get the formatted URL for the root of this registry Endpoint
135 func (e *V1Endpoint) String() string {
136 return e.URL.String() + "/v1/"
139 // Path returns a formatted string for the URL
140 // of this endpoint with the given path appended.
141 func (e *V1Endpoint) Path(path string) string {
142 return e.URL.String() + "/v1/" + path
145 // Ping returns a PingResult which indicates whether the registry is standalone or not.
146 func (e *V1Endpoint) Ping() (PingResult, error) {
147 logrus.Debugf("attempting v1 ping for registry endpoint %s", e)
149 if e.String() == IndexServer {
150 // Skip the check, we know this one is valid
151 // (and we never want to fallback to http in case of error)
152 return PingResult{Standalone: false}, nil
155 req, err := http.NewRequest("GET", e.Path("_ping"), nil)
157 return PingResult{Standalone: false}, err
160 resp, err := e.client.Do(req)
162 return PingResult{Standalone: false}, err
165 defer resp.Body.Close()
167 jsonString, err := ioutil.ReadAll(resp.Body)
169 return PingResult{Standalone: false}, fmt.Errorf("error while reading the http response: %s", err)
172 // If the header is absent, we assume true for compatibility with earlier
173 // versions of the registry. default to true
177 if err := json.Unmarshal(jsonString, &info); err != nil {
178 logrus.Debugf("Error unmarshalling the _ping PingResult: %s", err)
179 // don't stop here. Just assume sane defaults
181 if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
182 logrus.Debugf("Registry version header: '%s'", hdr)
185 logrus.Debugf("PingResult.Version: %q", info.Version)
187 standalone := resp.Header.Get("X-Docker-Registry-Standalone")
188 logrus.Debugf("Registry standalone header: '%s'", standalone)
189 // Accepted values are "true" (case-insensitive) and "1".
190 if strings.EqualFold(standalone, "true") || standalone == "1" {
191 info.Standalone = true
192 } else if len(standalone) > 0 {
193 // there is a header set, and it is not "true" or "1", so assume fails
194 info.Standalone = false
196 logrus.Debugf("PingResult.Standalone: %t", info.Standalone)