Nexus3: Push to Docker Group Repo

Question

I have Nexusv3.6 and created a Docker repo docker-repo (type: hosted) and a Docker group docker-group (type: group). For both I enabled HTTPS connector:

docker-repo on Port 8101 and docker-group on Port 8102.

I added docker-repo to my docker-group.

Now I am able to push/pull an image to/from docker-repo directly like:

docker push myhost.com:8101/mymimage:latest

But when I try to push to the group like this:

docker push myhost.com:8102/docker-repo/mymimage:latest

I get an error saying: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value

Any ideas what's the problem here?

Answer 1

I solved this problem with NGINX as follows: Updated.

In the following example, "repository/docker" is a group that combines docker-proxy and docker-hosted repositories.

All HEAD* and GET requests are proxied to the docker repository group (hosted + proxy). All "changing" requests are proxied to the docker-hosted repository directly.
*One exception. HEAD /v2/.../blobs/ should be proxied to the hosted repo because it called before push blobs to the hosted repo and we have to check the blob existence in the hosted repo. Otherwise we get an error: blob unknown: blob unknown to registry

    server {
        listen   *:443 default_server ssl;

.........................

        location ~ ^/(v1|v2)/[^/]+/?[^/]+/blobs/ {
            if ($request_method ~* (POST|PUT|DELETE|PATCH|HEAD) ) {
                rewrite ^/(.*)$ /repository/docker-hosted/$1 last;
            }
            rewrite ^/(.*)$ /repository/docker/$1 last;
        }

        location ~ ^/(v1|v2)/ {
            if ($request_method ~* (POST|PUT|DELETE|PATCH) ) {
                rewrite ^/(.*)$ /repository/docker-hosted/$1 last;
            }
            rewrite ^/(.*)$ /repository/docker/$1 last;
        }

        location / {
            proxy_pass http://nexus:8081/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto "https";
        }
    }

You can verify the settings by running:

# pull via proxy
docker pull nexus.your.domain/ubuntu

# push to the hosted repository
docker push nexus.your.domain/ubuntu

Answer 2

According to the official documentation about repository groups for docker:

A repository group is the recommended way to expose all your repositories for read access to your users.

and, from the documentation about pushing images in private registries

You can not push to a repository group or a proxy repository.