Skip to content

proxy: Misleading warning for missing HTTP secret #4304

New issue
New issue
Closed
#4305
Closed
proxy: Misleading warning for missing HTTP secret#4304
#4305
Milestone
Registry/3.0.0
@ialidzhikov

Description

@ialidzhikov
ialidzhikov
opened on Mar 15, 2024

Description

We run registry in proxy mode (see https://distribution.github.io/distribution/recipes/mirror/).

On start up, we see the following warning log:

time="2024-03-15T15:39:38.255401096Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.21.5 instance.id=08abe529-a532-48ba-93eb-b9999d29b107 service=registry version=3.0.0-alpha.1

When I look deeper, I see that the corresponding field

distribution/configuration/configuration.go

Line 81 in 0742b56

Secret string `yaml:"secret,omitempty"`
is only used in blobupload.go (

distribution/registry/handlers/blobupload.go

Line 273 in d0f5aa6

state, err := hmacKey(ctx.Config.HTTP.Secret).unpackUploadState(r.FormValue("_state"))
and

distribution/registry/handlers/blobupload.go

Line 332 in d0f5aa6

token, err := hmacKey(buh.Config.HTTP.Secret).packUploadState(buh.State)
).

I think in proxy mode the blobUploadHandleris not used - you cannot upload content to a registry in proxy mode.

If the maintainers confirm that this is the case indeed, I suggest to do NOT execute

distribution/registry/handlers/app.go

Line 158 in 2f98b77

app.configureSecret(config)
if we are in in proxy mode.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions