Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please remove IP from blacklist #1864

Closed
canariecaf opened this issue Aug 11, 2019 · 2 comments
Closed

Please remove IP from blacklist #1864

canariecaf opened this issue Aug 11, 2019 · 2 comments

Comments

@canariecaf
Copy link

Problem description

hub.docker.com is issuing error 500's when it was working as expected before a few days ago with no changes. Investigating further it appears this error 500 is a blacklisting strategy

Our infrastructure appears as one NAT address of 205.189.33.36 and are requesting to be unblocked.

*   Trying 3.223.74.179...
* Connected to hub.docker.com (3.223.74.179) port 443 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
* found 743 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.docker.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=*.docker.com
* 	 start date: Tue, 16 Jul 2019 00:00:00 GMT
* 	 expire date: Sun, 16 Aug 2020 12:00:00 GMT
* 	 issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* 	 compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: hub.docker.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 500 Server Error
< Cache-Control: no-cache
< Connection: close
< Content-Type: text/html
< 
<html><body><h1>500 Server Error</h1>
An internal server error occured.
</body></html>

* Closing connection 0

We have reviewed other open items like:
#1305
and are opening this one to avoid unnecessary noise to others not impacted but who have experienced the same thing

How we got here:

We use Harbor as our private registry but unfortunately it does not have a pull-through cache capability yet -- but appears to be coming: goharbor/harbor#8082

For us this is an operational issue for not just a single host but many as we are but a single NAT address and do need this IP capable of communicating with hub.docker.com.

We are working on putting up a pull-through registry cache in the next few days and want to do it properly.

If there's another pathway to pursue this request or if this is an erroneous assumption on the blacklisting, please let us know.
Thank you!

Chris.
@cowsrule
Copy link

Hi Chris,

We have blocked this IP due to abuse of our search API. The amount and type of traffic that was associated with this IP was directly affecting the stability of our service. Specifically has been repeatedly scraping of our search API for a particular set of repos hourly. If you are able to mitigate this traffic we would be happy to unblock the IP.

@canariecaf
Copy link
Author

Hi @cowsrule. Thanks for the reply. I believe I've mitigated the traffic. Our apologies as we were not aware of an issue until now. Please confirm and if it hasn't feel free to reach out via chris dot phillips at canarie dot ca. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cowsrule @canariecaf