Reverse proxy return "NOT Found"

Hello everyone, I am running command docker pull docker.io/mysql:8.0.40-debian . but in my country, I can not access docker.io. so I want to redirect docker.io to https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io

This is my /etc/nginx/sites-available/gwf-container

server {
    listen 80;
    server_name docker.io;

    location / {
        proxy_pass https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io;
        proxy_set_header Host swr.cn-north-4.myhuaweicloud.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

This is my /etc/hosts file:

# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateHosts = false
127.0.0.1	localhost
127.0.1.1	DOOR.	DOOR
127.0.1.1	gcr.io registry.k8s.io docker.io registry-1.docker.io

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

But

sudo docker pull docker.io:80/mysql:8.0.40-debian
Error response from daemon: unknown: {"code":404,"message":"Not Found"}

How to solve?

Hey,

According to the documentation, if you set a URI in the proxy_pass directive, is replaces the URI from the original request Module ngx_http_proxy_module.

In your case, you have this directive:
proxy_pass https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io;

Note that you have a URI specified in your proxy_pass directive parameter. This means that requests such as

GET /mysql:8.0.40-debian HTTP/1.1
...

Will just be passed to the backend server as

GET /ddn-k8s/docker.io HTTP/1.1
...

Which might explain why docker cannot find your image.

I suppose you want instead to make requests to the backend server with the following URI:

GET /ddn-k8s/docker.io/mysql:8.0.40-debian HTTP/1.1
...

If this is the case, you may replace your:
proxy_pass https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io;

With

proxy_pass https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io$uri;

This will append the original request’s URI to your /ddn-k8s/docker.io prefix before passing the request to the backend server.
Here is another discussion that may help in that topic How to proxy the full url at nginx config? - Server Fault

Could you test and tell us if it solves the issue?

Cheers.

Now my /etc/nginx/sites-available/gwf-container is:

server {
    listen 80;
    server_name docker.io;

    location / {
        proxy_pass https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io$uri;
        proxy_set_header Host swr.cn-north-4.myhuaweicloud.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

$ sudo systemctl start nginx

$ curl -vL docker.io:80
* Host docker.io:80 was resolved.
* IPv6: (none)
* IPv4: 127.0.1.1
*   Trying 127.0.1.1:80...
* Connected to docker.io (127.0.1.1) port 80
* using HTTP/1.x
> GET / HTTP/1.1
> Host: docker.io
> User-Agent: curl/8.12.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 502 Bad Gateway
< Server: nginx
< Date: Tue, 04 Mar 2025 09:30:27 GMT
< Content-Type: text/html
< Content-Length: 150
< Connection: keep-alive
< 
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host docker.io left intact

$ sudo docker pull docker.io:80/flannel/flannel:v0.24.1
Error response from daemon: received unexpected HTTP status: 502 Bad Gateway

what’s wrong now? please help me.

Have you tried it by yourself?

I believe that by default docker is going to use HTTPS pull images, so that might be part of the problem. Is there anything in the access.log? You should be able to see some more information about what requests NGINX is seeing from these calls.

As a side note, is there a reason you don’t just want to pull directly from the docker registry you are attempting to proxy with NGINX? This could be an issue with the docker client attempting to block what it could see as a “man in the middle” attack.