Connection reset by peer with docker-registry through VIP


In a cluster spun up from the provided AWS Cloudformation instances, running Docker 1.7.1.

When pulling from an internal Docker registry (2.4) on Marathon through a VIP, the pull fails with image not found, even when the image was just pushed. Logs show that this is caused by a connection reset when using the VIP, which causes Docker to fall back to the v1 protocol, which then 404s.

If the image is pulled via a direct connection or through marathon-lb, the pull works fine. Also interestingly enough, if TLS is disabled on the registry, it also works.

I can supply a tcpdump if requested.


Sargun Dhillon