Normalize dependency proxy ports on incoming requests
Problem
When using the dependency proxy, the ports used in login and pull must match exactly. Meaning if I do:
docker login gitlab.com:443
I must pull using:
docker pull gitlab.com:443/my-group/dependency_proxy/containers/alpine:latest
If I pull using
docker pull gitlab.com/my-group.....
I will receive a 403 Forbidden error.
This has created some inconsistency with how we define the predefined Dependency Proxy environment variables:
CI_DEPENDENCY_PROXY_SERVER
CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX
Both of these always contain the port, which means users must include the port when using the DOCKER_AUTH_CONFIG
custom variable or when referring to the server any other place in the CI script.
Solution
This conversation gives some background on the problem, and there is a link to https://github.com/docker/distribution/pull/1868, which fixed a similar problem in docker distribution by normalizing the ports. So if the registry received a request with or without a port, it would always add it. We should investigate and do something similar.