Add support for Google Artifact Registry (GAR)

[mwallace582]

This pull request addresses issue #159 and adds support for Google Artifact Registry (GAR).

I have added the proxy buffer tweaks that @vitaliihrynko1 suggested in the original issue, as well as my own tweak of the $orig_loc variable which resolves the issue of redirection from /v2/ to /artifacts-download/ in my testing.

I'm certainly no nginx expert, so it's very possible that I did something completely wrong. Critique is welcome!

[rpardini]

Nice, let's run the test suite and see. If it passes, could you add a test to https://github.com/rpardini/docker-registry-proxy/blob/master/.github/workflows/test.yaml#L20-L24 ?

[mwallace582]

Thank you for the quick response Ricardo!

I have added a test case, although it's not as straightforward a test as I would have liked.

While it's possible to configure a GAR repository to be publicly accessible, I haven't been able to find any public GAR repos maintained by Google, aside from GCR repos that have been migrated to GAR (which is an ongoing migration this spring). I could publish an image from GAR from my own Google Cloud account, but I don't think it'd be ideal to have tests depend on something that fragile (I am just an internet stranger after all).

I chose mirror.gcr.io/busybox:latest which despite the gcr in the URL, appears to be hosted within GAR (docs). I believe that this mirror service that Google provides will continue to exist indefinitely, and thus is reasonably safe to build into a test. The image is also super small (2.1MB), so it'll be a quick test.

Manually testing the proxy with this image appears to validate that it's a good image to test, as errors are thrown when I run a version of docker-registry-proxy without my fixes.

Before my fix:

{"access_time":"16/Mar/2025:19:01:48 +0000","upstream_cache_status":"","method":"GET","uri":"/v2/","request_type":"unknown","status":"401","bytes_sent":"96","upstream_response_time":"0.083","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"173.194.193.82:443"}
{"access_time":"16/Mar/2025:19:01:48 +0000","upstream_cache_status":"","method":"GET","uri":"/v2/token","request_type":"unknown","status":"200","bytes_sent":"331","upstream_response_time":"0.096","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"173.194.193.82:443"}
{"access_time":"16/Mar/2025:19:01:48 +0000","upstream_cache_status":"MISS","method":"HEAD","uri":"/v2/busybox/manifests/latest","request_type":"manifest-default","status":"200","bytes_sent":"0","upstream_response_time":"0.132","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"173.194.193.82:443"}
2025/03/16 19:01:48 [error] 75#75: *21 invalid URL prefix in "/artifacts-downloads/namespaces/artifact-registry-docker-cache/repositories/virtual-docker/downloads/AI3WYFa8nEgDBkcxTK5gNHIr_TxTe6R_-ocp_-CM6S3mUB-CGVRGpFrzxQqwD18jrQ-KAo9sjLYX3eEcsF8RPWbwXogw7Gjzg2iyXm839B8WzrxmfgNSt3lnXwcIbdyIO319G6LYaG--AoUBxRaFuu5W7mg6cdsYogAOLU_Z4nctzbTYibyknK595cbmgZK0uMzODVulJGqZ91MB2Wsf-e7IeIH6AEj2bkG0o-EN73AF_gpHyACD8vP4xzRuKN0NJt2bxaUpX-s33QiOFcfdKDP2bvBDgXtQdtDk-goM1z0hOiQKRq1aVetzLHDf8kndxXHFgA7cYTbEy5WDrgBhFof4UhFIPH72MDpHs5n5L37lxU-NEtDi1CsNw827Zp_qDsYTzgSdNGdySHzCYN0TmbNuEXf6iCKFFZ1P8NqClaVklZVzMRiju8UajQQ2U0vHKc0sD6y87ZLYpwOYPgaO00XlwMINq9W8dETEbePAq_MxQB0iQ03sE1qmN0RRkT4hMzP66SRw_uobkMlxJM_zbn_PSQ-IPcdotDYazQp24QYB7ds47TKjBrn8swHQQxeODaUksFkGRVOzxnN50M7WDdqOpLBxV4IWVyeWZ6pUTQEWUXiG5zuPlcEyVTngjpaNqdiBE868wwCk6hVkpqrMdisy50GHckVSldZtef2QoMvHqzfPL4sdrclTwZtERPI5Z6at4ZHGuLrr0k5MpOwSHxp4uQBfrM4y3dWTxzIwQuj_r_HX2EeE6ndasZm5aH4NCSenWXJUFkEsnjZsCL3-gCFFMcDqtlErr-K2OcHSwVL_LES_ZOv5NIPzPLLs30uHodg2d_oNiwlFAuWa__dxdrk2jTbAJgQFC98_uAYgk5ZMNS-ouSybCei_MsfKgDBhEqSKSLtZ6BGl35JyxniKIxHvNn7fM30oWnYTaiewoYR-v_Rpi86e8hR--TrbUuZHdJQD83BlPn_7LwBSGbgj8hc-biWRaYmMK-JbrrCh_UFyXpaDrbacCY9dXG6d" while sending to client, client: 127.0.0.1, server: proxy_caching_, request: "GET /v2/busybox/blobs/sha256:9c0abc9c5bd3a7854141800ba1f4a227baa88b11b49d8207eadc483c3f2496de HTTP/1.1", host: "mirror.gcr.io"
{"access_time":"16/Mar/2025:19:01:48 +0000","upstream_cache_status":"","method":"GET","uri":"/v2/busybox/blobs/sha256:9c0abc9c5bd3a7854141800ba1f4a227baa88b11b49d8207eadc483c3f2496de","request_type":"blob-by-digest","status":"500","bytes_sent":"177","upstream_response_time":"0.120","host":"mirror.gcr.io","proxy_host":"","upstream":"173.194.193.82:443"}
{"access_time":"16/Mar/2025:19:01:48 +0000","upstream_cache_status":"MISS","method":"GET","uri":"/v2/busybox/blobs/sha256:31311c5853a22c04d692f6581b4faa25771d915c1ba056c74e5ec82606eefdfa","request_type":"blob-by-digest","status":"200","bytes_sent":"459","upstream_response_time":"0.188","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"173.194.193.82:443"}
2025/03/16 19:01:48 [error] 74#74: *28 invalid URL prefix in "/artifacts-downloads/namespaces/artifact-registry-docker-cache/repositories/virtual-docker/downloads/AI3WYFarHIuX41qefqAxNMYkD8kp4CKjNGz6ilKx0tKSQ81i8b6n1CiubOxZYllyZnVZPmXRxKlYEJK1vMqsrTjfVHCRuSnif-xr1mMgMHZHrfoGc6caUl-G5ExbhOTShV8pGzZao3v0GYOD_7YI0O_HVeQw2131fApbzhANZN05fyge_H_niiYne2Va8UPSnbKun0QCTx_0r6Y4lsMfZpFJssubqL3kZ0FaPAz_kef120ZeiPBRJzROjORuonGloQADY5_sCRAFB0cEmUQBvc3tMtjnz1KyL5HInP6IGdJL53xYaGvkZT8fiEFrxWto_lRFsOT_KVsz6LhZPi4-R4WVp4B82b-0l4Dss5crg9y_mQ9etK6GKa55IEYPgwQHK8LW2ZodTmfQeXHh8HRbYyyTlP2vdt7K1z0MoWVD9vbAhm3E_m8e7x79BRWQ0pcSxhJnzh2A5z9WyT1rmQ6ub1cycauSeKZQWX_uprzJnyG2myLlZuF2tdGpgpeBDcWFN63kef-zyRJKLh4-zeQyE1pYhfSadv2SAifPdEtLKy81vNcnTwzz5KU_OU_pYD6zXoljQteUkqOoxA18tOfIXp9IB3mSacaL2yjGhjKKqVdRA5BW99GbAnRFgA-VqnaLGAJmsyxXEdxUMfVa7-3duszPX62Z7XIB5l6XQcgOYM7UQEKPxw5GmTK0I-du6xjrflaVbhrO0ZRzUwCw7uuiYTPrg84OJIDG5CVvDTexWLGVilXzZtgbB94luUVaKRzsfl_L7UgOlcumJ7P2Sj9feNQCSTJ65OWA2nY587cMor57XDrV2cD-6vbsIAwFnKF7WDe7LWb2YSTkLQiaw0CEgGVcwgilpppsP1erHPhmJe9eVaPPbgQx2qAvKjd7tDvqp4B1p4t2YWiGn5c8kEdk1WD1GIh1jZCQMRwHMf3BonXesDsIZxK78AM7oRbz0EsPW5lb3tN1Tk8SYPib9o0i1igkHhH73vyQbHp60yAyFl-Ir83Page7QidASOF-" while sending to client, client: 127.0.0.1, server: proxy_caching_, request: "GET /v2/busybox/blobs/sha256:9c0abc9c5bd3a7854141800ba1f4a227baa88b11b49d8207eadc483c3f2496de HTTP/1.1", host: "mirror.gcr.io"
{"access_time":"16/Mar/2025:19:01:48 +0000","upstream_cache_status":"","method":"GET","uri":"/v2/busybox/blobs/sha256:9c0abc9c5bd3a7854141800ba1f4a227baa88b11b49d8207eadc483c3f2496de","request_type":"blob-by-digest","status":"500","bytes_sent":"177","upstream_response_time":"0.119","host":"mirror.gcr.io","proxy_host":"","upstream":"173.194.193.82:443"}

After my fix:

{"access_time":"16/Mar/2025:18:59:35 +0000","upstream_cache_status":"","method":"GET","uri":"/v2/","request_type":"unknown","status":"401","bytes_sent":"96","upstream_response_time":"0.083","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"74.125.132.82:443"}
{"access_time":"16/Mar/2025:18:59:35 +0000","upstream_cache_status":"","method":"GET","uri":"/v2/token","request_type":"unknown","status":"200","bytes_sent":"331","upstream_response_time":"0.087","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"74.125.132.82:443"}
{"access_time":"16/Mar/2025:18:59:36 +0000","upstream_cache_status":"MISS","method":"HEAD","uri":"/v2/busybox/manifests/latest","request_type":"manifest-default","status":"200","bytes_sent":"0","upstream_response_time":"0.146","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"74.125.132.82:443"}
{"access_time":"16/Mar/2025:18:59:36 +0000","upstream_cache_status":"MISS","method":"GET","uri":"/v2/busybox/blobs/sha256:31311c5853a22c04d692f6581b4faa25771d915c1ba056c74e5ec82606eefdfa","request_type":"blob-by-digest","status":"200","bytes_sent":"459","upstream_response_time":"0.158","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"74.125.132.82:443"}
{"access_time":"16/Mar/2025:18:59:36 +0000","upstream_cache_status":"MISS","method":"GET","uri":"/v2/busybox/blobs/sha256:9c0abc9c5bd3a7854141800ba1f4a227baa88b11b49d8207eadc483c3f2496de","request_type":"blob-by-digest","status":"200","bytes_sent":"2155907","upstream_response_time":"0.103 : 0.363","host":"mirror.gcr.io","proxy_host":"mirror.gcr.io","upstream":"74.125.132.82:443 : 74.125.132.82:443"}

[rpardini]

All tests, including the new one, green.

[mwallace582]

Nice! Thanks for running the tests and approving. Anything else I need to do to get this merged?