From f8a36f06218c770cea1eafb720db297b274be81f Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Mon, 16 Mar 2026 07:41:11 +0000 Subject: [PATCH] fix pull-through cache: remove maxsize, harden nginx caching [ci skip] Root cause: storage.filesystem.maxsize (5GiB) caused Docker Registry to delete blob data while keeping metadata. Registry then served 200 OK with correct Content-Length but 0 bytes body. nginx cached these broken responses. Fixes: - Remove maxsize from dockerhub/ghcr proxy configs (rely on weekly GC) - nginx: don't cache 206 responses, require 2 requests before caching - Wiped corrupted cache on registry VM and fixed corrupted pause container blobs on node3/node4 --- modules/docker-registry/config-proxy.yaml.tpl | 1 - modules/docker-registry/config.yaml | 1 - modules/docker-registry/nginx_registry.conf | 6 ++++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/docker-registry/config-proxy.yaml.tpl b/modules/docker-registry/config-proxy.yaml.tpl index 018107c3..48ecfe2c 100644 --- a/modules/docker-registry/config-proxy.yaml.tpl +++ b/modules/docker-registry/config-proxy.yaml.tpl @@ -7,7 +7,6 @@ storage: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry - maxsize: 5GiB delete: enabled: true maintenance: diff --git a/modules/docker-registry/config.yaml b/modules/docker-registry/config.yaml index 876dc6f6..70c5d8c7 100644 --- a/modules/docker-registry/config.yaml +++ b/modules/docker-registry/config.yaml @@ -7,7 +7,6 @@ storage: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry - maxsize: 5GiB delete: enabled: true maintenance: diff --git a/modules/docker-registry/nginx_registry.conf b/modules/docker-registry/nginx_registry.conf index 9f139137..2f89949e 100644 --- a/modules/docker-registry/nginx_registry.conf +++ b/modules/docker-registry/nginx_registry.conf @@ -60,7 +60,8 @@ http { proxy_cache_lock_timeout 15m; proxy_cache_lock_age 15m; proxy_cache_use_stale updating; - proxy_cache_valid 200 206 24h; + proxy_cache_valid 200 24h; + proxy_cache_min_uses 2; proxy_cache_methods GET; proxy_read_timeout 900; @@ -108,7 +109,8 @@ http { proxy_cache_lock_timeout 15m; proxy_cache_lock_age 15m; proxy_cache_use_stale updating; - proxy_cache_valid 200 206 24h; + proxy_cache_valid 200 24h; + proxy_cache_min_uses 2; proxy_cache_methods GET; proxy_read_timeout 900;