Support pull/push redirect #299
Description
I noticed that distribution spec v1.0.0 doesn't support pull blobs via 307 status code:
To pull a blob, perform a GET request to a URL in the following form: /v2/<name>/blobs/<digest>
A GET request to an existing blob URL MUST provide the expected blob, with a response code that MUST be 200 OK.
That's a really strong requirement.
And at Docker Registry HTTP API V2, client can accept 307 response:
This endpoint may issue a 307 (302 for <HTTP 1.1) redirect to another service for downloading the layer and clients should be prepared to handle redirects.
Currently, almost all registries are using CDN to distribute blobs:
DockerHub is using 307 to redirect to CDN
GET /v2/robberphex/sc-b/blobs/sha256:fa4166ff90052a9515b0311468349a94e5c0d45abcee8901db963c189b6a44fd HTTP/1.1
Host: registry-1.docker.io
HTTP/1.1 307 Temporary Redirect
content-type: application/octet-stream
docker-distribution-api-version: registry/2.0
location: https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/fa/fa4166ff90052a9515b0311468349a94e5c0d45abcee8901db963c189b6a44fd/data?verify=1632139768-qcB4OlxVYmlgJCLs3bmIYo14nJQ%3D
date: Mon, 20 Sep 2021 11:19:28 GMT
content-length: 0
strict-transport-security: max-age=31536000
Connection: close
Github Packages(ghcr.io) is using 307 to redirect to CDN
GET /v2/graalvm/graalvm-ce/blobs/sha256:694935c7310c92d6cf4722e90553f236d820387b71366e0e1e6b6d45f0a9e0ee HTTP/1.1
Host: ghcr.io
HTTP/1.1 307 Temporary Redirect
Content-Length: 0
Content-Type: application/octet-stream
docker-distribution-api-version: registry/2.0
Location: https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:694935c7310c92d6cf4722e90553f236d820387b71366e0e1e6b6d45f0a9e0ee?se=2021-09-20T11%3A15%3A00Z&sig=6FFDgv16W%2BQq%2FYJjU4bOOj2dkzYAXLGM4t6irVGNSsE%3D&sp=r&spr=https&sr=b&sv=2019-12-12
Date: Mon, 20 Sep 2021 11:09:33 GMT
X-GitHub-Request-Id: CD51:360C:3622A:AD2EF:61486BEC
Connection: close
Aliyun CR is using 307 to redirect to CDN
GET /v2/arms-docker-repo/arms-pilot-init/blobs/sha256:709e152e7530c99ea8a591f1da0c8e628a72b1c0757549aba61452ae77d149ca HTTP/1.1
Host: registry.cn-beijing.aliyuncs.com
HTTP/1.1 307 Temporary Redirect
Content-Type: application/octet-stream
Docker-Distribution-Api-Version: registry/2.0
Location: http://aliregistry-cn-beijing.oss-cn-beijing.aliyuncs.com/docker/registry/v2/blobs/sha256/70/709e152e7530c99ea8a591f1da0c8e628a72b1c0757549aba61452ae77d149ca/data?Expires=1632137093&OSSAccessKeyId=LTAI4FyN99sZuwGQsaDkPxbv&Signature=DTFaQ68yPMkDrGaeX83Uw3uk6CE%3D&x-oss-traffic-limit=113763972
Date: Mon, 20 Sep 2021 10:54:54 GMT
Content-Length: 0
Connection: close
I propose we add the pull/push redirect to the distribution spec.
Any ideas?