Customer had report error when try to mirror repository behind  ZScaler proxy, it takes a longer time to scan resulting on "use of closed network connection" error

sh-5.2$ rpm -q skopeo skopeo-1.13.2-1.fc38.x86_64 sh-5.2$ no_proxy=.<customerURL> https_proxy=cloud-srv-proxy:443 skopeo copy docker://docker.io/kibana:6.7.1 docker://<customerURL>/<nameSpace>/microcks:6.7.1 Getting image source signatures Copying blob 5334d2bd41b7 done Copying blob f0b755f02a6c done Copying blob 41d16359541e done Copying blob 2a0588ea5574 done Copying blob 9de755da2607 done Copying blob 8ba884070f61 skipped: already exists Copying blob fc3de62ddb21 done Copying blob 64b08a88c3fb done FATA[0173] copying system image from manifest list: writing blob: Patch "https://<customerURL>/v2/<nameSpace>/microcks/blobs/uploads/4211057a-e8d9-446a-ac54-cd6d157857ba": use of closed network connection

For some images mirroring in Quay fails with "use of closed network connection". We are required to use the ZScaler proxy to get images. Some times the ZScaler has about 1.5-2minutes to scan some blobs of the images. If that happens, the Quay fails to mirror the image because some tcp connection to the target registry. See attached screenshots of mirror config and error messages.

I can reproduce the issue with skopeo.

doesn't work, same error:

$ no_proxy=.<customerURL> https_proxy=cloud-srv-proxy:443 time skopeo copy docker://docker.io/kibana:6.8.2 docker://<customerURL>/dspinfra/kibana:6.8.2

copy works if target transport is containers-storage:
$ no_proxy=.<customerURL> https_proxy=cloud-srv-proxy:443 time skopeo copy docker://docker.io/kibana:6.8.2 containers-storage:<customerURL>/dspinfra/kibana:6.8.2

To enhance the customer experience, we propose two key improvements:

1. Timeout Adjustment for Quay Mirroring: We recommend implementing a feature that allows users to adjust the timeout value for Quay mirroring processes when operating behind a proxy. This adjustment would provide flexibility for users to accommodate slower network conditions or large image transfers. It ensures that the mirroring process can be customized to meet specific network requirements, enhancing overall performance and reliability.

1. Destination Configuration in Skopeo: Another valuable enhancement would be the ability to configure the destination option in Skopeo to utilize container-storage. Enabling this feature would simplify the management of container images, making it easier for users to specify the storage location and optimize image distribution. This enhancement aligns with best practices in container management and enhances the efficiency of image transfers.

These improvements aim to provide users with more control and flexibility in managing container images, especially in scenarios involving proxy configurations or specific storage preferences.