alt Hacker NewsTell HN: docker pull fails in spain due to football cloudflare block
I just spent 1h+ debugging why my locally-hosted gitlab runner would fail to create pipelines. The gitlab job output would just display weird TLS errors when trying to pull a docker images. After debugging gitlab and the runner, I realized after a while I could not even run "docker pull <image>" on my machine as root:
> error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
First blaming tailscale, dns configuration and all other stuff. Until I just copied that above URL into my browser on my laptop, and received a website banner:
> El acceso a la presente dirección IP ha sido bloqueado en cumplimiento de lo dispuesto en la Sentencia de 18 de diciembre de 2024, dictada por el Juzgado de lo Mercantil nº 6 de Barcelona en el marco del procedimiento ordinario (Materia mercantil art. 249.1.4)-1005/2024-H instado por la Liga Nacional de Fútbol Profesional y por Telefónica Audiovisual Digital, S.L.U. https://www.laliga.com/noticias/nota-informativa-en-relacion-con-el-bloqueo-de-ips-durante-las-ultimas-jornadas-de-laliga-ea-sports-vinculadas-a-las-practicas-ilegales-de-cloudflare
For those non-spanish speakers: It means there is football match on, and during that time that specific host is blocked. This is just plain madness. I guess that means my gitlab pipelines will not run when football is on. Thank you, Spain.
Comments
Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
Every response and comment from LaLiga, the football organization responsible for this, has been so far that this is a minor issue that only affects a few bunch of nerds who talk about "docker images" or "github repositories" or "whatever that means".
Meanwhile, there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever there is a football match, because their backends rely on Cloudflare.
Last week, a woman asked for help on social media, as the GPS tracking app she uses to see where her father with dementia is, went offline during a match. It was getting late and he still wasn't back home, and she couldn't locate the tag he was wearing to find him: https://www.infobae.com/america/agencias/2026/04/05/laliga-d...
It's hard to say this, because no one should experience an event like this, but as stressful as these are, it's the only way to make the mainstream people care about this censorship. "I cannot pull a docker image" will never be on nightly news, but safety and personal security is a more powerful driver for discourses.
This is why technology businesses and professionals need to take a little bit of an active role in local politics. Otherwise you get nonsense.
Time to use a VPN in your docker pipelines ;) Or run your systems outside of Spain.
Or can this be avoided by using an alternate DNS?
This is a know issue and it is completely fucked up: https://www.techradar.com/vpn/vpn-privacy-security/cloudflar...
What Spain does is basically censorship and it's very poorly executed. The docker image registry is only one out of the many collateral victims of this stupid law.
Off topic but I wonder when Cloudflare is going to launch their own Docker registry as a product.
CF could just sue LaLiga and the judge as interrupting and intercepting telecomms it's a really serious crime in Spain. Call the AEPD too because of consumers' right against both ISP and LaLiga's snooping. Another huge fine.
This is not an issue under the civil code (civilian issues), but something to be dealt under penal (criminal) code.
In Spanish
https://www.fiscal.es/memorias/memoria2020/FISCALIA_SITE/rec...
Oh, and BTW, LaLiga has just partnered with a CF rival.
Now CF can just sue both like hell because of unfair competition:
https://nitter.tiekoetter.com/xataka/status/2042658662850724...
Yea, La Liga it's crapping out as always. Docker needs either some I2P gateway, or a Tor service.
Yeah, I know. Welcome to the club :(
They block the whole of Cloudflare R2, I believe the Docker hub is just (heh) a collateral.
When the La Liga match starts, everything that's proxied via CF (including zero access reverse tunnels) stops working.
There's even a website made for checking if the match is on: https://hayahora.futbol/
You can check if your host is affected: https://hayahora.futbol/#comprobador&domain=docker-images-pr...