Docker pull does not work

Problem:
We created and published a content view containing a synced, remote Docker registry from Docker Hub. When we try to pull from the published URL, we receive “Error response from daemon: Get https://foreman.example.com:5000/v2/: Forbidden”. We have found no reference in ANY log to this event. We have tried this from a remote Docker server and from Docker installed on the Foreman server. Firewalls are open and tested.

Expected outcome:
Expect to pull a tagged image.

Foreman and Proxy versions:
Foreman 1.23.0, Katello 3.13.1

Distribution and version:
Oracle Linux 7.7

Other relevant data:
Could find no log entries.

Just updated to Foreman 1.23.1 and Katello 3.13.2. Same result.

I just tested this and it worked without issue on a fresh 3.13 install:

# docker pull centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker
Using default tag: latest
Trying to pull repository centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker ... 
sha256:a6ecbb1553353a08936f50c275b010388ed1bd6d9d84743c7e8e7468e2acd82e: Pulling from centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker
0fc456f626d7: Pull complete 
bfb6cf77b122: Pull complete 
9504711983ec: Pull complete 
Digest: sha256:a6ecbb1553353a08936f50c275b010388ed1bd6d9d84743c7e8e7468e2acd82e
Status: Downloaded newer image for centos7-katello-3-13.windhelm.example.com:5000/default_organization-file_test-docker:latest

Can you tail the apache logs while trying to docker pull?

tail -f -n0 /var/log/httpd/*

Ok, I fixed the problem. The file “http-proxy.conf” existed in /etc/systemd/system/docker.service.d/. I removed it, executed “systemctl daemon-reload” and “systemctl restart docker”, and all was well.

@poulterer @Justin_Sherrill any idea ?