I am setting up a new server for our Redmine installation, since the old installation was done by hand, which makes it difficult to update everything properly. I decided to go with a Docker image but am having trouble starting the docker container due to an error message. The host is running behind a proxy server, which I think, is causing this problem, as everything else such as wget, curl, etc. is working fine.
Error message:
Pulling redmine (redmine:)...
ERROR: Get https://registry-1.docker.io/v2/: dial tcp 34.206.236.31:443: connect: connection refused
I searched on Google about using Docker/Docker-Compose with a proxy server in the background and found a few websites where people had the same issue but none of these really helped me with my problem.
I checked with the Docker documentation and found a guide but this does not seem to work for me: https://docs.docker.com/network/proxy/
I also found an answered question here on StackOverflow: Using proxy on docker-compose in server which might be the solution I am after but I am unsure where exactly I have to put the solution. I guess the person means the docker-compose.yml file but I could be wrong.
This is what my docker-compose.yml looks like:
version: '3.1'
services:
redmine:
image: redmine
restart: always
ports:
- 80:3000
environment:
REDMINE_DB_MYSQL: db
REDMINE_DB_PASSWORD: SECRET_PASSWORD
db:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: SECRET_PASSWORD
MYSQL_DATABASE: redmine
I expect to run the following command without the above error message
docker-compose -f docker-compose.yml up -d
I did a bit more research and seem to have used better key words because I found my solution now. I wanted to share the solution with everyone, in case someone else may ever need it.
Create folder for configuring docker service through systemd
mkdir /etc/systemd/system/docker.service.d
Create service configuration file at /etc/systemd/system/docker.service.d/http-proxy.conf and put the following in the newly created file
[Service]
# NO_PROXY is optional and can be removed if not needed
# Change proxy_url to your proxy IP or FQDN and proxy_port to your proxy port
# For Proxy server which require username and password authentication, just add the proper username and password to the URL. (see example below)
# Example without authentication
Environment="HTTP_PROXY=http://proxy_url:proxy_port" "NO_PROXY=localhost,127.0.0.0/8"
# Example with authentication
Environment="HTTP_PROXY=http://username:password#proxy_url:proxy_port" "NO_PROXY=localhost,127.0.0.0/8"
# Example for SOCKS5
Environment="HTTP_PROXY=socks5://proxy_url:proxy_port" "NO_PROXY=localhost,127.0.0.0/8"
Reload systemctl so that new settings are read
sudo systemctl daemon-reload
Verify that docker service Environment is properly set
sudo systemctl show docker --property Environment
Restart docker service so that it uses updated Environment settings
sudo systemctl restart docker
Now you can execute the docker-compose command on your machine without getting any connection refused error messages.
For the proxy server which requires username and password for authentication: Apart from adding the credentials in /etc/systemd/system/docker.service.d/http-proxy.conf, as suggested in this answer, I also had to add the same to the Dockerfile. Following is a snippet from the Dockerfile.
FROM ubuntu:16.04
ENV http_proxy http://username:password#proxy_url:proxy_port
ENV https_proxy http://username:password#proxy_url:proxy_port
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
build-essential \
bla bla bla ...
I am trying to build an image for my flask based web-application using docker build. My Dockerfile looks like this:
FROM beehive-webstack:latest
MAINTAINER Anuvrat Parashar <anuvrat#zopper.com>
EXPOSE 5000
ADD . /srv/beehive/
RUN pip install -i http://localhost:4040/root/pypi/+simple/ -r /srv/beehive/requirements.txt
pip install without the -i flag works, but it downloads everything from pypi which, naturally is slow.
The problem is that pip does not access the devpi server running on my laptop. How can I go about achieving that?
localhost refers to the docker container, not to your host as RUN lines are just executed commands in the container. You thus have to use a network reachable IP of your laptop.
Con: This makes your Dockerfile unportable, if others don't have a pypi mirror running.
One answer is a devpi helper container. You start docker devpi image and have it expose port 3141. Then you can add this as an extra source for pip install using environmental variables in your docker file.
Starting devpi using docker compose:
devpi:
image: scrapinghub/devpi
container_name: devpi
expose:
- 3141
volumes:
- /path/to/devpi:/var/lib/devpi
myapp:
build: .
external_links:
- devpi:devpi
docker-compose up -d devpi
Now you need to configure the client docker container. It needs pip configured:
In your Dockerfile:
ENV PIP_EXTRA_INDEX_URL=http://devpi:3141/root/pypi/+simple/ \
PIP_TRUSTED_HOST=devpi
Check it's working by logging into your container:
docker-compose run myapp bash
pip install --verbose nose
Output should include
2 location(s) to search for versions of nose:
* https://pypi.python.org/simple/nose/
* http://devpi:3141/root/pypi/+simple/nose/
Now you can upload packages to your container either from another container or sftp.
This approach has the advantages of speeding builds but not breaking them if the devpi container is not present.
Notes: Don't publish ports to devpi without a strong password as it's a security issue. People could use it to upload arbitrary code which you application would install and execute.
I installed Docker on my Ubuntu 13.10 (Saucy Salamander) and when I type in my console:
sudo docker pull busybox
I get the following error:
Pulling repository busybox
2014/04/16 09:37:07 Get https://index.docker.io/v1/repositories/busybox/images: dial tcp: lookup index.docker.io on 127.0.1.1:53: no answer from server
Docker version:
$ sudo docker version
Client version: 0.10.0
Client API version: 1.10
Go version (client): go1.2.1
Git commit (client): dc9c28f
Server version: 0.10.0
Server API version: 1.10
Git commit (server): dc9c28f
Go version (server): go1.2.1
Last stable version: 0.10.0
I am behind a proxy server with no authentication, and this is my /etc/apt/apt.conf file:
Acquire::http::proxy "http://192.168.1.1:3128/";
Acquire::https::proxy "https://192.168.1.1:3128/";
Acquire::ftp::proxy "ftp://192.168.1.1:3128/";
Acquire::socks::proxy "socks://192.168.1.1:3128/";
What am I doing wrong?
Here is a link to the official Docker documentation for proxy HTTP:
https://docs.docker.com/config/daemon/systemd/#httphttps-proxy
A quick outline:
First, create a systemd drop-in directory for the Docker service:
mkdir /etc/systemd/system/docker.service.d
Now create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY and HTTPS_PROXY environment variables:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Environment="HTTPS_PROXY=http://proxy.example.com:80/"
If you have internal Docker registries that you need to contact without proxying you can specify them via the NO_PROXY environment variable:
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Environment="HTTPS_PROXY=http://proxy.example.com:80/"
Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com"
Flush changes:
$ sudo systemctl daemon-reload
Verify that the configuration has been loaded:
$ sudo systemctl show --property Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/
Environment=HTTPS_PROXY=http://proxy.example.com:80/
Restart Docker:
$ sudo systemctl restart docker
Footnote regarding HTTP_PROXY vs. HTTPS_PROXY: for a long time, setting HTTP_PROXY alone has been good enough. But with version 20.10.8, Docker has moved on to Go 1.16, which changes the semantics of this variable:
https://golang.org/doc/go1.16#net/http
For https:// URLs, the proxy is now determined by the HTTPS_PROXY variable, with no fallback on HTTP_PROXY.
Your APT proxy settings are not related to Docker.
Docker uses the HTTP_PROXY environment variable, if present. For example:
sudo HTTP_PROXY=http://192.168.1.1:3128/ docker pull busybox
But instead, I suggest you have a look at your /etc/default/dockerconfiguration file: you should have a line to uncomment (and maybe adjust) to get your proxy settings applied automatically. Then restart the Docker server:
service docker restart
On CentOS the configuration file for Docker is at:
/etc/sysconfig/docker
Adding the below line helped me to get the Docker daemon working behind a proxy server:
HTTP_PROXY="http://<proxy_host>:<proxy_port>"
HTTPS_PROXY="http://<proxy_host>:<proxy_port>"
If you're using the new Docker for Mac (or Docker for Windows), just right-click the Docker tray icon and select Preferences (Windows: Settings), then go to Advanced, and under Proxies specify your proxy settings there. Click Apply and Restart and wait until Docker restarts.
On Ubuntu you need to set the http_proxy for the Docker daemon, not the client process. This is done in /etc/default/docker (see here).
To extend Arun's answer, for this to work in CentOS 7, I had to remove the "export" commands. So edit
/etc/sysconfig/docker
And add:
HTTP_PROXY="http://<proxy_host>:<proxy_port>"
HTTPS_PROXY="https://<proxy_host>:<proxy_port>"
http_proxy="${HTTP_PROXY}"
https_proxy="${HTTPS_PROXY}"
Then restart Docker:
sudo service docker restart
The source is this blog post.
Why a locally-bound proxy doesn't work
The Problem
If you're running a locally-bound proxy, e.g. listening on 127.0.0.1:8989, it WON'T WORK in Docker for Mac. From the Docker documentation:
I want to connect from a container to a service on the host
The Mac has a changing IP address (or none if you have no network access). Our current recommendation is to attach an unused IP to the lo0 interface on the Mac; for example: sudo ifconfig lo0 alias 10.200.10.1/24, and make sure that your service is listening on this address or 0.0.0.0 (ie not 127.0.0.1). Then containers can connect to this address.
The similar is for Docker server side. (To understand the server side and client side of Docker, try to run docker version.) And the server side runs on a virtualization layer which has its own localhost. Therefore, it won't connect to the proxy server on the localhost of the host OS.
The solution
So, if you're using a locally-bound proxy like me, basically you would have to do the following things to make it work with Docker for Mac:
Make your proxy server listen on 0.0.0.0 instead of 127.0.0.1. Caution: you'll need proper firewall configuration to prevent malicious access to it.
Add a loopback alias to the lo0 interface, e.g. 10.200.10.1/24:
sudo ifconfig lo0 alias 10.200.10.1/24
Set HTTP and/or HTTPS proxy to 10.200.10.1:8989 from Preferences in Docker tray menu (assume that the proxy server is listening on port 8989).
After that, test the proxy settings by running a command in a new container from an image which is not downloaded:
$ docker rmi -f hello-world
...
$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c04b14da8d14: Pull complete
Digest: sha256:0256e8a36e2070f7bf2d0b0763dbabdd67798512411de4cdcf9431a1feb60fd9
Status: Downloaded newer image for hello-world:latest
...
Notice: the loopback alias set by ifconfig does not preserve after a reboot. To make it persistent is another topic. Please check this blog post in Japanese (Google Translate may help).
This is the fix that worked for me: Ubuntu, Docker version: 1.6.2
In the file /etc/default/docker, add the line:
export http_proxy='http://<host>:<port>'
Restart Docker
sudo service docker restart
To configure Docker to work with a proxy you need to add the HTTPS_PROXY / HTTP_PROXY environment variable to the Docker sysconfig file (/etc/sysconfig/docker).
Depending on if you use init.d or the services tool you need to add the "export" statement (due to Debian Bug report logs - #767441. Examples in /etc/default/docker are misleading regarding the supported syntax):
HTTPS_PROXY="https://<user>:<password>#<proxy-host>:<proxy-port>"
HTTP_PROXY="https://<user>:<password>#<proxy-host>:<proxy-port>"
export HTTP_PROXY="https://<user>:<password>#<proxy-host>:<proxy-port>"
export HTTPS_PROXY="https://<user>:<password>#<proxy-host>:<proxy-port>"
The Docker repository (Docker Hub) only supports HTTPS. To get Docker working with SSL intercepting proxies you have to add the proxy root certificate to the systems trust store.
For CentOS, copy the file to /etc/pki/ca-trust/source/anchors/ and update the CA trust store and restart the Docker service.
If your proxy uses NTLMv2 authentication - you need to use intermediate proxies like Cntlm to bridge the authentication. This blog post explains it in detail.
After installing Docker, do the following:
[mdesales#pppdc9prd1vq ~]$ sudo HTTP_PROXY=http://proxy02.ie.xyz.net:80 ./docker -d &
[2] 20880
Then, you can pull or do anything:
mdesales#pppdc9prd1vq ~]$ sudo docker pull base
2014/04/11 00:46:02 POST /v1.10/images/create?fromImage=base&tag=
[/var/lib/docker|aa088847] +job pull(base, )
Pulling repository base
b750fe79269d: Download complete
27cf78414709: Download complete
[/var/lib/docker|aa088847] -job pull(base, ) = OK (0)
In the new version of Docker, docker-engine, in a systemd based distribution, you should add the environment variable line to /lib/systemd/system/docker.service, as it is mentioned by others:
Environment="HTTP_PROXY=http://hostname_or_ip:port/"
As I am not allowed to comment yet:
For CentOS 7 I needed to activate the EnvironmentFile within "docker.service" like it is described here: Control and configure Docker with systemd.
Edit: I am adding my solution as stated out by Nilesh. I needed to open "/etc/systemd/system/docker.service" and I had to add within the section
[Service]
EnvironmentFile=-/etc/sysconfig/docker
Only then was the file "etc/sysconfig/docker" loaded on my system.
If using socks5 proxy, here is my test with Docker 17.03.1-ce with setting "all_proxy", and it worked:
# Set up socks5 proxy server
ssh sshUser#proxyServer -C -N -g -D \
proxyServerIp:9999 \
-o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60
# Configure dockerd and restart.
# NOTICE: using "all_proxy"
mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/systemd/system/docker.service.d/http-proxy.conf <<EOF
[Service]
Environment="all_proxy=socks5://proxyServerIp:9999"
Environment="NO_PROXY=localhost,127.0.0.1,private.docker.registry.com"
EOF
systemctl daemon-reload
systemctl restart docker
# Test whether can pull images
docker run -it --rm alpine:3.5
To solve the problem with curl in Docker build, I added the following inside the Dockerfile:
ENV http_proxy=http://infoprx2:8080
ENV https_proxy=http://infoprx2:8080
RUN apt-get update && apt-get install -y curl vim
Note that the ENV statement is BEFORE the RUN statement.
And in order to make the Docker daemon able to access the Internet (I use Kitematic with boot2docker), I added the following into /var/lib/boot2docker/profile:
export HTTP_PROXY=http://infoprx2:8080
export HTTPS_PROXY=http://infoprx2:8080
Then I restarted Docker with sudo /etc/init.d/docker restart.
The complete solution for Windows, to configure the proxy settings.
< user>:< password>#< proxy-host>:< proxy-port>
You can configure it directly by right-clicking on settings, in the Docker icon, and then Proxies.
There you can configure the proxy address, port, user name, and password.
In this format:
< user>:< password>#< proxy-host>:< proxy-port>
Example:
"geronimous:mypassword#192.168.44.55:8080"
Nothing more than this.
If you are on Ubuntu, you should execute this command:
export https_proxy=http://your_name:password#ip_proxy:port docker
And reload Docker with:
service docker.io restart
Or go to /etc/docker.io with nano...
If you're in Ubuntu, execute these commands to add your proxy.
sudo nano /etc/default/docker
And uncomment the lines that specifies
#export http_proxy = http://username:password#10.0.1.150:8050
And replace it with your appropriate proxy server and username.
Then restart Docker using:
service docker restart
Now you can run Docker commands behind proxy:
docker search ubuntu
Perhaps you need to set up lowercase variables. In my case, my /etc/systemd/system/docker.service.d/http-proxy.conf file looks like this:
[Service]
Environment="ftp_proxy=http://<user>:<password>#<proxy_ip>:<proxy_port>/"
Environment="http_proxy=http://<user>:<password>#<proxy_ip>:<proxy_port>/"
Environment="https_proxy=http://<user>:<password>#<proxy_ip>:<proxy_port>/"
Good luck! :)
I was also facing the same issue behind a firewall. Follow the below steps:
$ sudo vim /etc/systemd/system/docker.service.d/http_proxy.conf
[Service]
Environment="HTTP_PROXY=http://username:password#IP:port/"
Don’t use or remove the https_prxoy.conf file.
Reload and restart your Docker container:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
$ docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:2557*********************************8
Status: Downloaded newer image for hello-world:latest
Simply setting proxy environment variables did not help me in version 1.0.1... I had to update the /etc/default/docker.io file with the correct value for the "http_proxy" variable.
On Ubuntu 14.04 (Trusty Tahr) with Docker 1.9.1, I just uncommented the http_proxy line, updated the value and then restarted the Docker service.
export http_proxy="http://proxy.server.com:80"
and then
service docker restart
Remove proxy from environment variables
unset http_proxy
unset https_proxy
unset no_proxy
and then restart your docker
On RHEL6.6 only this works (note the use of export):
/etc/sysconfig/docker
export http_proxy="http://myproxy.example.com:8080"
export https_proxy="http://myproxy.example.com:8080"
NOTE: Both can use the http protocol.)
Thanks to https://crondev.com/running-docker-behind-proxy/
In my network, Ubuntu works behind a corporate ISA proxy server. And it requires authentication. I tried all the solutions mentioned above and nothing helped. What really helped was to write a proxy line in file /etc/systemd/system/docker.service.d/https-proxy.conf without a domain name.
Instead of
Environment="HTTP_PROXY=http://user#domain:password#proxy:8080"
or
Environment="HTTP_PROXY=http://domain\user:password#proxy:8080"
and some other replacement such as # -> %40 or \ -> \\ I tried to use
Environment="HTTP_PROXY=http://user:password#proxy:8080"
And it works now.
Try this:
sudo HTTP_PROXY=http://<IP address of proxy server:port> docker -d &
This doesn't exactly answer the question, but might help, especially if you don't want to deal with service files.
In case you are the one is hosting the image, one way is to convert the image as a tar archive instead, using something like the following at the server.
docker save <image-name> --output <archive-name>.tar
Simply download the archive and turn it back into an image.
docker load <archive-name>.tar
Have resolved the issue by following the below steps:
step 1: sudo systemctl start docker
step 2: sudo systemctl enable docker
(Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.)
step 3: sudo systemctl status docker
step 4: sudo mkdir -p /etc/systemd/system/docker.service.d
step 5: sudo vi /etc/systemd/system/docker.service.d/proxy.conf
Set proxy as below
[Service]
Environment="HTTP_PROXY=http://proxy.server.com:80"
Environment="HTTPS_PROXY=http://proxy.server.com:80"
Environment="NO_PROXY=.proxy.server.com,*.proxy.server.com,localhost,127.0.0.1,::1"
step 6: sudo systemctl daemon-reload
step 7: sudo systemctl restart docker.service
step 8: vi /etc/environment and source /etc/environment
http_proxy=http://proxy.server.com:80
https_proxy=http://proxy.server.com:80
ftp_proxy=http://proxy.server.com:80
no_proxy=127.0.0.1,10.0.0.0/8,3.0.0.0/8,localhost,*.abc.com
I had a problem like I needed to use proxy to use google's dns for project's dependency and for API request needed to communicate with a private server at the same time.
For RHEL7 I configured the system like this:
went to the directory /etc/sysconfig/docker
Environment=http_proxy="http://ip:port"
Environment=https_proxy="http://ip:port"
Environment=no_proxy="hostname"
then save the file and use the command :
sudo systemctl restart docker
after that configure your Dockerfile :
setup the environment structure first:
ENV http_proxy http://ip:port
ENV https_proxy http://ip:port
ENV no_proxy "hostname"
that's all! :)