Can't set proxy in dockerfile

Question

I cannot run the Docker "Getting started" example behind a corporate firewall. It runs fine at home without the firewall.

When I build the image using docker build -t my_tag ., it fails when trying to install some python packages. The docker file has this command:

RUN pip install -r requirements.txt

The error message is:

Collecting Redis (from -r requirements.txt (line 1)) Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'ProxyError('Cannot connect to proxy.', NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known',))': /simple/redis/

I have tried setting the proxy in the dockerfile (in various formats, but they all fail):

ENV http_proxy http://my_username:my_password@my_host:/80
ENV https_proxy https://my_username:my_password@my_host:/80
ENV HTTP_PROXY http://my_username:my_password@my_host:/80
ENV HTTPS_PROXY https://my_username:my_password@my_host:/80
ENV http_proxy http://my_username:my_password@my_host:80
ENV https_proxy https://my_username:my_password@my_host:80
ENV HTTP_PROXY http://my_username:my_password@my_host:80
ENV HTTPS_PROXY https://my_username:my_password@my_host:80
ENV http_proxy=http://my_username:my_password@my_host:80
ENV https_proxy=https://my_username:my_password@my_host:80
ENV HTTP_PROXY=http://my_username:my_password@my_host:80
ENV HTTPS_PROXY=https://my_username:my_password@my_host:80

I have tried setting the environment in the file /etc/systemd/system/docker.service.d/http-proxy.conf:

[Service]
Environment="HTTP_PROXY=http://my_username:my_password@my_host:80/" "HTTPS_PROXY=https://my_username:my_password@my_host:80/"

I have tried changing the RUN pip install command in the dockerfile so it includes the proxy also:

RUN pip install --proxy="my_username:my_password@my_host:80" -r requirements.txt

I have tried setting the options in /etc/default/docker, adding:

DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"

I have tried adding the proxy to the docker build command:

docker build -t python_example_1 --build-arg HTTPS_PROXY=https://my_username:my_password@my_host:80 --build-arg HTTP_PROXY=http://my_username:my_password@my_host:80 .

I am running this on Linux mint with docker version 1.12.6.

Anyone have any ideas?

Update 1: If I simplify the dockerfile so it uses curl (no python or pip)

FROM ubuntu
WORKDIR /app
ADD . /app
EXPOSE 80

# Define environment variable
ENV http_proxy=http://my_username:my_password@my_host:80
ENV https_proxy=http://my_username:my_password@my_host:80
ENV HTTP_PROXY=http://my_username:my_password@my_host:80
ENV HTTPS_PROXY=http://my_username:my_password@my_host:80

RUN apt-get -qq update
RUN apt-get -qq -y install curl

CMD ["curl www.google.com.au"]

the error message indicates it is getting the proxy info, but there is some sort of name resolution problem:

Removing intermediate container 945f8123da61
Step 10 : RUN apt-get -qq update
 ---> Running in 99a5bbbb943d
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial/InRelease  Temporary failure resolving 'my_host'

where "my_host" is the correct proxy (BTW I have tested this and the username/password/proxy hostname do work)

Update 2 If I remove ENV from the docker file, so it is now:

FROM ubuntu
WORKDIR /app
ADD . /app
EXPOSE 80

ARG http_proxy=http://my_username:my_password@my_host:80
ARG https_proxy=http://my_username:my_password@my_host:80
ARG HTTP_PROXY=http://my_username:my_password@my_host:80
ARG HTTPS_PROXY=http://my_username:my_password@my_host:80

RUN apt-get -qq update

and build using --build-args:

docker build --build-arg HTTPS_PROXY=http://my_username:my_password@my_host:80 --build-arg HTTP_PROXY=http://my_username:my_password@my_host:80 .

the error is still Temporary failure resolving 'archive.ubuntu.com'

If I try to add a nameserver by putting this in the docker file:

RUN echo "nameserver 8.8.8.8" >> /etc/resolv.conf
RUN cat /etc/resolve.conf

the error message is:

cat: /etc/resolve.conf: No such file or directory
The command '/bin/sh -c cat /etc/resolve.conf' returned a non-zero code: 1

Maybe that doesn't work because it is creating the /etc/resolv.conf file in an "intermediate container" which is not available in the next step?. The longer output is:

Removing intermediate container 1f77c03ee8be
Step 5 : RUN echo "nameserver 8.8.8.8" >> /etc/resolv.conf
 ---> Running in e2a9717f6bed
 ---> 13752a04094b
Removing intermediate container e2a9717f6bed
Step 6 : RUN cat /etc/resolve.conf
 ---> Running in 94ce4a72867b
cat: /etc/resolve.conf: No such file or directory

score 0 · Answer 1 · answered Oct 11 '17 at 04:53

0

If you do have a proxy set in your normal environment (meaning no in a docker build, but for your host OS), double-check its https_proxy value.

An https_proxy URL should be the same as an http_proxy one: it should start with http.
Not https.

Do first a simple test in a simplified Dockerfile (curl www.google.com for instance)
Then, see also pip issue 1805 which shows how pip can use a proxy.

answered Oct 11 '17 at 04:53

VonC

1,262,500
529
4,410
5,250

Thanks VonC alkfdla alkdj – John Oct 11 '17 at 06:48
Sorry, I am new to this. I was trying to update my question with your suggestion to try curl. I have tried curl and editted my question with the update (not sure if this the right way to do it - I couldn't see how to "reply" to your suggestion. – John Oct 11 '17 at 06:59
@John By suggesting `curl www.google.com.au` I didn't mean CMD, but a simple RUN, to see the output during the build. Actually, your `apt-get -qq update` alone is a good test: as long as it is not working, nothing else internet-related will. – VonC Oct 11 '17 at 07:11
1

@John Try and remove your ENV lines, add two ARG (https://docs.docker.com/engine/reference/builder/#arg) lines: `ARG http_proxy` and `ARG https_proxy`. Then `docker build` with the `--build-args` parameters (and the `https_proxy` using an http URL) – VonC Oct 11 '17 at 07:15
Using --build-args doesn't help. I also tried setting the name server. Please see my Update 2 above – John Oct 11 '17 at 22:39
@John Just to be sure and to check: does a docker search hello-world is working? DO you still have an HTTPS_PROXY variable starting with https instead of http in your `/etc/systemd/system/docker.service.d/http-proxy.conf`? Did you restart the docker service after modifying that file? (or did you reboot?) – VonC Oct 12 '17 at 04:21
Yes, "docker run hello-world" works fine. My http-proxy.conf file contains `[Service] Environment="HTTP_PROXY=http://my_username:my_password@my_host:80" "HTTPS_PROXY=http://my_username:my_password@my_host:80"` Since inserting those settings, I have restarted using `sudo systemctl restart docker` – John Oct 12 '17 at 04:54

score 0 · Answer 2 · answered Oct 13 '17 at 00:25

0

The solution was to add DNS entries to /etc/docker/daemon.json.

See the description here

answered Oct 13 '17 at 00:25

John

451
7
17

Can't set proxy in dockerfile

2 Answers2