14

I have latest Docker version 18.06.0 installed on CentOS 7. My server is in a corporate network so using a proxy server to access the registry. I have added proxy settings as per docker documentation. But finally adding proxy settings in worked partially. i.e. now docker is using proxy to pull the image before it runs.

But now it fails giving following error:

$ sudo docker run hello-world
Unable to find image ‘hello-world:latest’ locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: net/http: TLS handshake timeout.

Also, the login fails:

$ sudo docker login --username=XXXX
Password:
Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: EOF

My proxy is pretty fast. When I’m using it to download anything from the internet using wget or curl I see 90 to 100Mbps speed. Other applications utils on my machine such as yum are using this proxy perfectly and it works well. Now I don’t know why only Docker has a problem in downloading the images.

The details of installation and configuration are as follow:

Version:

$ sudo docker version
Client:
Version: 18.06.0-ce
API version: 1.38
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:08:18 2018
OS/Arch: linux/amd64
Experimental: false

Server:

Engine:
Version: 18.06.0-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:10:42 2018
OS/Arch: linux/amd64
Experimental: false

OS Version:

Description: CentOS Linux release 7.2.1511 (Core)
Release: 7.2.1511

Docker proxy config:

$ cat /etc/systemd/system/docker.service.d/https-proxy.conf
[Service]
Environment=“HTTP_PROXY=http://pqr.corp.xxx.com:8080”
Environment=“HTTPS_PROXY=https://pqr.corp.xxx.com:8080”
Environment=“NO_PROXY=localhost,127.0.0.1”

after adding this configuration I have already done

sudo systemctl daemon-reload
sudo systemctl restart docker

Looking for specific help.

I have gone through most of the posts on TLS Handshake Timeout issues but didn’t get any answer or suggestions working for me. My proxy is fine and docker is using it. I don’t understand why it gets that nasty timeout.

xpt
  • 20,363
  • 37
  • 127
  • 216
Akshay Hiremath
  • 950
  • 2
  • 12
  • 34
  • 1
    I have been facing the same problem when I upgraded docker from Docker version 17.12.1-ce, build 7390fc6 to Docker version 18.06.1-ce, build e68fc7a. Downgrading docker solved my problem. I know it's not a solution, but hope this helps – Brown nightingale Sep 21 '18 at 16:08
  • I tried Brown's suggestion and downgraded mine to 17.12.0-ce and it works fine now without even having to configure proxy settings. I guess its picking default system proxy settings. – Rimmy Mathew Nov 06 '18 at 19:13
  • Possible duplicate of [docker login behind proxy on private registry gives TLS handshake timeout](https://stackoverflow.com/questions/43541963/docker-login-behind-proxy-on-private-registry-gives-tls-handshake-timeout) – rebelution Jan 18 '19 at 16:32
  • 1
    @rebulation that question is about login issues with private repository. This is different my docker's public repo login is failing. And I have already tried options suggested there. None of that worked. – Akshay Hiremath Apr 17 '19 at 19:53
  • @Brownnightingale I agree. it works on lower version but not on the latest version. I want to use this version. – Akshay Hiremath Apr 17 '19 at 19:54
  • I had exactly the same problem on my WSL2 installation, but only when using my Windows VPN to access the internet. Without VPN, using a direct connection Docker was working fine. The problem was the MTU size of the eth0 network adapter. Changed to 1300 and the problem was solved ! ip link set dev eth0 mtu 1300 – Stefano Maioli Sep 23 '21 at 10:11

5 Answers5

18

The config file is:

[Service]
Environment=“HTTP_PROXY=http://pqr.corp.xxx.com:8080”
Environment=“HTTPS_PROXY=https://pqr.corp.xxx.com:8080”
Environment=“NO_PROXY=localhost,127.0.0.1”

Notice that 3rd line: HTTPS_PROXY=https

Is the proxy server support HTTPS? Or there should be an error.

Maybe HTTPS_PROXY=http is correct.

By the way, a similar error is Get https://registry-1.docker.io/v2/: proxyconnect tcp: EOF

sg qy
  • 196
  • 1
  • 4
  • 1
    This really worked. my proxy url for HTTPS_PROXY was http://: – roshan ok Sep 09 '20 at 18:11
  • 1
    It's worked for me, my issue was that I was using HTTPS_PROXY=https, and my proxy doesn't support https, so I changed to HTTPS_PROXY=http and it works like a charm – Daniel I. Cruz Oct 16 '20 at 15:52
3

Reason is usually related with your network settings. Especially, if your Docker is set up with Proxy, make it temporary with "No Proxy" option and it should work.

Cheers

zhrist
  • 1,169
  • 11
  • 28
  • Maybe try with Proxy specified and No Proxy for localhost, http://registry-1.docker.io, https://registry-1.docker.io – zhrist Apr 18 '19 at 15:24
3

I was also facing same issue behind firewall. Follow below steps:

$ sudo vim /etc/systemd/system/docker.service.d/http_proxy.conf
[Service]
Environment=“HTTP_PROXY=http://username:password@IP:port/”

Don’t use or remove https_prxoy.conf file.

reload and restart your docker

    $ sudo systemctl daemon-reload
    $ sudo systemctl restart docker
    $ docker pull hello-world
    Using default tag: latest
    latest: Pulling from library/hello-world
    1b930d010525: Pull complete
    Digest: sha256:2557*********************************8
Status: Downloaded newer image for hello-world:latest
Abhishek
  • 153
  • 1
  • 2
  • 11
3

The answers before mine point towards this direction, but neither states it clearly: Removing all https proxy settings solves this problem. I had a https-proxy.conf file just like OP's and docker pull started to work after I deleted the HTTPS_PROXY line. I know that the https proxy I use works all right so it must be a problem on Docker's side.

I found this solution on serverfault.

zslim
  • 441
  • 7
  • 14
0

On Ubuntu 22-04 (WSL 2) I've just undo comment at export http_proxy field in file /etc/default/docker

Demetry Pascal
  • 383
  • 4
  • 15