0

I am try to use dotnet-cli into docker container with the image mcr.microsoft.com/dotnet/sdk:6.0 . While running dotnet tool install --global dotnet-sonarscanner command. I am getting following issue:

    /tmp/5jnuub0i.whs/restore.csproj : error NU1301: Unable to load the service index for source https://api.nuget.org/v3/index.json.
The tool package could not be restored.
Tool 'dotnet-sonarscanner' failed to install. This failure may have been caused by:

* You are attempting to install a preview release and did not use the --version option to specify the version.
* A package by this name was found, but it was not a .NET tool.
* The required NuGet feed cannot be accessed, perhaps because of an Internet connection problem.
* You mistyped the name of the tool.

For more reasons, including package naming enforcement, visit https://aka.ms/failure-installing-too

When I am using wget with https://api.nuget.org/v3/index.json, I am getting following issue:

--2022-08-16 10:57:04--  https://api.nuget.org/v3/index.json
Resolving api.nuget.org (api.nuget.org)... 152.199.40.167
Connecting to api.nuget.org (api.nuget.org)|152.199.40.167|:443... connected.
ERROR: The certificate of 'api.nuget.org' is not trusted.
ERROR: The certificate of 'api.nuget.org' doesn't have a known issuer.

I am getting similar wget and SSL issues with any other images as well.

I am running docker-desktop on windows 10 with docker info as:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2)
  compose: Docker Compose (Docker Inc., v2.7.0)
  extension: Manages Docker extensions (Docker Inc., v0.2.8)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 18
  Running: 0
  Paused: 0
  Stopped: 18
 Images: 9
 Server Version: 20.10.17
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc version: v1.1.2-0-ga916309
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.16.3-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 24.84GiB
 Name: docker-desktop
 ID: H4GX:4LN6:MY5G:4QP2:IIVE:ENNW:6RH5:ZVSG:DWHF:MVKM:OEDJ:673V
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

Please let me know how this can be resolved.

Mukul Garg
  • 102
  • 10
  • Are you running this behind a company firewall? Some companies proxy https traffic and you need to trust the company certificate that they use to re-encrypt the traffic. – Hans Kilian Aug 16 '22 at 11:39
  • It is behind company firewall. How to trust the certificate? – Mukul Garg Aug 16 '22 at 15:44
  • This shows how: https://stackoverflow.com/questions/42292444/how-do-i-add-a-ca-root-certificate-inside-a-docker-image You need to do it in the build step of the Dockerfile since that's where it needs to contact the outside world. – Hans Kilian Aug 16 '22 at 16:16
  • Thanks for the link. But is it possible to do without own creating new image? I am trying to use the base image only without using build image step. – Mukul Garg Aug 17 '22 at 04:04
  • Does this answer your question? [How do I add a CA root certificate inside a docker image?](https://stackoverflow.com/questions/42292444/how-do-i-add-a-ca-root-certificate-inside-a-docker-image) – Ian Kemp Sep 18 '22 at 18:25

1 Answers1

0

You can set the proxy when starting the container:

docker run [docker_image] --env HTTP_PROXY="http://<ip-address>:<port>" --env HTTPS_PROXY="http://<ip-address>:<port>"

Cristian Rusanu
  • 452
  • 5
  • 15