Best IT Recipes

How do you run `apt-get` in the docker file behind the proxy server?

I am running a virtual machine (Ubuntu 13.10) with docker (version 0.8.1, build a1598d1). I am trying to create an image with a docker file. Firstly, I want to update the packages (using the code below - the proxy server is running), but apt-get with the error: Could not resolve 'archive.ubuntu.com' .

 FROM ubuntu:13.10 ENV HTTP_PROXY <HTTP_PROXY> ENV HTTPS_PROXY <HTTPS_PROXY> RUN export http_proxy=$HTTP_PROXY RUN export https_proxy=$HTTPS_PROXY RUN apt-get update && apt-get upgrade

On the host system, I also run the following:

 sudo HTTP_PROXY=http://<PROXY_DETAILS>/ docker -d &

The host can run apt-get without problems.

How can I modify the docker file so that it can reach ubuntu servers from the container?

Update

I ran the code on CentOS (changing FROM ubuntu:13.10 to FROM centos ) and it worked fine. There seems to be a problem with Ubuntu.

+63
docker apt
Mar 04 '14 at 17:50
source share
12 answers

UPDATE

You have the wrong capitalization of environment variables in ENV. The correct one is http_proxy . Your example should be:

 FROM ubuntu:13.10 ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> RUN apt-get update && apt-get upgrade

or

 FROM centos ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> RUN yum update

All variables specified in ENV are added to each RUN command. Each RUN command is executed in its own container / environment, so it does not inherit variables from previous RUN commands!

Note. There is no need to call the docker daemon with a proxy server for this to work, although if you want to pull images, etc., you also need to set up a proxy server for docker deamon. You can set the proxy for the daemon in /etc/default/docker in Ubuntu (this does not affect the container settings).



In addition, this can happen if you run your proxy on the host (i.e. localhost, 127.0.0.1). The local host on the host is different from localhost in the container. In this case, you need to use a different IP address (for example, 172.17.42.1) to bind your proxy server or bind it to 0.0.0.0, you can use 172.17.42.1 instead of 127.0.0.1 to connect from the container during docker build .

You can also find an example here: How to quickly restore a docker file using the cache?

+83
Mar 04 '14 at 22:33
source share

Updated 10/10/2018

With the new feature in the --config docker option, you no longer need to install Proxy in the Dockerfile. You can have the same Dockerfile for use in a corporate environment.

 --config string Location of client config files (default "~/.docker")

or environment variable DOCKER_CONFIG

 'DOCKER_CONFIG' The location of your client configuration files. $ export DOCKER_CONFIG=~/.docker

https://docs.docker.com/engine/reference/commandline/cli/

https://docs.docker.com/network/proxy/

I recommend installing proxies with httpProxy, httpsProxy, ftpProxy and noProxy .

 { "proxies": { "default": { "httpProxy": "http://127.0.0.1:3001", "httpsProxy": "http://127.0.0.1:3001", "ftpProxy": "http://127.0.0.1:3001", "noProxy": "*.test.example.com,.example2.com" } } }

If necessary ~/.docker/config.json and the proxy IP address and port and save in ~/.docker/config.json

After you configure it correctly, you can start the Docker build and run Docker as usual.

 $ docker build -t demo . $ docker run -ti --rm demo env|grep -ri proxy (standard input):http_proxy=http://127.0.0.1:3001 (standard input):HTTPS_PROXY=http://127.0.0.1:3001 (standard input):https_proxy=http://127.0.0.1:3001 (standard input):NO_PROXY=*.test.example.com,.example2.com (standard input):no_proxy=*.test.example.com,.example2.com (standard input):FTP_PROXY=http://127.0.0.1:3001 (standard input):ftp_proxy=http://127.0.0.1:3001 (standard input):HTTP_PROXY=http://127.0.0.1:3001

Old answer

Below setting in Dockerfile works for me. I tested on CoreOS , Vagrant and boot2docker . Assume proxy port 3128

In Centos:

 ENV http_proxy=ip:3128 ENV https_proxy=ip:3128

In Ubuntu:

 ENV http_proxy 'http://ip:3128' ENV https_proxy 'http://ip:3128'

Be careful with the format, some have http in it, some don't, some have a single quota. if the IP address is 192.168.0.193, then the setting will be:

In Centos:

 ENV http_proxy=192.168.0.193:3128 ENV https_proxy=192.168.0.193:3128

In Ubuntu:

 ENV http_proxy 'http://192.168.0.193:3128' ENV https_proxy 'http://192.168.0.193:3128'

If you need to install proxies in Coreos, for example, to pull out an image

 cat /etc/systemd/system/docker.service.d/http-proxy.conf [Service] Environment="HTTP_PROXY=http://192.168.0.193:3128"
+47
May 15 '15 at 6:26
source share

You can use the --build-arg option if you want to build using the Docker file.

From the link https://github.com/docker/docker/issues/14634 see the section "Building with --build-arg with multiple HTTP_PROXY":

 [root@pppdc9prda2y java]# docker build --build-arg https_proxy=$HTTP_PROXY --build-arg http_proxy=$HTTP_PROXY --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTP_PROXY --build-arg NO_PROXY=$NO_PROXY --build-arg no_proxy=$NO_PROXY -t java .

Note: On your own system, be sure to set the HTTP_PROXY and NO_PROXY environment variables.

+37
Feb 25 '16 at 21:41
source share

before any apt-get command in your Docker file, you should put this line

 COPY apt.conf /etc/apt/apt.conf

Do not forget to create apt.conf in the same folder where you have the Docker file, the contents of the apt.conf file should be like this:

 Acquire::socks::proxy "socks://YOUR-PROXY-IP:PORT/"; Acquire::http::proxy "http://YOUR-PROXY-IP:PORT/"; Acquire::https::proxy "http://YOUR-PROXY-IP:PORT/";

if you use the username and password to connect to the proxy server, then apt.conf should look like this:

 Acquire::socks::proxy "socks://USERNAME:PASSWORD@YOUR-PROXY-IP:PORT/"; Acquire::http::proxy "http://USERNAME:PASSWORD@YOUR-PROXY-IP:PORT/"; Acquire::https::proxy "http://USERNAME:PASSWORD@YOUR-PROXY-IP:PORT/";

eg:

 Acquire::https::proxy "http://foo:bar@127.0.0.1:8080/";

If foo is the username and bar is the password.

+11
Sep 07 '15 at 6:46
source share

Use -build-arg in the bottom environment variable:

 docker build --build-arg http_proxy=http://proxy:port/ --build-arg https_proxy=http://proxy:port/ --build-arg ftp_proxy=http://proxy:port --build-arg no_proxy=localhost,127.0.0.1,company.com -q=false .
+7
Mar 28 '17 at 11:39 on
source share

I had the same problem and found another small workaround: I have a script creator that is added to the docker build environment. In the script, I set the environment variable depending on the ping check:

Dockerfile:

 ADD script.sh /tmp/script.sh RUN /tmp/script.sh

script.sh:

 if ping -c 1 ix.de ; then echo "direct internet doing nothing" else echo "proxy environment detected setting proxy" export http_proxy=<proxy address> fi

it's still a little rude but worked for me

+3
Jul 07 '14 at 18:50
source share

As suggested by other answers, --build-arg may be a solution. In my case, I had to add --network=host in addition to the --build-arg options.

 docker build -t <TARGET> --build-arg http_proxy=http://<IP:PORT> --build-arg https_proxy=http://<IP:PORT> --network=host .
+3
Jun 02 '17 at 8:15
source share

If you have correctly configured proxy servers and still cannot access the Internet, this may be DNS resolution. Check /etc/resolve.conf on the Ubuntu host virtual machine. If it contains nameserver 127.0.1.1 , this is not true.

Run these commands on the Ubuntu VM host to fix it:

 sudo vi /etc/NetworkManager/NetworkManager.conf # Comment out the line `dns=dnsmasq` with a `#` # restart the network manager service sudo systemctl restart network-manager cat /etc/resolv.conf

Now /etc/resolv.conf should have a valid value for the name server, which will be copied by docker containers.

+3
Aug 11 '17 at 23:10
source share

We do...

 ENV http_proxy http://9.9.9.9:9999 ENV https_proxy http://9.9.9.9:9999

and at the end of the docker file ...

 ENV http_proxy "" ENV https_proxy ""

This, until (until the docker introduces build env vars), allows the use of prov env vars to build only, without exposing them

An alternative to the solution is NOT to create your images locally behind the proxy server, but so that dockers can create your images for you using the "automatic assemblies" of dockers. Since the docker does not create images behind your proxy, the problem is resolved. An example of automatic assembly is available in ...

https://github.com/danday74/docker-nginx-lua (GITHUB repository)

https://registry.hub.docker.com/u/danday74/nginx-lua (the DOCKER repository, which scans the github repository using automatic assembly and doing docker, clicks on the github master wizard)

+1
Jul 16 '15 at 16:33
source share

and if you want to set the proxy for wget, you have to put this line in your Dockerfile

 ENV http_proxy YOUR-PROXY-IP:PORT/ ENV https_proxy YOUR-PROXY-IP:PORT/ ENV all_proxy YOUR-PROXY-IP:PORT/
+1
Sep 07 '15 at 6:53
source share

As Tim Potter noted, setting up a proxy server in dockerfile is terrible. When creating an image, you add a proxy for your corporate network, but you can deploy in the cloud or DMZ, where there is no need for a proxy or the proxy server is different.

In addition, you cannot share your image with other people outside the corporate network.

+1
Dec 21 '15 at 18:47
source share

A small alternative to the answer provided by @Reza Farshi (which works better in my case) is to write proxy settings to /etc/apt/apt.conf using echo via Dockerfile, for example:

 FROM ubuntu:16.04 RUN echo "Acquire::http::proxy \"$HTTP_PROXY\";\nAcquire::https::proxy \"$HTTPS_PROXY\";" > /etc/apt/apt.conf # Test that we can now retrieve packages via 'apt-get' RUN apt-get update

The advantage of this approach is that proxy addresses can be transmitted dynamically during image creation rather than copying the configuration file from the host.

eg

docker build --build-arg HTTP_PROXY=http://<host>:<port> --build-arg HTTPS_PROXY=http://<host>:<port>.

according to docker assembly documents.

+1
Apr 26 '18 at 10:57
source share


More articles:


All Articles