Base image can not be pulled when building, but can be pulled via docker pull on shell behind proxy

OS: Red Hat Enterprise Linux 8
Docker CE version: 24.0.6
Docker buildx: v0.11.2

I want to build an existing in-house docker image. I am behind a proxy.

I can pull the python base image via sudo docker pull python:3.11-bullseye, no problem.

But If I have a Dockerfile which has only FROM python:3.11-bullseye I get:

[+] Building 0.1s (3/3) FINISHED                                                                                                                                                                    docker:default
 => [internal] load .dockerignore                                                                                                                                                                             0.0s
 => => transferring context: 3.14kB                                                                                                                                                                           0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                                          0.0s
 => => transferring dockerfile: 3.73kB                                                                                                                                                                        0.0s
 => ERROR [internal] load metadata for                                                                                                                                 0.0s
 > [internal] load metadata for
   5 |
   6 |     # Pull base image
   7 | >>> FROM python:3.11-bullseye
   8 |
   9 |     # Get arguments from .yml file
ERROR: failed to solve: python:3.11-bullseye: failed to authorize: failed to fetch anonymous token: Get "": dial tcp connect: connection refused

My proxy settings:




    "http-proxy": "",
    "https-proxy": ""

What is different between pulling from shell and pulling when building and what is likely causing this?

First of all, is it really Docker Desktop as the category indicates?

No, it is docker running on a RHEL8 server without GUI. But did not find an appropriate category.
EDIT: Changed the category, does this make more sense?

Thank you for changing the category. This is indeed the correct one.

Have you found this documentation?

It links to this part:

You can add proxy configurations for the Docker client using a JSON configuration file, located in ~/.docker/config.json. Builds and containers use the configuration specified in this file.

 "proxies": {
   "default": {
     "httpProxy": "",
     "httpsProxy": "",
     "noProxy": "*,,"


I tried to set config.json already. Does not work :frowning: How can I check if the proxy is actually loaded at build time?

Also, how can I check at which point the request fails?

Since the pull didn’t work, that seems to be an evidence of not using the proxy. You could run a proxy locally and check its logs. If you see a request in the local proxy logs, at least yu know the config is correct.

Years ago I didn’t like buildkit which is the default builder now. I don’t have problems with buildkit recently, but in case of build errors I still recommend trying to disable buildkit temporarily.


docker build ...

The local proxy is one way, but you could try using tcpdump or tshark. I have an article i which I used it but only a little. Still, this is the best I can share as an example from me:

In your case you don1t need to run tshark in a container’s network namespace, but on the host. If you don’t know tshark, it will probably take time to find the right command to debug your issue. It would to me too.

according to tcpdump the build indeed seems to “ignore” my proxy settings…

My “/root/.docker/config.json” is:

“proxies”: {
“default”: {
“httpProxy”: “”,
“httpsProxy”: “

Did you restart Docker daemon or the system after change?

Yes, I did.

  1. sudo systemctl daemon-reload
  2. sudo systemctl restart docker

And do you run the docker command as root?

Sorry, but it was long time ago when I used Docker behind proxy and later the environment was completely air-gapped. I don’t use RHEL either, so it is limited what I can answer regarding proxy settings for Docker. Not to mention how Docker changed since then.

I set config.json for root and my user. To be sure that I do not miss a required setting. Also set it individually for root/user. All did not help.