BuildKit proxy error causing bad domain name

pirh · January 25, 2024, 7:19pm

Hi,
I get the following error when running docker compose up inside this folder, from this tutorial :

[+] Building 6.3s (3/3) FINISHED                                                                                                                                                                    docker:default
 => [todo-app internal] load build definition from Dockerfile                                                                                                                                                 0.0s
 => => transferring dockerfile: 1.25kB                                                                                                                                                                        0.0s
 => ERROR [todo-app] resolve image config for docker.io/docker/dockerfile:1                                                                                                                                   6.3s
 => [todo-app auth] docker/dockerfile:pull token for registry-1.docker.io                                                                                                                                     0.0s
------
 > [todo-app] resolve image config for docker.io/docker/dockerfile:1:
------
failed to solve: failed to authorize: failed to fetch oauth token: Post "<https_scheme>auth.docker.io/token": proxyconnect tcp: dial tcp: lookup http on 127.0.0.53:53: server misbehaving

I am running on Ubuntu LTS 22.04.1. and have Docker Desktop installed.
I am behind a http/https proxy server that requires authentication.

All tried docker commands are fully functional in my current configuration, except docker compose up with buildkit enabled.

After analyzing traffic during the command execution, there seems to be an issue in the proxy configuration that BuildKit uses. My proxy server URL is “<http_scheme>proxy-http.”, but DNS requests query the following domain: “http.”, missing out on the “proxy-” part.

I checked that this was the issue by adding the following line in “/etc/hosts”:
<Proxy_IP> http.

After this modification, docker compose up, DNS in no longer queried and the command does not throw the usual error, instead timing out after 20s:

[+] Building 20.0s (2/2) FINISHED                                                                                                                                                                   docker:default
 => [todo-app internal] load build definition from Dockerfile                                                                                                                                                 0.0s
 => => transferring dockerfile: 1.25kB                                                                                                                                                                        0.0s
 => ERROR [todo-app] resolve image config for docker.io/docker/dockerfile:1                                                                                                                                  20.0s
------
 > [todo-app] resolve image config for docker.io/docker/dockerfile:1:
------
failed to solve: failed to do request: Head "<https_scheme>registry-1.docker.io/v2/docker/dockerfile/manifests/1": proxyconnect tcp: dial tcp: lookup proxy-http.<domain> on 127.0.0.53:53: read udp 127.0.0.1:48598->127.0.0.53:53: i/o timeout

Could anyone who knows what the issue here is, please help ?

PS: Due to link number restrictions, I replaced schemes in URLs.

pirh · January 29, 2024, 10:08am

Thank you for your answer.

This did not solve the issue for me (except by disabling BuildKit, which I would rather not do).

I do not use Docker Desktop for building/running containers (I use CLI), but I do have it installed and running.
I have not found any settings related to environment variables in Docker Desktop.

Here is my current proxy configuration:

etc/environment:

http_proxy="http://<user>:<pass>@proxy-http.<domain>:3128"
https_proxy="http://<user>:<pass>@proxy-http.<domain>:3128"
ftp_proxy="http://<user>:<pass>@proxy-http.<domain>:3128"
no_proxy="127.0.0.1,172.23.*,172.21.*,172.20.*,localhost"

HTTP_PROXY="http://<user>:<pass>@proxy-http.<domain>:3128"
HTTPS_PROXY="http://<user>:<pass>@proxy-http.<domain>3128"
FTP_PROXY="http://<user>:<pass>@proxy-http.<domain>:3128"
NO_PROXY="127.0.0.1,172.23.*,172.21.*,172.20.*,localhost"

/etc/docker/daemon.json:

{
    "proxies": {
        "http-proxy": "http://<user>:<pass>@proxy-http.<domain>:3128",
        "https-proxy": "http://<user>:<pass>@proxy-http.<domain>:3128",
        "no-proxy": "127.0.0.1,172.23.*,172.21.*,172.20.*,localhost"
    },
    "log-opts": {
        "max-size": "10m"
    }
}

~/.docker/config.json:

{
    "auths": {},
	"credsStore": "desktop",
	"proxies": {
		"default": {
			"httpProxy": "http://<user>:<pass>@proxy-http.<domain>:3128",
			"httpsProxy": "http://<user>:<pass>@proxy-http.<domain>:3128",
			"noProxy": "127.0.0.1,172.23.*,172.21.*,172.20.*,localhost"
		}
	},
	"currentContext": "desktop-linux",
	"plugins": {
		"-x-cli-hints": {
			"enabled": "true"
		}
	}
}

Added to compose.yaml:

services:
  todo-app:
    build:
      context: ./app
      args:
        - HTTP_PROXY=http://<user>:<pass>@proxy-http.<domain>:3128
        - HTTPS_PROXY=http://<user>:<pass>@proxy-http.<domain>:3128
        - NO_PROXY=127.0.0.1,172.23.*,172.21.*,172.20.*,localhost

At each change, I ran the following commands and restarted Docker Desktop:

systemctl daemon-reload
systemctl restart docker

Here is my DNS configuration:
/etc/resolv.conf:

nameserver 127.0.0.53
options edns0 trust-ad
search <domain>

This is set automatically, and seems fine to me.

These are the results I get:
The same DNS issue is present (http.<domain> lookup instead of proxy-http.<domain>).
On docker compose up, I get the following:

[+] Building 0.4s (4/4) FINISHED                                                                                 docker:desktop-linux
 => [todo-app internal] load build definition from Dockerfile                                                                    0.0s
 => => transferring dockerfile: 1.25kB                                                                                           0.0s
 => [todo-app internal] load .dockerignore                                                                                       0.0s
 => => transferring context: 672B                                                                                                0.0s
 => ERROR [todo-app] resolve image config for docker.io/docker/dockerfile:1                                                      0.4s
 => [todo-app auth] docker/dockerfile:pull token for registry-1.docker.io                                                        0.0s
------
 > [todo-app] resolve image config for docker.io/docker/dockerfile:1:
------
failed to solve: failed to authorize: failed to fetch oauth token: Post "https://auth.docker.io/token": proxyconnect tcp: dial tcp: lookup http on 127.0.0.53:53: server misbehaving

Please tell me if you need anymore info on my configuration.

pirh · January 29, 2024, 3:11pm

Found the issue:

I had to specifiy the domain for the proxy URL in env variables, and encode the "\" character:
export http_proxy="<domain>%5c<user>:<pass>@proxy-http.<domain>"
…