Docker swarm mode not picking up proxy configuration

medihack · November 29, 2022, 3:58pm

My corporation (hospital) network is behind a proxy. I configured the docker client to use this proxy according to the official documentation. And this works as expected when running a container directly or when starting multiple containers via docker compose. I also can see there that environment variables like $HTTP_PROXY are correctly set inside the containers, and internet access is available.
But when creating a service using Docker swarm mode with docker service create (test-wise using only one swarm node), then the proxy configuration is ignored, and containers don’t have those proxy environment variables set. Do I have to add an extra step to tell swarm mode to pick up the proxies configuration?

My output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.9.1-docker)
  compose: Docker Compose (Docker Inc., v2.12.2)
  scan: Docker Scan (Docker Inc., v0.21.0)

Server:
 Containers: 12
  Running: 12
  Paused: 0
  Stopped: 0
 Images: 33
 Server Version: 20.10.21
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: active
  NodeID: w9mihkuv5mc2pttzk99x688x6
  Is Manager: true
  ClusterID: lfed819tu2dgj3n35gbugsbis
  Managers: 1
  Nodes: 1
  Default Address Pool: 10.0.0.0/8  
  SubnetSize: 24
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
  Raft:
   Snapshot Interval: 10000
   Number of Old Snapshots to Retain: 0
   Heartbeat Tick: 1
   Election Tick: 10
  Dispatcher:
   Heartbeat Period: 5 seconds
  CA Configuration:
   Expiry Duration: 3 months
   Force Rotate: 0
  Autolock Managers: false
  Root Rotation In Progress: false
  Node Address: 161.42.235.115
  Manager Addresses:
   161.42.235.115:2377
 Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 4.15.0-197-generic
 Operating System: Ubuntu 18.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.66GiB
 Name: RADIA-ADITAPP02
 ID: H2HA:NA4N:N7OB:VR6W:IMAV:BC4L:LPSB:VU2B:A2L4:4DKU:JM3L:3WCH
 Docker Root Dir: /mnt/sdb/docker
 Debug Mode: false
 HTTP Proxy: xxx:xxx@xxx:8080
 HTTPS Proxy: xxx:xxx@xxx:8080
 No Proxy: xxx
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

And my proxies configuration in ~/.docker/config.json:

{
  "proxies": {
    "default": {
      "httpProxy": "http://xxx:xxx@xxx:8080",
      "httpsProxy": "http://xxx:xxx@xxx:8080",
      "noProxy": "xxx"
    }
  }
}

rikukissa · December 13, 2022, 3:03pm

I have the same exact issue. Proxy configuration works when running containers with docker run, but the environment variables aren’t passed down to containers running in swarm.

sossaman · June 14, 2023, 9:25am

Hello,
I have the same issue as well.
Has anybody of you found a solution?

medihack · July 7, 2023, 7:05am

A simple solution is just to set the environment variables (http_proxy, HTTP_PROXY, https_proxy, HTTPS_PROXY) yourself (see https://docs.docker.com/network/proxy/#configure-the-docker-client). I am using a .env file for this. This is the thing that Docker Compose normally does, but Swarm mode doesn’t. So quite easy to work around this.

oriettaxx · August 29, 2023, 7:06pm

same same here, any update?

oriettaxx · September 5, 2023, 3:34pm

yes, it appears the configuration Configure the daemon with systemd | Docker Docs (/etc/systemd/system/docker.service.d/http-proxy.conf) is only used by docker itself to pull images

medihack · September 14, 2023, 8:06am

Yes, the Daemon proxy configuration has no effect here but makes sure images can be pulled from the Docker Repostory. All in all it’s quite confusing. Here is what I found out:

Proxies in ~/.docker/config.json (see documenation) are used when building an image from a Dockerfile.
Those settings in this file are also used for Docker Compose and are set as environment variables inside the started containers (e.g. $http_proxy, $HTTP_PROXY, …)
Those settings are also used when building an Image for Docker Swarm.
But there are no proxy environment variables automatically set in containers that are started by Docker Swarm.
A workaround is to set those proxy environment variables manually (e.g. by using an env file).

bluepuma77 · September 15, 2023, 7:05am

I would not expect a proxy env var to be automatically set just because the orchestration tool is using it. I would say this is by design.

As you write, you can manually set the env var for it to be available within the container.