Docker Community Forums

Share and learn in the Docker community.

Stuck behind a corporate proxy, cannot get a docker setup to complete

Hello,

I’ve setup Docker before with Rancher when we didn’t have a proxy and things were pretty smooth. However we now have a proxy and it’s making my life much harder. Currently I have 4 nodes, 3 for docker/kubernetes and 1 for the load balancer. Right now I’m trying to install the load balancer nginx, but I keep running into issues. I’ve googled around trying to find fixes for where to put the proxy, but it seems I don’t have certain paths, like /etc/systemd/docker or other ones that might help. I basically get this error:

docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /etc/nginx.conf:/etc/nginx/nginx.conf nginx:1.15
Unable to find image ‘nginx:1.15’ locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).

So I don’t know what to do here. I have a presentation I’d like to give next Monday and this is stopping me from being able to do so. I’m using Docker 17.03.2, but if a newer version fixes what ails me then that’s fine as well.

Did you consult the documentation?

This seems like the right fit for your situation:

I am afraid you need to provide the http_proxy and https_proxy as build-arg when building images and envs when running the containers in your environment.

So I’m trying to create that under the user I’m creating the containers under, but whenever I try to save it just tells me “/home/username/.docker/config.json” E212: Can’t open file for writing, Press ENTER or type command to continue. I created the file using sudo, but no luck.

I upgraded to Docker 18.09 as well to see if that’d make any difference, but no dice.

You are aware that the link i pasted points out to what needs to be done on Docker older version 17.07 and you still go for what is specificly ment to 17.07 and newer… why?

Impatience. Frustrated that I’m behind a proxy now and have to re-do a whole bunch of work that I really didn’t want to do. Looking at your link though I notice that configuring the docker client part is for 17.07 and later, and if I’m at 18.09 now shouldn’t that work?

The anchor specificly was for versions below 17.07 and had a link to the documentation for 17.07 and newer.

Vi can not simply create missing folders, can it? try:
mkdir -p ~/.docker
vi ~/.docker/config.json

This makes only sense if you are root OR your user is added to the group docker.

Yes my user is added to the group docker. I tried creating the file that’s for 17.07 or higher with this code (Modified of course for my environment)

{
 "proxies":
 {
   "default":
   {
     "httpProxy": "http://127.0.0.1:3001",
     "httpsProxy": "http://127.0.0.1:3001",
     "noProxy": "*.test.example.com,.example2.com"
   }
 }
}

But no difference.  Did a systemctl restart docker after saving the file and trying again, but still no go.

Restarting the docker service had no advantage, though also did no harm… The cli picks up the new config when a new container is created/started.

Just to be sure: you don’t use sudo dockerright? Putting the sudo in front would switch the process to executed by root and then the config file wouldn’t be picked up.

Nope, don’t use ‘sudo’ in front of docker. So with that being said any reason why it’s not working still?

not realy. Our environments are still on Docker EE2.0, thus on Docker 17.06, where setting environment variables was enough…

Update: I missread, I thought you updated to 18.09 due to impations. Though, you did not. The recomendation to edit the file was aimed towards 18.09. Not for 17.03!

Yeah, so editing the file with the newer version of Docker still doesn’t help. Do you have any other ideas? I’d really like to get this working and finally get past this proxy stuff so I can properly document it so I know what to do in the future.

This is incredibly frustrating. I’ve create proxy settings all over the place and nothing seems to work. I’ve done the following without success:


And a host of other things. Nothing works. I keep getting this error:

docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).

This is driving me bonkers. I was really hoping to have this resolved, but there’s nothing that works. I’ve even created a new image and when I set the proxy in spots for curl, wget and yum those wound up working, but it seems I cannot find the proper spot on a CentOS 7.6 image running Docker 18.09 or 17.03.2 that works. There has to be a solution for this, but I don’t know what it is and I’m tired of googling around only to find the same answers over and over that don’t work for me.

You really tried HTTP_PROXY and HTTPS_PROXY environment variables? I mean typing “env” shows your proxy settings before you try to pull an image? Is the env globally?

Did you try wget/curl first?
Like to the displayed URL?

Like
wget https://registry-1.docker.io/v2/

If your env is correct AND your proxy allows the connection (if!) this should return smth…!?

Nope sorry didn’t try the wget curl commands first. Never thought of that. I’m not a Linux guy, but I’m learning and this project was kind of thrown on me without any training which has been a lot of work. So when I just type in ‘env’ I should see my proxy settings? If I don’t then where should I go to get it to show when I type in ‘env’? I’ve put the proxy settings in so many spots, but none seem to work.

So I did just try the wget command you listed and I got this:

Resolving <my.proxy.address>
Connecting to <my.proxy.address> on the specified port…connected
Proxy request sent, awaiting response…401 Unauthorized
Authorization failed.

Thing is we shouldn’t need to use any credentials for this. Everywhere else (vCenter, Windows machines) we don’t specify any credentials for the proxy and it just works. So what am I missing?

Ok, so I’m able to get the proxy info to show when I run ‘env’, however after I logout that goes away and I have to re-run the export commands. Even after doing that I still get the 401 authorized error.

At the same time if I run ‘sudo yum -y update’ that works. That updated my docker version from 17.03 to 18.09 which I’m fine with.

To be honest I never used docker behind a proxy. But I know that most CLI progs obey the environment variables and the mentioned documentation above seemed that docker does this too.

401 might be okay - perhaps the server responses so not your proxy.
PERHAPS (I dont know this and currently cannot test this) your solution could be to add the proxy environment vars to your system settings … instead of exporting them.

yum might be configured on its own.

On debian there is a file /etc/environments
I dont know what you use. CentOs?

You can try the following (worked in my environment behind a proxy):

sudo mkdir –p /etc/systemd/system/docker.service.d
sudo vi /etc/systemd/system/docker.service.d/http-proxy.conf

http-proxy.conf has to have following content (adjusted to your environment):

[Service]
Environment=“HTTP_PROXY=http://proxyhost:port”
Environment=“HTTPS_PROXY=http://proxyhost:port”
Environment=“NO_PROXY=127.0.0.1,localhost”

Tried that. Doesn’t make a difference for me at all.