Docker Community Forums

Share and learn in the Docker community.

Unable to deploy UCP behind corporate proxy

Hello there,

long time docker user here but first time trying out Enterprise Docker due to my work trying to evaluate docker enterprise.

What i try to accomplish
I want to deploy a Docker UCP on one of our Ubuntu 18.04 Machines.

What i did in beforehand
I properly configured the Docker Host Machine to work behind the Proxy Server.

  • Setup Env Vars HTTPS_PROXY, https_proxy, HTTP_PROXY, http_proxy and NO_PROXY / no_proxy
  • Setup Proxy Config for Docker with the Systemctl Drop-In Mechanism. (/etc/systemd/system/docker.service.d/http-proxy.conf)
  • Added Company Certificates (SSL Interception) to the Docker Host so that HTTPS Connections work properly.

This allowed me to use docker pull, docker login and docker engine activate as expected.

What doesn’t work
To deploy the UCP on the Docker Host i use the following Command:

sudo docker container run --rm -it --name ucp -e no_proxy="{IP of the Server}" -v /var/run/docker.sock:/var/run/docker.sock docker/ucp:3.1.3 install --host-address {IP of the Server} --interactive -D

After a while i encounter the Error Message

FATA[0047] the following required ports are blocked on your host: 179, 443, 2376, 6443, 6444, 10250, 12376, 12378 - 12386.  Check your firewall settings

Since i’m working with Ubuntu, i tried opening the Ports with ufw first but that didn’t work out, so i tried to open everything for testing purposes with sudo iptables -I INPUT -j ACCEPT which also gave me the same error message.

So i assume that the Ports aren’t the actual issue here.

Relevant Log Output

DEBU[0003] EnginePortCheck: port 2375, prpl http, err Get http://{IP of the Server}:2375/info: dial tcp {IP of the Server}:2375: connect: connection refused
DEBU[0003] EnginePortCheck: port 2375, prpl https, err Get https://{IP of the Server}:2375/info: dial tcp {IP of the Server}:2375: connect: connection refused
DEBU[0003] EnginePortCheck: port 2376, prpl http, err <nil>
DEBU[0003] EnginePortCheck: port 2376, prpl https, err Get https://{IP of the Server}:2376/info: http: server gave HTTP response to HTTPS client
WARN[0003] Unauthorized users may be able to access this node since it's listening on port 2376. Learn more at https://docker.com/ddc-18
WARN[0003] Installation will continue in 10 seconds...
DEBU[0013] Checking for available and accessible port 2376
DEBU[0013] Checking for available and accessible port 12384
DEBU[0013] Checking for available and accessible port 179
DEBU[0013] Checking for available and accessible port 12380
DEBU[0013] Checking for available and accessible port 12378
DEBU[0013] Checking for available and accessible port 12382
DEBU[0013] Checking for available and accessible port 12383
DEBU[0013] Checking for available and accessible port 6443
DEBU[0013] Checking for available and accessible port 12376
DEBU[0013] Checking for available and accessible port 10250
DEBU[0013] Checking for available and accessible port 12385
DEBU[0013] Checking for available and accessible port 6444
DEBU[0013] Checking for available and accessible port 443
DEBU[0013] Checking for available and accessible port 12381
DEBU[0013] Checking for available and accessible port 12379
DEBU[0013] Checking for available and accessible port 12386
DEBU[0015] Checking for liveness of http://{IP of the Server}:12384/
DEBU[0016] Checking for liveness of http://{IP of the Server}:12376/
DEBU[0016] Checking for liveness of http://{IP of the Server}:6443/
DEBU[0016] Checking for liveness of http://{IP of the Server}:443/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12382/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12383/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12381/
DEBU[0017] Checking for liveness of http://{IP of the Server}:179/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12378/
DEBU[0017] Checking for liveness of http://{IP of the Server}:2376/
DEBU[0017] Checking for liveness of http://{IP of the Server}:10250/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12380/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12379/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12386/
DEBU[0017] Checking for liveness of http://{IP of the Server}:12385/
DEBU[0017] Checking for liveness of http://{IP of the Server}:6444/
FATA[0047] the following required ports are blocked on your host: 179, 443, 2376, 6443, 6444, 10250, 12376, 12378 - 12386.  Check your firewall settings

My thoughts
Since i have a tremendous amount of experience how software acts when used behind a proxy server and what to do to mitigate that, i suspect that the issue has something to do with the proxy.
The Line

DEBU[0003] EnginePortCheck: port 2376, prpl https, err Get https://{IP of the Server}:2376/info: http: server gave HTTP response to HTTPS client

gives me the Idea that the program tries to connect to the server but get’s an answer from the proxy server instead. To try to mitigate that i already added the -e argument to the UCP Launch command as well as i added no_proxy settings as Environment Vars and also to the systemctl dropin file.

But all that doesn’t work.

That’s why i decided to write here in the Docker Forum, where probably much smarter people can help me get through this.

Thanks in advance and greetings from germany o/

Alright, i finally was able to resolve the issue by myself…

The issue actually was what i expected… The container tried to access the node through the proxy server.
I correctly tried to mitigate the issue with the no_proxy environment variable which was almost correct. It expects the var in all uppercase, so -e NO_PROXY did the job.