buildkit icon indicating copy to clipboard operation
buildkit copied to clipboard
verified publisher icon moby

`httpProxy` support

Open zerkms opened this issue 6 years ago • 10 comments

I'm running docker in a network with http proxy which is configured to be used in docker using proxies.default.httpProxy configuration directive.

It works fine with the default docker.

When I enable buildkit the networking operations fails with

 > [2/2] RUN apt update && apt install -y --no-install-recommends zip:
#7 0.383 
#7 0.383 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
#7 0.383 
#7 0.657 Err:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
#7 0.657   Could not resolve 'cache.org.tld'
#7 0.913 Err:2 http://archive.ubuntu.com/ubuntu bionic InRelease
#7 0.913   Could not resolve 'cache.org.tld'
#7 0.913 Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
#7 0.913   Could not resolve 'cache.org.tld'
#7 0.913 Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
#7 0.913   Could not resolve 'cache.org.tld'
#7 0.921 Reading package lists...

cache.org.tld' (redacted) is a valid hostname, resolvable by LAN DNS.

I tried to specify dns servers additionally in the /etc/docker/daemon.json, it does not change the outcome though.

A Dockerfile for the output above:

# syntax = docker/dockerfile:1.0-experimental
FROM ubuntu:bionic as base

RUN apt update && apt install -y --no-install-recommends zip

Is it

zerkms avatar Apr 30 '19 03:04 zerkms

Yes, we do need httpProxy support in build.

Xuanwo avatar Aug 30 '19 06:08 Xuanwo

Are there any news on this? I'm wondering if proxies set under /home/user/.docker/.dockerconfigjson or /home/user/.docker/config.json are applied. I'm using BuildKit within moby/buildkit:v0.8.2-rootless image.

nichoio avatar Mar 16 '21 10:03 nichoio

@rappertomate Please considering use podman instead.

Xuanwo avatar Mar 16 '21 11:03 Xuanwo

Nevermind, i figured it out. Env variables http_proxy and https_proxy if applicable have to be set. buildkitd as well as buildctl (!) must have access to these vars.
Confusion stems from the fact that $DOCKER_CONFIG/config.json is processed to apply auths when pushing images, whereas proxies settings inside config.json are ignored it seems.
This should be stated more clearly. Maybe something that could be added to the docs @AkihiroSuda (i offer to do it)?
I'm also curious if there's any specific motivation behind the way proxy is handled as it is.

nichoio avatar Mar 16 '21 17:03 nichoio

How did you give access to thehttp_proxy https_proxy vars for buildkit in the end ? @nichoio

florian0410 avatar Aug 30 '21 16:08 florian0410

Found it ! Just add --opt build-arg:myvar=myvar

Here is my resulting code in my case

      buildctl-daemonless.sh build
      --frontend dockerfile.v0
      --local context=.
      --local dockerfile=.
      --output type=image,name=${DOCKER_IMAGE_NAME}:${BUILD_VERSION},push=${ECR_PUSH}
      ${BUILDKITD_EXTRA_ARGS}
      --opt build-arg:http_proxy=${http_proxy}
      --opt build-arg:https_proxy=${https_proxy}
      --opt build-arg:HTTP_PROXY=${HTTP_PROXY}
      --opt build-arg:HTTPS_PROXY=${HTTPS_PROXY}
      --opt build-arg:no_proxy=${no_proxy}
      --opt build-arg:NO_PROXY=${NO_PROXY}

Thank you for opening this issue it helps me to realize this proxy issue.

florian0410 avatar Aug 30 '21 16:08 florian0410

Found it ! Just add --opt build-arg:myvar=myvar

Here is my resulting code in my case

      buildctl-daemonless.sh build
      --frontend dockerfile.v0
      --local context=.
      --local dockerfile=.
      --output type=image,name=${DOCKER_IMAGE_NAME}:${BUILD_VERSION},push=${ECR_PUSH}
      ${BUILDKITD_EXTRA_ARGS}
      --opt build-arg:http_proxy=${http_proxy}
      --opt build-arg:https_proxy=${https_proxy}
      --opt build-arg:HTTP_PROXY=${HTTP_PROXY}
      --opt build-arg:HTTPS_PROXY=${HTTPS_PROXY}
      --opt build-arg:no_proxy=${no_proxy}
      --opt build-arg:NO_PROXY=${NO_PROXY}

Thank you for opening this issue it helps me to realize this proxy issue.

I do not see it working even after I set these options.

sudo buildctl build 
--frontend dockerfile.v0 
--opt build-arg:http_proxy=${http_proxy} 
--opt build-arg:https_proxy=${https_proxy} 
--opt build-arg:no_proxy=${no_proxy} 
--local context=. 
--local dockerfile=. 
--output type=image,name=docker.io/username/image,push=false

rranjan3 avatar Aug 01 '22 06:08 rranjan3

I also could not get this to work yet. My solution now is to pull all the required images before I run a build. Not elegant maybe but it's simple and it works, at least for me.

PaulSchweizer avatar Aug 06 '22 09:08 PaulSchweizer

I think apt does not support proxy configuration through environment variables, you have to modify apt files (like /etc/apt/apt.conf), see here: https://askubuntu.com/a/257296/412393

Not a docker problem IMO, it has more to do with apt

elouanKeryell-Even avatar May 17 '23 13:05 elouanKeryell-Even

I think apt does not support proxy configuration through environment variables

apt do support proxy configuration through environment variables

If no one of the above settings is specified, http_proxy environment variable will be used.

I agree with @nichoio confusion regarding the .docker/config.json file which is partially processed for auth settings, but ignored for proxy configuration.

shalashik avatar Jun 05 '23 07:06 shalashik