How do you run `apt-get` in a dockerfile behind a proxy?
I am running a virtual machine (Ubuntu 13.10) with docker (version 0.8.1, build a1598d1). I am trying to build an image with a dockerfile. First, I want to update the packages (using the code below - the proxy is obfuscated) but apt-get
times out with the error: Could not resolve 'archive.ubuntu.com'
.
FROM ubuntu:13.10
ENV HTTP_PROXY <HTTP_PROXY>
ENV HTTPS_PROXY <HTTPS_PROXY>
RUN export http_proxy=$HTTP_PROXY
RUN export https_proxy=$HTTPS_PROXY
RUN apt-get update && apt-get upgrade
I have also run the following in the host system:
sudo HTTP_PROXY=http://<PROXY_DETAILS>/ docker -d &
The host is able to run apt-get
without issue.
How can I change the dockerfile to allow it to reach the ubuntu servers from within the container?
Update
I ran the code in CentOS (changing the FROM ubuntu:13.10
to FROM centos
) and it worked fine. It seems to be a problem with Ubuntu.
Solution 1:
UPDATE:
You have wrong capitalization of environment variables in ENV. Correct one is http_proxy
. Your example should be:
FROM ubuntu:13.10
ENV http_proxy <HTTP_PROXY>
ENV https_proxy <HTTPS_PROXY>
RUN apt-get update && apt-get upgrade
or
FROM centos
ENV http_proxy <HTTP_PROXY>
ENV https_proxy <HTTPS_PROXY>
RUN yum update
All variables specified in ENV are prepended to every RUN command. Every RUN command is executed in own container/environment, so it does not inherit variables from previous RUN commands!
Note: There is no need to call docker daemon with proxy for this to work, although if you want to pull images etc. you need to set the proxy for docker deamon too. You can set proxy for daemon in /etc/default/docker
in Ubuntu (it does not affect containers setting).
Also, this can happen in case you run your proxy on host (i.e. localhost, 127.0.0.1). Localhost on host differ from localhost in container. In such case, you need to use another IP (like 172.17.42.1) to bind your proxy to or if you bind to 0.0.0.0, you can use 172.17.42.1 instead of 127.0.0.1 for connection from container during docker build
.
You can also look for an example here: How to rebuild dockerfile quick by using cache?
Solution 2:
Updated on 02/10/2018
With new feature in docker option --config
, you needn't set Proxy in Dockerfile any more. You can have same Dockerfile to be used in and out corporate environment with or without proxy setup.
command docker run
option:
--config string Location of client config files (default "~/.docker")
or environment variable DOCKER_CONFIG
`DOCKER_CONFIG` The location of your client configuration files.
$ export DOCKER_CONFIG=~/.docker
https://docs.docker.com/engine/reference/commandline/cli/
https://docs.docker.com/network/proxy/
I recommend to set proxy with httpProxy, httpsProxy, ftpProxy
and noProxy
(The official document misses the variable ftpProxy
which is useful sometimes)
{
"proxies":
{
"default":
{
"httpProxy": "http://192.168.1.12:3128",
"httpsProxy": "http://192.168.1.12:3128",
"ftpProxy": "http://192.168.1.12:3128",
"noProxy": "*.test.example.com,.example2.com,127.0.0.0/8"
}
}
}
Adjust proxy IP and port for your proxy environment and save to ~/.docker/config.json
After you set properly with it, you can run docker build and docker run as normal.
$ cat Dockerfile
FROM alpine
$ docker build -t demo .
$ docker run -ti --rm demo env|grep -ri proxy
(standard input):HTTP_PROXY=http://192.168.1.12:3128
(standard input):http_proxy=http://192.168.1.12:3128
(standard input):HTTPS_PROXY=http://192.168.1.12:3128
(standard input):https_proxy=http://192.168.1.12:3128
(standard input):NO_PROXY=*.test.example.com,.example2.com,127.0.0.0/8
(standard input):no_proxy=*.test.example.com,.example2.com,127.0.0.0/8
(standard input):FTP_PROXY=http://192.168.1.12:3128
(standard input):ftp_proxy=http://192.168.1.12:3128
Old answer (Decommissioned)
Below setting in Dockerfile works for me. I tested in CoreOS
, Vagrant
and boot2docker
. Suppose the proxy port is 3128
###In Centos:
ENV http_proxy=ip:3128
ENV https_proxy=ip:3128
###In Ubuntu: ENV http_proxy 'http://ip:3128' ENV https_proxy 'http://ip:3128'
Be careful of the format, some have http in it, some haven't, some with single quota. if the IP address is 192.168.0.193, then the setting will be:
###In Centos:
ENV http_proxy=192.168.0.193:3128
ENV https_proxy=192.168.0.193:3128
###In Ubuntu: ENV http_proxy 'http://192.168.0.193:3128' ENV https_proxy 'http://192.168.0.193:3128'
###If you need set proxy in coreos, for example to pull the image
cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.0.193:3128"
Solution 3:
You can use the --build-arg
option when you want to build using a Dockerfile.
From a link on https://github.com/docker/docker/issues/14634 , see the section "Build with --build-arg with multiple HTTP_PROXY":
[root@pppdc9prda2y java]# docker build
--build-arg https_proxy=$HTTP_PROXY --build-arg http_proxy=$HTTP_PROXY
--build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTP_PROXY
--build-arg NO_PROXY=$NO_PROXY --build-arg no_proxy=$NO_PROXY -t java .
NOTE: On your own system, make sure you have set the HTTP_PROXY and NO_PROXY environment variables.
Solution 4:
before any apt-get command in your Dockerfile you should put this line
COPY apt.conf /etc/apt/apt.conf
Dont'f forget to create apt.conf in the same folder that you have the Dockerfile, the content of the apt.conf file should be like this:
Acquire::socks::proxy "socks://YOUR-PROXY-IP:PORT/";
Acquire::http::proxy "http://YOUR-PROXY-IP:PORT/";
Acquire::https::proxy "http://YOUR-PROXY-IP:PORT/";
if you use username and password to connect to your proxy then the apt.conf should be like as below:
Acquire::socks::proxy "socks://USERNAME:PASSWORD@YOUR-PROXY-IP:PORT/";
Acquire::http::proxy "http://USERNAME:PASSWORD@YOUR-PROXY-IP:PORT/";
Acquire::https::proxy "http://USERNAME:PASSWORD@YOUR-PROXY-IP:PORT/";
for example :
Acquire::https::proxy "http://foo:[email protected]:8080/";
Where the foo is the username and bar is the password.