apt-get in docker behind corporate proxy
The issue ended up being with DNS. Docker is running on Ubuntu, which is, itself, a Guest OS on VirtualBox. Due to it's own virutalizing mumbo jumbo, it assigned a nameserver of 127.0.0.1 in resolv.conf.
When this happens, Docker will assign itself a DNS nameserver of 8.8.8.8 (google's nameserver) since localhost refers to the docker container not the host.
To fix this, I went all the way out to Windows and ran
ipconfig /allAnd got the IP address of my laptops DNS Servers. I added these to DOCKER_OPTS in the configuration file with --dns=my.dns.ip.address and restarted docker, and the other measures I took to get through the proxy worked fine.
A couple of comments, after my own experience:
- make sure to use an http url for HTTPS_PROXY.
- use lowercase proxy variables in the Dockerfile itself
- use both cases proxy variables in the docker profile (in my case, it was in
/var/lib/boot2docker/profile) - in all instances, set a
no_proxy/NO_PROXYvariable (to.company,.sock,localhost,127.0.0.1,::1) - don't forget to include the credentials in the proxy url if your proxy request authentication.
If you are building behind the firewall, you MUST use Docker 1.9.x build-args.
Building a Dockerfile without the build args fails and blocks as follows:
3b0d8aa7c417: Pull completeDigest: sha256:dc31e6056d314218689f028b51a58b2ca69b1dfdc5f33ead52b9351e9a19ee85Status: Downloaded newer image for nodesource/trusty:4.2.3 ---> e17bee681d8fStep 2 : RUN apt-get update ---> Running in bdaf0006ccbdApt-get blocks here because it does not have connectivity with archive.ubuntu.com... You can verify that by running the image...
# docker run -ti --net=host --rm nodesource/trusty:4.2.3 bashroot@pppdc9prd9rj:/usr/src/app# apt-get update0% [Connecting to archive.ubuntu.com (91.189.92.201)]^Croot@pppdc9prd9rj:/usr/src/app# ping archive.ubuntu.comPING archive.ubuntu.com (91.189.91.24) 56(84) bytes of data.^C--- archive.ubuntu.com ping statistics ---3 packets transmitted, 0 received, 100% packet loss, time 1999msUsing the build-arg solves the problem....
# docker build -t migrator --build-arg http_proxy=$HTTP_PROXY .arg http_proxy=$HTTP_PROXY .Sending build context to Docker daemon 3.333 MBStep 1 : FROM nodesource/trusty:4.2.3 ---> e17bee681d8fStep 2 : RUN apt-get update ---> Running in 019b32d09a77Ign http://archive.ubuntu.com trusty InReleaseGet:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]Get:2 http://archive.ubuntu.com trusty-security InRelease [65.9 kB]Get:3 http://archive.ubuntu.com trusty Release.gpg [933 B]Get:4 http://archive.ubuntu.com trusty Release [58.5 kB]Get:5 http://archive.ubuntu.com trusty-updates/main Sources [326 kB]Get:6 http://archive.ubuntu.com trusty-updates/restricted Sources [5217 B]Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [1