Docker for Mac and corporate proxy - docker

I spent the whole day trying to pull an image on my MacBook through a corporate HTTP proxy, with no luck.
It is an authenticated proxy, of the form: http://username:password-with-special-characters#proxy.domain:8080
The http_proxy and https_proxy variables are set in my .zshrc.
The proxy details are set in the system's preferences.
When I try to docker pull hello-world without altering proxy settings in the Docker for Mac UI, I got:
Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable
When I also set the proxy through the Docker for Mac UI I got:
Error response from daemon: Get https://registry-1.docker.io/v2/: Proxy Authentication Required
I can curl https://registry-1.docker.io/v2/ directly on the terminal, and get back a 200.
I tried with and without URI encoding the special characters in my password, doesn't change a thing.
I used to have some issues with the same proxy on a Linux machine, but got it to work by messing with systemd. On macOs, I don't know if I can do something similar.
Help would be very much appreciated.
Thanks in advance !

For those who had this error, it was because of a bug between Cisco AnyConnect and Docker. This bug has been fixed with Docker for Mac 3.4.0.

Related

docker login fails: tls: server selected unsupported protocol version 301

I am using docker version 18.09.0, build 4d60db4 in a Windows machine and I am trying to login to Artifactory using the following command,
docker login docker-registery.company.net
It prompts for username and password and I am providing them, however I am not able to login. It gives me the following error:
Error response from daemon: Get https://docker-registery.company.net/v2/: tls: server selected unsupported protocol version 301
Note: I am able to login to the Artifactory Repo Browser through my web browser by using the same username and password.
What is causing this issue when I try to login from the command-line? Is it some kind of proxy or certificate issue?
protocol version 301 = TLS 1.0 - that is insecure TLS version, which has been selected by the server (in theory by Artifactory, but there can be reverse proxy, Tomcat, etc. where TLS can be configured as well).
Configure properly TLS on the server side (enable support for TLS 1.1+) and your docker client will be able to establish a secure TLS connection. "insecure registry" is just insecure workaround.
We have the same issue after some of Windows update
You can manually change the default TLS version in windows by editing register
Change needed values in regedit.exe or store this code as .reg file and execute it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
Hope, it will solve your problem
Try this,
docker login --username=yourUserName --email=abc#company.net dockerregistry.company.net:5000
Obviously, if you are using a port other than 5000 specify it after the colon.
Once you log in, you can do something like
docker push dockerregistry.company.net:5000/ubuntu
or
docker pull dockerregistry.company.net:5000/ubuntu
None of the above answers actually worked for me.
However, I manged to find a fix for it. Keep in mind that, this is not a perfect solution but a work around.
Here it goes...
I added my Artifactory registry as an insecure registry. Here's how to do it: https://docs.docker.com/registry/insecure/
Therefore, by passing the TLS handshake.

Getting HTTP ERROR 404 with Jenkins

I am getting below error when trying to access jenkins pipeline url. I tried clearing the browser cache, tried different browsers etc but no luck. the same pipeline url works fine for other users but not for me. any ideas why it throwing 404 error for me? many thanks!
HTTP ERROR 404
Problem accessing /job/jenkins/job/test/. Reason:
Not Found
Powered by Jetty:// 9.4.z-SNAPSHOT
After loging in as an administrator, use the url http://localhost:8080.
It initially takes to the url that says jenkins in it's name, which will not work. The URL you want to access is http://localhost:8080
Also if you have a different port binded you can try to call the url as http://[ip]:[port]/jenkins
If you get such error like it was mentioned above you should access through the URL "http://localhost:8081/jenkins/", but not only "http://localhost:8081".
Btw my port is 8081 because of the circumstance that my 8080 port is already used.
Have a good day!
There can be probably one of these reasons :
You do not have the access to the job.
You do have access to the job but you are not logged in . Try to login to jenkins in another window and check remember me on this computer , then open that url.
You are trying to access it from another server which is not whitelisted from the jenkins master server ,i.e it is not allowed access.
These are the best guesses I coud get .If these do not work then someone needs to manually check the url you are entering and other environment related issues themselves.
There is a common mistake that most of the people making.(while running jenkins.war from CMD)
Please ensure that your tomcat server is 'up and running' locally.
Follow these steps.
try restarting your jenkins service with $sudo service jenkins restart
I have faced the same issue and identified JIRA and Jenkins are installed on same port 8080. Jenkins service is starting first because of that JIRA was not working. Then I have edited Jenkins.xml file with port 8081 and restarted the services it was working fine.
When I ran jenkins.war from CMD, I faced the same issue. Practically when you run jenkins.war from CMD, localhost:8080 is where jenkins is available. But if you run the startup.bat file, then the path you have set, say, localhost:8080/jenkins will work.
If you are using a hook this error occurs. This is a known issue in GIT showing 404 error. Way around of the above said problem is to use the NIC ID instead of using "localhost".
I used a docker container to start jenkins locally for a test purpose.
Here is the cmd: docker run -p 8080:8080 -p 50000:50000 jenkins reffered to official documentation: https://hub.docker.com/_/jenkins?tab=description.
After started the container, I browsed into http://localhost:8080 and got
HTTP ERROR 404
Problem accessing /job/jenkins/job/test/. Reason:
Not Found
Powered by Jetty:// 9.4.z-SNAPSHOT
I just removed exposing the JNLP port which is 50000
And the command to start docker was: docker run -p 8080:8080 jenkins
And now, I was able to browse the application at http://localhost:8080 without not found error.
Thanks

Docker Desktop for Windows configure to use Proxy Auto-Config Script (PAC)

I am using windows 10 Enterprise Version 1607,
We use a Proxy Auto Config (PAC) script for Proxy config.
The problem is docker connectivity. I have Docker 17.12.0-ce (stable release) is installed. I'm not able to configure Docker to use PAC to pull docker registry images.
Kindly help! I've gone through the official documentation several times, but nothing helpful. I'm not sure if I'm missing something.
.pac configuration file is actually returning a proxy server address based on which url you are visiting.
So you can skip using .pac and set your HTTP PROXY directly to docker.
If you want to know what is your proxy server address, visit the .pac from your browser, read it and you will find the proxy server address in clear text there.

Docker cannot acces registry from openshift

Here is my whole scenario.
I have a RHEL 7.1 vmware image, with the corporate proxy properly configured, accessing stuff over http or https works properly.
Installed docker-engine, and added the HTTP_PROXY setting to /etc/systemd/system/docker.service.d/http-proxy.conf. I can verify the proxy setting is picked up by executing:
sudo systemctl show docker --property Environment
which will print:
Environment=HTTP_PROXY=http://proxy.mycompany.com:myport/ with real values of course.
Pulling and running docker images works correctly this way.
The goal is to work with the binary distribution of openshift-origin. I downloaded the binaries, and started setting up things as per the walkthrough page on github:
https://github.com/openshift/origin/blob/master/examples/sample-app/README.md
Starting openshift seems to work as I can:
* login via the openshift cli
* create a new project
* even access the web console
But when I try to create an app in the project (also via the cli):
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
It fails:
error: can't look up Docker image "centos/ruby-22-centos7": Internal error occurred: Get https://registry-1.docker.io/v2/: dial tcp 52.71.246.213:443: connection refused
I can access (without authentication though) this endpoint via the browser on the VM or via WGET.
Hence I believe DOCKER fails to pick up the proxy settings. After some searching I also fear if there are IPTABLES settings missing. Referring to:
https://docs.docker.com/v1.7/articles/networking/
But I don't know if I should fiddle with the IPTABLES settings, should not Docker figure that out itself?
Check your HTTPS_PROXY environment property.

Docker network issue: Server misbehaving

I am trying to resolve this network issue which I am facing multiple time while performing any docker commands like "Docker search Ubuntu".
I get an error saying:
"Error response from daemon: server misbehaving.
Can anyone help me on this?
For those who have this problem, it is typically related to having an issue with your DNS being unable to resolve index.docker.io. I had this issue today working from home where my internet connection has a default DNS server that is notoriously flakey.
My dev environment is OSX and I easily solved the issue by changing my DNS servers in network settings to Google's DNS servers (8.8.8.8 and 8.8.4.4) and then restarting my docker host through docker-machine restart MACHINENAME
Faster/Easier Solution: login to docker-machine and fix the dns.
Turns out you don't have to go to all the trouble and waiting associated with restarting docker-machine. Just login to the docker machine (i.e. docker-machine ssh default) and edit /etc/resolv.conf - Add the dns settings from your host machine at the top of resolv.conf.
This is more or less what happens when you restart docker-machine and explains why some repositories are unreachable sometimes after you switch networks.
I also had the exact same problem. Then I stopped the docker-machine and started it--it worked.
Make sure that, when you run this, you are connected to the internet, as Docker needs to be able to do this.
My issue not solved with stated Answer here.
This is problem with resolving Host... I was getting random error time out and misbehave
You need to enable through a configuration property experimentalHostResolver in %APPDATA%\rancher-desktop\settings.json. By default this property is set to false, meaning that the default DNS process in the rancher desktop will be handled through dnsmasq. However, if this property is set to true the default DNS lookup will switch to host-resolver.
NOTE: This feature can only be enabled for Windows currently and it is
an experimental feature
You can take a look at the example settings.json file below as a reference:
"kubernetes":{
"experimentalHostResolver":true <== This is the config!
},
Reference

Resources