Here is my whole scenario.
I have a RHEL 7.1 vmware image, with the corporate proxy properly configured, accessing stuff over http or https works properly.
Installed docker-engine, and added the HTTP_PROXY setting to /etc/systemd/system/docker.service.d/http-proxy.conf. I can verify the proxy setting is picked up by executing:
sudo systemctl show docker --property Environment
which will print:
Environment=HTTP_PROXY=http://proxy.mycompany.com:myport/ with real values of course.
Pulling and running docker images works correctly this way.
The goal is to work with the binary distribution of openshift-origin. I downloaded the binaries, and started setting up things as per the walkthrough page on github:
https://github.com/openshift/origin/blob/master/examples/sample-app/README.md
Starting openshift seems to work as I can:
* login via the openshift cli
* create a new project
* even access the web console
But when I try to create an app in the project (also via the cli):
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
It fails:
error: can't look up Docker image "centos/ruby-22-centos7": Internal error occurred: Get https://registry-1.docker.io/v2/: dial tcp 52.71.246.213:443: connection refused
I can access (without authentication though) this endpoint via the browser on the VM or via WGET.
Hence I believe DOCKER fails to pick up the proxy settings. After some searching I also fear if there are IPTABLES settings missing. Referring to:
https://docs.docker.com/v1.7/articles/networking/
But I don't know if I should fiddle with the IPTABLES settings, should not Docker figure that out itself?
Check your HTTPS_PROXY environment property.
Related
I have a java application as JAR. This JAR application runs fine from my machine, meaning it can send and receive HTTP Requests to and from an API Endpoint (let's call this endpoint example.com/api/).
And then i built a docker image of this JAR Application, and tried to run the image as container from my docker desktop. But then i got this error.
the error i got
it seems like my application cant reach the url from inside the docker container. I tried to set the proxy in Settings -> Resources -> Proxies -> Manual proxies configuraton, and put my company proxy since i'm inside my company network. But still it doesn't work.
I tried to google this problem but almost nothing shows up (anything that shows up have little correlation with my problem). Anyone knows what seems to be the problem? What should I do?
First check if your container is able to communicate with the endpoint. Ping or curl it from the container shell. If you use proxy, set environment variables in container:
export http_proxy=http://server-ip:port
export https_proxy=https://server-ip:port
I spent the whole day trying to pull an image on my MacBook through a corporate HTTP proxy, with no luck.
It is an authenticated proxy, of the form: http://username:password-with-special-characters#proxy.domain:8080
The http_proxy and https_proxy variables are set in my .zshrc.
The proxy details are set in the system's preferences.
When I try to docker pull hello-world without altering proxy settings in the Docker for Mac UI, I got:
Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable
When I also set the proxy through the Docker for Mac UI I got:
Error response from daemon: Get https://registry-1.docker.io/v2/: Proxy Authentication Required
I can curl https://registry-1.docker.io/v2/ directly on the terminal, and get back a 200.
I tried with and without URI encoding the special characters in my password, doesn't change a thing.
I used to have some issues with the same proxy on a Linux machine, but got it to work by messing with systemd. On macOs, I don't know if I can do something similar.
Help would be very much appreciated.
Thanks in advance !
For those who had this error, it was because of a bug between Cisco AnyConnect and Docker. This bug has been fixed with Docker for Mac 3.4.0.
I'm running Docker Desktop for MacOS. Like many of us, I'm working from home right now and I access certain services that are inside the corporate firewall from my home machine via a SOCKS5 proxy. I'm trying to build a number of services in Docker containers and these containers also need access to the services at work. The problem is that Docker on MacOS does not support SOCKS proxies. I was hoping I could use something like host network mode, but that is also not supported on MacOS.
Any suggestions on how I do the above (other than switching to Linux ;-))
EDIT: add more detail on my environment.
Working from home on a Mac running MacOS Catalina Connected to
various services at work using SOCKS5 proxy and a few SSH tunnels.
Running the Proxifier application to make it easier to allow variousapplications to tunnel via the SOCKS proxy.
Docker Desktop for MacOS.
Ruby on Rails stack inside a Docker container in which certain Gems are developed in-house and
hosted on our internal (behind the corporate firewall) Gitlab server. So the stack needs access to that Gitlab server when the Gems are installed.
OK. I think I've come up with something workable. I'd still appreciate comments on this in case there's a better way. I'm always happy to learn.
Proxifier routes all traffic to *.mydomain.com to the SOCKS5 proxy.
I've created an SSH tunnel on my MacOS host: -L 8443:gitlab-server.mydomain.com:443
In the Gemfile, I reference the gitlab server as https://host.docker.internal:8443
The only sticky bit was that I get an SSL cert verification error since I'm not referencing the Gitlab server at the *.mydomain.com domain. I worked around this by doing git config --global http.sslVerify "false" just before the bundle install so that the git clone commands issued by the Bundler to install the Gitlab-hosted Gems ignore SSL verification errors.
This seems to be working fairly well. The actual Gitlab URL in the Gemfile is parameterized so that the "real" Gitlab URL can be used when inside the corporate firewall.
I created a Weblogic generic container for version 12.1.3 based on the official Docker images from Oracle at https://github.com/oracle/docker-images/tree/master/OracleWebLogic/dockerfiles
Command: buildDockerImage.sh -g -s -v 12.1.3
This creates the image oracle/weblogic:12.1.3-generic
Using a modified version of sample dockerfile for 1213-domain, I built the Weblogic container.
Note: changed the base image to be generic, instead of developer
docker build -t 1213-domain --build-arg ADMIN_PASSWORD="admin123" -f myDockerfile .
Pushed the built image to Amazon ECR and ran the container using the AWS ECS. Configured the port mappings as 0:7001, set memory soft limit as 1024, nothing else changed in default ECS settings. I have an application load balancer in the front, which receives traffic at 443 port and forwards to the containers. In the browser I get a login page for Weblogic, when I enter username as weblogic and password as admin123, I get the error:
Authentication Denied
Interestingly when I go to the container and connect to the weblogic using WLST, it works fine.
[ec2-user#ip-10-99-103-141 ~]$ docker exec -it 458 bash
[oracle#4580238db23f mydomain]$ /u01/oracle/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect("weblogic","admin123","t3://localhost:7001")
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server "AdminServer" that belongs to domain "mydomain".
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
wls:/mydomain/serverConfig>
Any hints on what can be going wrong?
Very interesting indeed. :) .. You are sure there is no special characters or so when you entering the username and password. Try typing the same if you are coping.
Also as backup, since you are able to login to WLST you can try two option.
Resetting the current password of weblogic or try adding new username and password.
below link will help
http://middlewarebuzz.blogspot.com/2013/06/weblogic-password-reset.html
or
http://middlewaremagic.com/weblogic/?p=4962
I want to develop code inside a container on a remote Docker host with VS Code, but I cannot connect to Docker on the remote machine via SSH (ECONNREFUSED 127.0.0.1:80).
Following the VS Code instructions to use a SSH tunnel (https://code.visualstudio.com/docs/remote/containers-advanced#_option-2-connect-using-an-ssh-tunnel) I got this error:
"Unable to connect to Docker. Please make sure you have installed
Docker and that it is running. Details: connect ECONNREFUSED
127.0.0.1:80"
I started VS Code (Windows 10), updated the docker.host (File->Preferences) property to:
{
"docker.host":"tcp://localhost:23750"
}
and ran:
ssh -NL localhost:23750:/var/run/docker.sock user#hostname
It looked like established the tunnel successfully. I run Docker on a virtual machine (centOS).
When I opened the Docker view and expanded the Containers node in the explorer I got the above mentioned error. To me it looks like VS Code tries to connect to port 80 but I specified port 23750 in the settings. How can I successfully connect to the remote host?
I found a fix here: https://github.com/microsoft/vscode-docker/issues/580
Remove the prefix tcp:// from the docker.host settings, e.g.:
"docker.host": "localhost:23750"
I know that this question is old but for anyone still looking for options I solved a similar issue on my computer using IPv6.
So in your case:
{
"docker.host":"tcp://[::1]:23750"
}
I configured the host on the environment variable DOCKER_HOST.