Docker daemon doesn't respect no_proxy IP range in CIDR notation (regression?)

[jperville]

Unlike what has been said in #4214, docker (as of version 1.3.1) does not respect no_proxy IP range in CIDR notation. It was supposedly fixed in #4836.

How to reproduce (assuming ubuntu 14.04 host with an internal IP of 192.168.33.10):

• install lxc-docker-1.3.1
• make a tunnel to an existing docker registry, eg. socat TCP4-LISTEN:8080,fork,reuseaddr TCP4:index.docker.io:80'
• put the following content in /etc/default/docker:

# Docker Upstart and SysVinit configuration file

# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS='--insecure-registry=192.168.33.10:8080'

# If you need Docker to use an HTTP proxy, it can also be specified here.
export HTTP_PROXY=http://192.168.33.10:1337 # nobody there
export NO_PROXY=192.168.33.0/24

• sudo service docker restart
• sudo docker pull 192.168.33.10:8080/busybox:ubuntu-14.04 # fails because NO_PROXY CIDR range is not interpreted and the inexistent proxy is then used.

To prove that NO_PROXY is used, change the export NO_PROXY=192.168.33.0/24 line to export NO_PROXY=192.168.33.10 and sudo service docker restart then attempt the docker pull above again. It will work (or at least fail without contacting the inexistent proxy) which means that NO_PROXY is respected but only for ip address, not for CIDR ranges.

[LK4D4]

I believe that this is way how NO_PROXY works in Linux.
http://unix.stackexchange.com/questions/23452/set-a-network-range-in-the-no-proxy-environment-variable

[jperville]

@LK4D4 I'm sorry, I must have been quite tired to write this nice issue for non-standard usage of the no_proxy environment variable. I have just tested and Indeed, neither wget nor curl understand no_proxy environment variable containing network ranges, only explicit suffixes.

Feel free to close the issue.

[LK4D4]

Thanks!

[ant-caichu]

My service info:
[root@mesos paas]# docker version
Client:
Version: 1.12.5
API version: 1.24
Package version: docker-common-1.12.5-14.el7.centos.x86_64
Go version: go1.7.4
Git commit: 047e51b/1.12.5
Built: Mon Jan 23 15:35:13 2017
OS/Arch: linux/amd64

Server:
Version: 1.12.5
API version: 1.24
Package version: docker-common-1.12.5-14.el7.centos.x86_64
Go version: go1.7.4
Git commit: 047e51b/1.12.5
Built: Mon Jan 23 15:35:13 2017
OS/Arch: linux/amd64

I change no_proxy to 192.168.220.13, but still not work, is there anything wrong?

[thaJeztah]

@hpejustin documentation for setting proxy environment variables on the daemon can be found here; https://docs.docker.com/engine/admin/systemd/#httphttps-proxy. I see you're not running an official build of Docker, but the Red Hat fork, so it's possible things work a bit different for that

Please keep in mind that the GitHub issue tracker is not intended as a general support forum,
but for reporting bugs and feature requests. For other type of questions, consider using one of;

• the Docker Support Forums - https://forums.docker.com
• the Docker community Slack channel (register here: http://dockr.ly/community)
• StackOverflow