Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unwanted Proxy #2467

Open
ricfeatherstone opened this issue Jan 19, 2018 · 23 comments

Comments

@ricfeatherstone
Copy link

commented Jan 19, 2018

Expected behavior

Docker should not run with a proxy settings if there is no proxy configured
It should be possible to manually override any proxy settings

Actual behavior

I am not running a proxy on my machine, have no proxy settings, but Docker is running with proxy settings.

docker info | grep -i proxy
HTTP Proxy: docker.for.mac.http.internal:3128
HTTPS Proxy: docker.for.mac.http.internal:3129

Changes in Preferences > Proxies > Manual Proxy Configuration are unable to override this setting

Even manually updating the configuration files fails to change the proxy settings

I've also tried uninstalling, removing ~/.docker, ~/Library/Containers/... and ~/Library/Group Containers/.. folders and reinstalling all without success.

I believe the problem is in the latest update

Information

Docker for Mac: version: 17.12.0-ce-mac47 (72b93a017350990850ddc37cd341bd16fce3e911)
macOS: version 10.13.2 (build: 17C88)
logs: /tmp/CB9AD7A5-6C90-4D57-B8F4-0B4549E1F6B2/20180119-093345.tar.gz
[OK] db.git
[OK] vmnetd
[OK] dns
[OK] driver.amd64-linux
[OK] virtualization VT-X
[OK] app
[OK] moby
[OK] system
[OK] moby-syslog
[OK] kubernetes
[OK] env
[OK] virtualization kern.hv_support
[OK] slirp
[OK] osxfs
[OK] moby-console
[OK] logs
[OK] docker-cli
[OK] menubar
[OK] disk

@bartoszhernas

This comment has been minimized.

Copy link

commented Jan 19, 2018

Same issue here :/. My microservice cannot connect to external hosts anymore

@bartoszhernas

This comment has been minimized.

Copy link

commented Jan 19, 2018

The build from here #2442
fixed the issues for me

@ricfeatherstone

This comment has been minimized.

Copy link
Author

commented Jan 20, 2018

I think that, or the latest edge might work for me too.

I updated a config file somewhere yesterday, manually setting the proxy trying to override. It didn't work then but it does now. If I can just find that file, remove my changes, I think I'll be good to go

@thaJeztah

This comment has been minimized.

Copy link
Member

commented Jan 20, 2018

Looks like previously a transparent proxy was used, but this was changed to resolve #2320, and #2386

Also may be worth updating to mac49

@ricfeatherstone

This comment has been minimized.

Copy link
Author

commented Jan 20, 2018

OK, so the build referenced above does not work for me.
If I update from that build to the latest Edge, the proxy settings change to what I added yesterday. So I think latest Edge would work if I could find out where it's getting it's config from.

It would be good if switching to manual proxy configuration in the UI and leaving blank would override but it doesn't. Even adding the following to ~/Library/Group\ Containers/group.com.docker/settings.json does not help.

  "proxyHttpMode" : "manual",
  "overrideProxyHttp" : "",
  "overrideProxyHttps" : "",
  "overrideProxyExclude" : "",

Can anyone provide more info on where it's getting it config from?

Somewhere I added the following to a file, which appears to be getting picked up, but I can't find the file

"proxies":
      {
        "default":
        {
          "httpProxy": "docker.for.mac.http.internal:3128",
          "httpsProxy": "docker.for.mac.http.internal:3128",
        }
      }
docker info | grep -i proxy
HTTP Proxy: docker.for.mac.http.internal:3128
HTTPS Proxy: docker.for.mac.http.internal:3128
cat ~/.docker/config.json 
{
  "auths" : {

  }
cat ~/Library/Group\ Containers/group.com.docker/http_proxy.json 
{}
@thaJeztah

This comment has been minimized.

Copy link
Member

commented Jan 20, 2018

ping @djs55 - who's more familiar with this 😇

@ricfeatherstone

This comment has been minimized.

Copy link
Author

commented Jan 22, 2018

I've deleted everything in

  • ~/.docker
  • ~/Library/Containers/com.docker..
  • ~/Library/Group Containers/group.com.docker..

and reverted to Docker for Mac: version: 17.09.1-ce-mac42 and this has removed the unwanted proxy settings so the issue must be in the update.

I have searched everywhere for the file I added the json configuration for the proxy that was being picked up in the latest edge release but cannot find it.

Where else would docker be picking up config from?

@djs55

This comment has been minimized.

Copy link
Contributor

commented Jan 22, 2018

Thanks for your report.

The most recent versions of Docker for Mac have a built-in HTTP and HTTPS proxy (as well as proxies for TCP, UDP, ICMP, NTP and DNS). The docker engine is configured to use these proxies (on docker.for.mac.http.internal) which then either forward to an upstream proxy (if defined) or they fetch the resources themselves. The main benefit is that we avoid having to restart the VM when the proxy settings change.

There were a few bugs in the initial mac47 release, most of which have been resolved in mac49. One bug whose fix has not been released yet is a fix for setting the proxy in the Mac UI to docker.for.mac.host.internal (or docker.for.mac.localhost) and manually running a proxy (or an ssh tunnel to a remote proxy) on the host. This should be fixed in the next update-- if you would like to try it there is a pre-release version here: https://download-stage.docker.com/mac/bysha1/7249e09cc44eb4589e7a339c41cb5096fffdf79d/Docker.dmg

Could you describe a scenario that doesn't work for you with the new proxy scheme?

Thanks!

@ricfeatherstone

This comment has been minimized.

Copy link
Author

commented Feb 28, 2018

I've just updated as I needed a stable docker environment for things I was working on. The problem is still there.

I am running an OpenShift cluster using oc cluster up and having a proxy configured breaks that, as referenced in the other issue above.

I don't want a proxy setting, I want the previous network settings that worked. Is it possible to add the new proxy as an optional configuration setting, or at least have a simple way to turn it off?

What was the reasoning behind changing the behaviour here, docker on linux does not do this and it was an unexpected (and unwanted) change that appears is unable to be switched off

@djs55

This comment has been minimized.

Copy link
Contributor

commented Mar 4, 2018

There are some proxy fixes in the pipeline -- if you'd like to try them then have a look at this comment. Hopefully the fixes will be released in an edge build soon.

If this new build still doesn't fix the problem, could you upload a set of fresh diagnostics? The proxy-related logging in the new build should be better and hopefully will make clear what's going on.

@ricfeatherstone

This comment has been minimized.

Copy link
Author

commented Mar 5, 2018

Is there any documentation anywhere explaining why a proxy has been introduced?

I would expect to be able to add proxy details if I was using Docker for Mac in a corporate environment where direct access to the internet was restricted. I would not expect to have a proxy where there is no need for one.

As well as breaking for me this change failed the principle of least astonishment and I am trying to understand why this feature was added. As far as I am concerned I have no need for a proxy when using Docker for Mac and do not want one.

Maybe I don't fully understand how networking has been implemented. Was there previously a proxy I was blissfully unaware of that is in fact required in order for Docker for Mac to work?

@kkzz8888

This comment has been minimized.

Copy link

commented Apr 8, 2018

I am running the latest stable docker for Mac: 18.03.0-ce-mac60. Also having issues with proxy when using openshift. The Preferences Proxies UI won't override with manual proxy (and no proxy):

oc cluster up
Using Docker shared volumes for OpenShift volumes
Using 127.0.0.1 as the server IP
Starting OpenShift using openshift/origin:v3.9.0 ...
OpenShift server started.

The server is accessible via web console at:
https://127.0.0.1:8443

You are logged in as:
User: developer
Password:

To login as administrator:
oc login -u system:admin

WARNING: An HTTP proxy (docker.for.mac.http.internal:3128) is configured for the Docker daemon, but you did not specify one for cluster up
WARNING: An HTTPS proxy (docker.for.mac.http.internal:3129) is configured for the Docker daemon, but you did not specify one for cluster up
WARNING: A proxy is configured for Docker, however 172.30.1.1 is not included in its NO_PROXY list.
172.30.1.1 needs to be included in the Docker daemon's NO_PROXY environment variable so pushes to the local OpenShift registry can succeed.

@ricfeatherstone

This comment has been minimized.

Copy link
Author

commented Apr 8, 2018

I don't understand the reason for introducing the proxy, was this here previously but unnoticed?
The issue is there is no way to turn this off and therefore I am stuck on Version 17.09.1-ce-mac42 (21090), Channel: stable, 3176a6af01 and unable to take an upgrade as it breaks what I am working on.
The only alternative I can see is to drop Docker for Mac and run Docker natively in a VM, not my favourite option

@evopen

This comment has been minimized.

Copy link

commented Jun 23, 2018

It's almost July now. Any news? It's mac65 already.

I'm using proxy in Docker for Mac preferences -> proxy. That proxy setting should only be used when pulling images, like the description said. But it also affects proxy inside the container, a transparent proxy.

If I turn that proxy setting off, container will back to normal which use direct connect. Although proxy info still persist in docker info | grep -i proxy. At least this is a workaround. I have to stop using proxy to pull images to gain functionality of container.

@rkgade

This comment has been minimized.

Copy link

commented Jul 12, 2018

I am running Server Version: 18.03.1-ce
and I see
HTTP Proxy: docker.for.mac.http.internal:3128
HTTPS Proxy: docker.for.mac.http.internal:3129
thought I haven't configured any proxy.

Here are the details from my workstation.

Raj-MacBook-Pro:group.com.docker raj$ pwd
/Users/raj/Library/Group Containers/group.com.docker

Raj-MacBook-Pro:group.com.docker raj$ cat already-enabled-features.json
{
"releaseNotesV1" : true,
"passthroughHTTPProxy" : true,
"discoverEEV1" : true
}
Raj-MacBook-Pro:group.com.docker raj$ cat http_proxy.json
{}
Raj-MacBook-Pro:group.com.docker raj$ cat settings.json
{
"hyperkitIpRange" : "192.168.65.0",
"proxyHttpMode" : "manual",
"diskPath" : "/Users/raj/Library/Containers/com.docker.docker/Data/vms/0/Docker.qcow2",
"diskSizeMiB" : 61035,
"cpus" : 4,
"memoryMiB" : 2048,
"displayedWelcomeWhale" : true,
"buildNumber" : "24312",
"channelID" : "stable",
"settingsVersion" : 1,
"version" : "18.03.1-ce-mac65",
"displayedWelcomeMessage" : true,
"linuxDaemonConfigCreationDate" : "2018-07-09 11:40:03 +0000",
"dockerAppLaunchPath" : "/Applications/Docker.app"
}

Any idea as to why is this happening ?

Also, where is it picking these values from?

@docker-desktop-robot

This comment has been minimized.

Copy link
Collaborator

commented Oct 10, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

@leetrout

This comment has been minimized.

Copy link

commented Oct 10, 2018

/remove-lifecycle stale

@junior

This comment has been minimized.

Copy link

commented Oct 30, 2018

/lifecycle frozen

@junior

This comment has been minimized.

Copy link

commented Oct 30, 2018

Similar to #2715

@junior

This comment has been minimized.

Copy link

commented Oct 30, 2018

Issue still happening with 2.0.0.0-beta1-mac75.

Containers not getting the proxy envs and ignoring the "exclude"/"no_proxy"

docker run -it alpine env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=b9ffa7865a33
TERM=xterm
HOME=/root
cat ~/Library/Group\ Containers/group.com.docker/http_proxy.json
{
  "http": "http://www-proxy.us.company.com:80",
  "https": "http://www-proxy.us.company.com:80",
  "exclude": "localhost,127.0.0.1,.us.company.com,.corpcompany.com",
  "transparent_http_ports": [
    80
  ],
  "transparent_https_ports": [
    443
  ]
}
cat ~/Library/Group\ Containers/group.com.docker/settings.json
{
  "proxyHttpMode" : "manual",
  "diskPath" : "/Users/somebody/Library/Containers/com.docker.docker/Data/vms/0/Docker.raw",
  "latestBannerKey" : "DockerCon 2018",
  "diskSizeMiB" : 244140,
  "overrideProxyExclude" : "localhost,127.0.0.1,.us.company.com,.corpcompany.com",
  "defaultMachineMigrationStatus" : 0,
  "memoryMiB" : 65536,
  "overrideProxyHttp" : "http://www-proxy.us.company.com:80",
  "displayedWelcomeWhale" : true,
  "buildNumber" : "27117",
  "cpus" : 10,
  "filesharingDirectories" : [
    "/Users",
    "/Volumes",
    "/private",
    "/tmp"
  ],
  "channelID" : "edge",
  "settingsVersion" : 1,
  "version" : "2.0.0.0-beta1-mac75",
  "displayedWelcomeMessage" : true,
  "overrideProxyHttps" : "http://www-proxy.us.company.com:80",
  "linuxDaemonConfigCreationDate" : "2018-04-27 15:44:30 +0000",
  "dockerAppLaunchPath" : "/Applications/Docker.app"
}
@wind2412

This comment has been minimized.

Copy link

commented Dec 26, 2018

Also this problem, is there any method to work around with it?

@mapleeit

This comment has been minimized.

Copy link

commented Mar 14, 2019

What's the process on this one?

Also encountered this problem on:

  • Version 2.0.0.3 (31259)
  • Channel: stable 8858db33c8

Preferences > Proxies > Manual Proxy Configuration as:

but docker info | grep Proxy says:

HTTP Proxy: gateway.docker.internal:3128
HTTPS Proxy: gateway.docker.internal:3129

So i can't pull image now.

@smekkley

This comment has been minimized.

Copy link

commented May 5, 2019

This issue is being fixed with #2681 and moby/vpnkit#408
Bypassing proxy doesn't work when you try to access tls resources by name in the container.

Workaround is to just add ip addresses or subnets that you want to bypass in the list instead of domains.

@mapleeit docker pull command should work regardless.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.