Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CentOS 7 socks proxy #23931

Closed
marcelomgarcia opened this Issue Jun 24, 2016 · 15 comments

Comments

Projects
None yet
7 participants
@marcelomgarcia
Copy link

marcelomgarcia commented Jun 24, 2016

Output of docker version:

[crayadm@esdm002 docker.service.d]$ docker version 
Client:                                            
 Version:      1.11.2                              
 API version:  1.23                                
 Go version:   go1.5.4                             
 Git commit:   b9f10c9                             
 Built:        Wed Jun  1 21:23:11 2016            
 OS/Arch:      linux/amd64                         

Server:                                            
 Version:      1.11.2                              
 API version:  1.23                                
 Go version:   go1.5.4                             
 Git commit:   b9f10c9                             
 Built:        Wed Jun  1 21:23:11 2016            
 OS/Arch:      linux/amd64                         

Output of docker info:

[crayadm@esdm002 docker.service.d]$ docker info                                                                             
Containers: 0                                                                                                               
 Running: 0                                                                                                                 
 Paused: 0                                                                                                                  
 Stopped: 0                                                                                                                 
Images: 0                                                                                                                   
Server Version: 1.11.2                                                                                                      
Storage Driver: devicemapper                                                                                                
 Pool Name: docker-253:2-1050610-pool                                                                                       
 Pool Blocksize: 65.54 kB                                                                                                   
 Base Device Size: 10.74 GB                                                                                                 
 Backing Filesystem: xfs                                                                                                    
 Data file: /dev/loop0                                                                                                      
 Metadata file: /dev/loop1                                                                                                  
 Data Space Used: 11.8 MB                                                                                                   
 Data Space Total: 107.4 GB                                                                                                 
 Data Space Available: 48.29 GB                                                                                             
 Metadata Space Used: 581.6 kB                                                                                              
 Metadata Space Total: 2.147 GB                                                                                             
 Metadata Space Available: 2.147 GB                                                                                         
 Udev Sync Supported: true                                                                                                  
 Deferred Removal Enabled: false                                                                                            
 Deferred Deletion Enabled: false                                                                                           
 Deferred Deleted Device Count: 0                                                                                           
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data                                                             
 WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or
use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.                                               
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata                                                     
 Library Version: 1.02.107-RHEL7 (2016-06-09)                                                                               
Logging Driver: json-file                                                                                                   
Cgroup Driver: cgroupfs                                                                                                     
Plugins:                                                                                                                    
 Volume: local                                                                                                              
 Network: bridge null host                                                                                                  
Kernel Version: 3.10.0-327.22.2.el7.x86_64                                                                                  
Operating System: CentOS Linux 7 (Core)                                                                                     
OSType: linux                                                                                                               
Architecture: x86_64                                                                                                        
CPUs: 8                                                                                                                     
Total Memory: 23.37 GiB                                                                                                     
Name: esdm002.hww.de                                                                                                        
ID: NVCQ:XZ6C:BFL2:X2A3:VLLS:PNXA:BOKR:77N6:T626:R2VT:CZDF:HQKU                                                             
Docker Root Dir: /var/lib/docker                                                                                            
Debug mode (client): false                                                                                                  
Debug mode (server): false                                                                                                  
Http Proxy: socks5://localhost:1080                                                                                         
Registry: https://index.docker.io/v1/                                                                                       

Additional environment details (AWS, VirtualBox, physical, etc.):
Hardware is a Dell PowerEdge R710.

[crayadm@esdm002 docker.service.d]$ uname -r                  
3.10.0-327.22.2.el7.x86_64                                    
[crayadm@esdm002 docker.service.d]$ cat /etc/redhat-release   
CentOS Linux release 7.2.1511 (Core)                          

Steps to reproduce the issue:

  1. Created the directory for Docker configuration

    sudo mkdir /etc/systemd/system/docker.service.d
    
  2. Create the file

    sudo touch /etc/systemd/system/docker.service.d/http-proxy.conf
    cat /etc/systemd/system/docker.service.d/http-proxy.conf
    [Service]                                                                                   
    Environment="HTTP_PROXY=socks5://localhost:1080"                                            
    
  3. Flush changes

    sudo systemctl daemon-reload
    
  4. Verify change:

    systemctl show --property=Environment docker
    Environment=HTTP_PROXY=socks5://localhost:1080                                  
    
  5. Restart service

    sudo systemctl restart docker
    

Describe the results you received:

Try to search for an image (CentOS)

[crayadm@esdm002 docker.service.d]$ docker search centos                                                      
Error response from daemon: Get https://index.docker.io/v1/search?q=centos: http: error connecting to proxy http://socks5://localhost:1080: dial tcp: lookup socks5: no such host                                           

There is an spurious "http" in front of "socks" protocol. Like it was parsing for "http" and it doesn't find so it assumes that no protocol was specified. I read about this is solved for Ubuntu, but it seems that it's still open for CentOS.

I can use "yum" so I think the proxy is working.

[crayadm@esdm002 docker.service.d]$ cat /etc/yum.conf
(...)
proxy=socks5h://localhost:1080
@sunix

This comment has been minimized.

Copy link

sunix commented Jul 6, 2016

+1 got the same issue on debian jessie and docker 1.11.2

Docker version 1.11.2, build b9f10c9
@cpuguy83

This comment has been minimized.

Copy link
Contributor

cpuguy83 commented Jul 6, 2016

What exactly are you trying to do? HTTP_PROXY is for http proxies, not socks.
You want the docker daemon to reach the internet through a socks proxy?

@sunix

This comment has been minimized.

Copy link

sunix commented Jul 7, 2016

I'm following this issue: #5989 that refers to this one: #20366

@marcelomgarcia

This comment has been minimized.

Copy link
Author

marcelomgarcia commented Jul 7, 2016

I would like to use something like this:

$ HTTP_PROXY=socks5://localhost:5000 docker info
(see #5989)

A see post mentioning that using socks as http proxy is implemented
(closed), but only for Ubuntu. I'm using CentOS and I saw another user
trying to use with Debian.

On 6 July 2016 at 21:32, Brian Goff notifications@github.com wrote:

What exactly are you trying to do? HTTP_PROXY is for http proxies, not socks.
You want the docker daemon to reach the internet through a socks proxy?


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@cpuguy83

This comment has been minimized.

Copy link
Contributor

cpuguy83 commented Jul 7, 2016

@marcelomgarcia I believe the proper way to do this is docker -H socks5://localhost:5000 docker info
Can you test, please?

@marcelomgarcia

This comment has been minimized.

Copy link
Author

marcelomgarcia commented Jul 7, 2016

No. It didn't help.

[crayadm@esdm002 ~]$ docker -H socks5://localhost:1080 docker info
invalid value "socks5://localhost:1080" for flag -H: Invalid bind address format: socks5://localhost:1080
See 'docker --help'.
[crayadm@esdm002 ~]$
[crayadm@esdm002 ~]$ systemctl show --property=Environment docker
Environment=HTTP_PROXY=socks5h://localhost:1080
[crayadm@esdm002 ~]$

@cpuguy83

This comment has been minimized.

Copy link
Contributor

cpuguy83 commented Jul 8, 2016

@nathanleclaire

This comment has been minimized.

Copy link
Contributor

nathanleclaire commented Jul 8, 2016

@marcelomgarcia @sunix Try 1.12 to see if it works please? IIRC socks5:// support is pretty recent. Try also socks5h://.

@marcelomgarcia

This comment has been minimized.

Copy link
Author

marcelomgarcia commented Jul 15, 2016

I got a HTTP proxy from the university. From my part this ticket can be closed. I'm also working openstack and pip (python) doesn't support socks. So a proper HTTP proxy is important. Thanks for your help.

@nathanleclaire

This comment has been minimized.

Copy link
Contributor

nathanleclaire commented Jul 15, 2016

All, please try 1.12.0-rc4 to see if this works.

I have this working locally just fine with ALL_PROXY and 1.12.0-rc4. Take a look at the instructions here, that Docker Machine example should work fine.

docker -H socks5h://localhost:port ps is not the correct format. ALL_PROXY=socks5://localhost:port docker ps is (note the lack of h in the protocol -- the Golang upstream lib we are using does not support socks5h, just socks5).

You do not want to attempt to contact the Docker daemon at the SOCKS proxy's address, you want to route the Docker client request through the SOCKS proxy. You must use the idiomatic UNIX environment variables to do this, e.g. ALL_PROXY.

Note that in order for this to work there must be a connectable port listening on the other end, e.g. :2375 (the default of listening on the UNIX domain socket is not sufficient!) or, in Machine's case, :2376 which is running with TLS (requiring you to also set the DOCKER_* TLS related environment variables). As @phemmer notes in that issue exposing :2375 directly is a big security issue. DON'T DO IT UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING PLEASE.

Thanks all, I think this issue can be closed @cpuguy83 .

EDIT: I had a typo, very importantly, socks5h:// proto will NOT work, only socks5://. The critical difference between the two being host name resolution IIRC.

@thaJeztah

This comment has been minimized.

Copy link
Member

thaJeztah commented Jul 15, 2016

Closing this issue

@nathanleclaire think we should have more details / docs for using this?

@thaJeztah thaJeztah closed this Jul 15, 2016

@nathanleclaire

This comment has been minimized.

Copy link
Contributor

nathanleclaire commented Jul 15, 2016

A doc would definitely be good ... It is a bit confusing

@thaJeztah

This comment has been minimized.

Copy link
Member

thaJeztah commented Jul 15, 2016

@nathanleclaire oh, can you open an issue for that?

@nathanleclaire

This comment has been minimized.

Copy link
Contributor

nathanleclaire commented Jul 16, 2016

Sure

@mhkarimi

This comment has been minimized.

Copy link

mhkarimi commented May 25, 2018

@marcelomgarcia I tried it on ubuntu 16.04 and it worked perfectly. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.