-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Propagate http_proxy env var to builds #4962
Comments
mentioning interesting parties from the tail of the previous issue @dangra @codeaholics |
I think Docker should setup a userland proxy when http_proxy is set so the containers do not need to worry about it. |
You still have to pass http_proxy to the build containers to get them to use the proxy, no? In which case having a user land proxy on the host is no different from having a proxy somewhere on the network and doesn't alter this issue except by adding complexity. :-) |
I see everyone is interested in getting http proxy into the build, I was more keen to see a generic solution for environment variables available at build time and not burned into final images. In my case I would like to set PIP_INDEX_URL pointing to an internal pypi cache that speeds up python builds, although it is an optional envvar that works for builds without it. |
To quote myself from that previous thread:
|
@tianon I see your point. I've been wondering for a while why Docker doesn't expose an easy hostname to refer to the host, and avoid the problems you point out with 127.0.0.1 type values going in. With something like that, this feature could look like:
and then
and have there be no http_proxy baked in to the image. Now its portable again. |
@crosbymichael Does the new ability to use host networking solve this issue wrt proxies? I haven't looked too closely yet to see if that can be used with the builder. |
I've also been suffering from the issue of not being able to run I've come up with an alternative solution, called docker-proxify for building container images from behind a corporate proxy. It consists of a transparent proxy server installed into a docker container which is also capable of running docker-within-docker. The result is that you can configure the proxies during normal run-time configuration of the outer container, and then as a result of the transparent proxying, no longer have to worry about proxy settings in the inner containers (including those invoked during It's in early days, but is working right now for http and https on standard ports. Try it yourself - I'd appreciate feedback and bug reports. The easiest way to run it is with the trusted build I've added to the index: $ docker run -i -t --privileged -e http_proxy -e https_proxy jrandall/docker-proxify
root@cfe1d7f50ae7:/docker# docker build -q github.com/dockerfile/ubuntu
...
Successfully built afcd247466a7
root@4ad182e3a976:/docker# docker run -i -t afcd247466a7
[ root@5556a3ca0a17:~ ]$ |
@jrandall : this looks a very interesting, though I still prefer to solve it in docker itself. |
+1 @jrandall Your solution is brilliant and has solved me a massive headache we're having. I'm running it with I do agree with @larrycai that this should be solved by Docker in the future, but in the mean time docker-proxify is a good intermediary solution. |
Hello: I am a newbie to the docker community. I faced a similar issue as described in this thread while trying to setup the docker build environment. My machine sits behind a http-proxy. And I had to modify the DockerFile in the source for From the thread I understand the portability concerns associated with the docker containers built using host specific environment variables, in case we add similar support as In order to address the above concern I propose that we introduce a notion of build-time environment variables. A build-time environment variable shall get used only while processing the 'RUN' primitive of a DockerFile. Such a variable shall only be accessible during 'RUN' and shall not be persisted with the intermediate and/or final docker images themselves, thereby addressing the portability concerns of the images. I have a patch that I tried out in my environment and appears to be working with some basic testing. I wanted to share it here to see if this can be a useful addition and get your feedback. I would be happy to contribute if there is enough interest. I will create a pull request shortly, my changes are in my forked repo for your reference: https://github.com/mapuri/docker |
Folks, just FYI I have created a PR #9176 to introduce the build-time environment variables. Kindly let me know your feedback. |
@crosbymichael you ok if we close this and keep the conversation going in #9176 ? |
We are doing ... ENV http_proxy http://9.9.9.9:9999 and at end of dockerfile ... ENV http_proxy "" This, for now (until docker introduces build env vars), allows the proxy vars to be used for build without publicly exposing them |
This issue recently came up in GNU guix, which also uses a form of containerisation during the build process. The solution there was to create a core configuration option called |
@danday74 that works for sharing the image but not the |
Duplicated by #14634? |
There's now a new issue created covering this so I'll close this issue. For those participating / following this, please continue the discussion in #14634 |
I'm just opening this issue from the discussion in #1852. The original issue was fixed but this is a secondary discussion about the need for this env var to be available from the host in builds so that the containers can access the internet.
From the build POV we don't want to commit this because it really makes things non-portable but maybe we can find a good solution for everyone.
The text was updated successfully, but these errors were encountered: