How to build Docker Images with Dockerfile behind HTTP_PROXY by Jenkins?
Solution 1
Note: Docker 1.9 might help solve this:
- "Issue 14634": Builder - Build-time argument passing (e.g.,
HTTP_PROXY
) - "PR 15182": Support for passing build-time variables in build context
Usage (proposed):
docker build --build-arg http_proxy=http://my.proxy.url --build-arg foo=bar <<MARK
FROM busybox
RUN <command that need http_proxy>
ARG --description="foo's description" foo
USER $foo
MARK
Solution 2
Docker has multiple ways to set proxies that take effect at different times.
If your docker build
has to retrieve a base image through a proxy, you'll want to specify build-arg
s:
docker build --build-arg HTTP_PROXY=$http_proxy \
--build-arg HTTPS_PROXY=$http_proxy --build-arg NO_PROXY="$no_proxy" \
--build-arg http_proxy=$http_proxy --build-arg https_proxy=$http_proxy \
--build-arg no_proxy="$no_proxy" -t myContainer /path/to/Dockerfile/directory
where $http_proxy
and $no_proxy
were set in my bashrc. I used both HTTP_PROXY
and http_proxy
because different utilities will check different variables (curl
checks both, wget
only checks the lowercase ones, etc).
If your docker build
has a RUN curl/wget/etc
command that has to go through the proxy, you'll need to specify an environment variable inside your docker image:
ENV https_proxy=http://proxy-us02.company.com:8080
ENV http_proxy=http://proxy-us02.company.com:8080
ENV HTTP_PROXY=http://proxy-us02.company.com:8080
ENV HTTPS_PROXY=http://proxy-us02.company.com:8080
ENV no_proxy="localhost,localdomain,127.0.0.1,etc"
ENV NO_PROXY="localhost,localdomain,127.0.0.1,etc"
If you don't want this environment variable inside your image at runtime, you can remove all these at the end:
RUN unset http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY
Solution 3
Docker Daemon HTTP Proxy
A lot of documentation is available about setting up the HTTP_PROXY environment variable for Docker's daemon. The environment variable is only available when running containers, so it won't help us here.
Solution in Dockerfile
Although setting up the environment variable HTTP_ENV or http_env in the Dockerfile might help, it does not help our cause either.
ENV http_proxy http://proxy.mycompany.com:80
The reason why is that each specific service only honors HTTP Proxy setting in a different way. The way I could solve is below.
- NPM: NPM requires setting up the HTTP_PROXY variable using a CLI command.
- GIT: GIT requires setting up the HTTP_PROXY variable using a CLI command as well.
- MAVEN: MVN command requires setting up the HTTP_PROXY as an XML file under the user's directory at ~/.m2/settings.xml. For Docker, you can add it to the root's "/root/.m2/settings.xml" directory (unsafe, development-only), or to the Dockerfile's user's home directory.
For instance, running an application using Dockerfile, I can build an image using the following Dockerfile:
FROM node:0.10.33
# Prepare
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
# Use the cache for dependencies
COPY package.json /usr/src/app/
# If building behind an http_proxy, set them for git and npm
RUN git config --global http.proxy http://qypprdproxy02.ie.company.net:80 && \
npm config set proxy http://qypprdproxy02.ie.company.net:80 && \
npm config set https-proxy http://qypprdproxy02.ie.company.net:80
# Install dependencies
RUN npm install
# Copy all the source
COPY . /usr/src/app
# Execute the dev steps
COPY ./numbat-config.example.js /usr/src/app/numbat-config.js
COPY ./.env.example /usr/src/app/.evn
RUN touch /usr/src/app/config.admin.js
Note that I have configured both GIT and NPM using their CLI command to explicitly take the proxy settings before running the NPM install command. That way, both NPM and GIT dependencies will be automatically retrieved and cloned, respectively.
The result of building an image with this Dockerfile works as expected:
[root@pppdc9prd6dq newww]# fig build
...
...
Building npmregistryserver...
---> Using cache
---> 965cad0c68b0
Step 2 : WORKDIR /usr/src/app
---> Using cache
---> 4c498f0c07e9
Step 3 : COPY package.json /usr/src/app/
---> ae8ff7861246
Removing intermediate container ba1d7b8c9963
Step 4 : RUN npm config set proxy http://qypprdproxy02.ie.company.net:80 && npm config set https-proxy http://qypprdproxy02.ie.company.net:80 && npm install
---> Running in aa6e05d9c7a4
npm WARN package.json [email protected] No README data
npm WARN package.json Dependency 'async-cache' exists in both dependencies and devDependencies, using 'async-cache@^0.1.5' from dependencies
npm WARN deprecated [email protected]: Please update to the latest version.
> [email protected] install /usr/src/app/node_modules/gulp/node_modules/v8flags
> node fetch.js
> [email protected] install /usr/src/app/node_modules/hiredis
> node-gyp rebuild
make: Entering directory '/usr/src/app/node_modules/hiredis/build'
CC(target) Release/obj.target/hiredis/deps/hiredis/hiredis.o
CC(target) Release/obj.target/hiredis/deps/hiredis/net.o
CC(target) Release/obj.target/hiredis/deps/hiredis/sds.o
CC(target) Release/obj.target/hiredis/deps/hiredis/async.o
AR(target) Release/obj.target/deps/hiredis.a
COPY Release/hiredis.a
CXX(target) Release/obj.target/hiredis/src/hiredis.o
CXX(target) Release/obj.target/hiredis/src/reader.o
SOLINK_MODULE(target) Release/obj.target/hiredis.node
SOLINK_MODULE(target) Release/obj.target/hiredis.node: Finished
COPY Release/hiredis.node
make: Leaving directory '/usr/src/app/node_modules/hiredis/build'
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
> [email protected] postinstall /usr/src/app/node_modules/imagemin-pngcrush/node_modules/pngcrush-bin
> node lib/install.js
fetch : https://raw.githubusercontent.com/imagemin/pngcrush-bin/v1.0.0/vendor/linux/pngcrush
✔ pre-build test passed successfully!
> [email protected] install /usr/src/app/node_modules/npm-typeahead/node_modules/restify/node_modules/dtrace-provider
> scripts/install.js
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN cannot run in wd [email protected] gulp build (wd=/usr/src/app)
[email protected] node_modules/newww-metrics
[email protected] node_modules/murmurhash
[email protected] node_modules/npm-humans
[email protected] node_modules/leven
[email protected] node_modules/chunk
[email protected] node_modules/npm-expansions
[email protected] node_modules/similarity
[email protected] node_modules/truncate
This properly worked as expected and you can have a CI/CD environment behind an http proxy to rebuild images based on this Dockerfile.
Solution 4
Starting with Docker 17.07 you can alternatively use the Docker Client configuration file for providing the proxy configuration centrally:
https://docs.docker.com/network/proxy/#configure-the-docker-client
Solution 5
We are doing ...
ENV http_proxy http://9.9.9.9:9999
ENV https_proxy http://9.9.9.9:9999
and at end of dockerfile ...
ENV http_proxy ""
ENV https_proxy ""
This, for now (until docker introduces build env vars), allows the proxy vars to be used for build without publicly exposing them
Marcello de Sales
Passionate Software Engineer working with different technologies. Professional info at https://linkedin.com/in/marcellodesales
Updated on November 27, 2020Comments
-
Marcello de Sales over 3 years
Building Docker images works in a desktop without a problem. Installing Node.js NPM dependencies work as usual. However, when using a continuous integration server such as Jenkins that is hosted behind a corporate proxy, the build Docker Images fail.
Node.js NPM Dependencies
While building Node.js pacakges, the command npm install fails when it cannot connect to GIT while cloning GIT dependencies.
e1ce5e8407d1: Already exists Status: Image is up to date for node:0.10.33 ---> e1ce5e8407d1 Step 1 : RUN mkdir -p /usr/src/app ---> Using cache ---> 965cad0c68b0 Step 2 : WORKDIR /usr/src/app ---> Using cache ---> 4c498f0c07e9 Step 3 : COPY package.json /usr/src/app/ ---> b0662a8275fb Removing intermediate container 5aca20551452 Step 4 : RUN npm install ---> Running in 7ccf9e5362af npm WARN package.json [email protected] No README data npm WARN package.json Dependency 'async-cache' exists in both dependencies and devDependencies, using 'async-cache@^0.1.5' from dependencies npm ERR! git clone https://github.com/npm/npm2es.git Cloning into bare repository '/root/.npm/_git-remotes/https-github-com-npm-npm2es-git-60a75edb'... npm ERR! git clone https://github.com/npm/npm2es.git fatal: unable to access 'https://github.com/npm/npm2es.git/': Failed to connect to github.com port 443: Connection timed out
Java Maven, Ruby, Go Docker Images with Dependencies
The same occurs when building Java, Ruby or Go containers, where dependencies are located in repository servers across your corporate Proxy server.
Knowing that you can configure Docker with HTTP_PROXY environment variable, how to properly configure Docker to properly build images in CI environments?
-
K.. about 9 yearsThis worked, but it prevents the Dockerfile from building on other devices, I fear.
-
Marcello de Sales about 9 yearsThat's exactly what the question/answer is about: if you have an CI/CD environment where Docker images are built by separate boxes!!! Your app can still run normally by replacing or completely unsetting the proxy settings at runtime by mounting a new .npmrc that removes the setting while you do "docker run". ;)
-
Marcello de Sales over 8 yearsThanks for providing it... I've been following the development of that and I can't wait...
-
taco over 8 yearsIt's out. We're at Docker 1.9.1 now.
-
Marcello de Sales over 8 yearsI've tested and it is awesome!
-
VonC over 8 years@MarcellodeSales Indeed. I have been using it for a few weeks now, and it does simplifies the proxy management.
-
Marcello de Sales over 8 yearsYeah, there's an open issue to support it on docker-compose! That makes it a full support! :)
-
VonC over 8 years@MarcellodeSales Right: github.com/docker/compose/issues/2111 I suppose. I will be monitoring it.
-
Nimblejoe over 5 yearsWhen docker build is running from inside Visual Studio, this seems to be the only way I can get it to recognize the proxy settings. I tried with a NuGet.Config file and setting http_proxy and https_proxy environment variables, but none of these worked. I had to add if after the build statement. In my case it followed "FROM microsoft/dotnet:2.1-sdk AS build". Thanks!
-
Dan almost 3 yearsI tried with
--build-arg
andENV
variable but doesn't seems to work. Only this way seems to be working withUbuntu 18.04
image for me. Thanks for sharing. I created a file~/.docker/config.json
with proxy urls as suggested in the post. -
Sibi John over 2 yearswhy do we need the args both in caps and small?
-
jeremysprofile over 2 yearsSee this question Basically, some applications use uppercase, some use lowercase.
-
Donatello over 2 yearsAll other answers using environment variables or build args are deprecated. This method (configuring docker client) is the right way to solve proxy issues today !