Nuget package restore error in Docker Compose build
Solution 1
SOLVED:
It turns out to be a networking issue. I am behind a corporate firewall at work that leverages TLS packet inspection to break apart SSL traffic. The build process while debugging runs as "me" on my local machine, however, the release build (docker-compose) actually pulls down a aspnetcore-build docker image, copies your code to the docker container, then runs dotnet restore to get fresh nuget packages for your docker image. These actions can be found in the Docker File in your project. This "dotnet restore" inside the container, runs under a different security context, and therefore was getting hung up. We traced the network traffic which was hard for me to get to because of how docker networking works. Fiddler was not catching the traffic. Using wireshark, we were able to catch it from a device level and see the drop. The reason it continued to fail from my home network was due to the configuration with our hypervisor & networking.
RESOLUTIONS:
Add a firewall rule for https://api.nuget.org/v3/index.json (Preferred)
OR
Build the image from VSTS in the cloud
OR
Build from a different network.
PS4 please post back if you are able to resolve this the same way? Having spent 3 days on this, I'm curious about your status.
Solution 2
When I ran into this issue with dotnet restore adding the corporate cert file fixed the issue. (May or may not be the same in your case?). Before RUN dotnet restore I added to the container's certificate store i.e.
ADD your-proxy-certificate-file.crt /usr/local/share/ca-certificates/your-proxy-certificate-file.crt
RUN update-ca-certificates
In theory, if dotnet restore works on your local machine, there's no reason you shouldn't be able to configure your container to work (without firewall rules or changing network!). You essentially need to configure the container to work behind your proxy with the same setup as your local machine.
Solution 3
You can check network adapter indexes. docker uses last in the list. if it's disconnected - you will not be able to restore packages as image is not able to get to the internet to download ones.
check network interface list:
❯ Get-NetIPInterface -AddressFamily IPv4 | Sort-Object -Property InterfaceMetric -Descending
Change index for LAN (ex. move it above Wi-Fi):
❯ Set-NetIPInterface -InterfaceAlias 'Local Area Connection* 1' -InterfaceMetric 100
Solution 4
I had similar problem when corporate SSL interception blocked nuget package restore. The error was slightly different though: "The remote certificate is invalid because of errors in the certificate chain: PartialChain"
The following solution helped me:
-
Export Windows certificate that is used to connect to SSL proxy in PEM format;
-
Add following lines to Dockerfile:
COPY ["exported_windows_cert_path_and_name.cer", "/usr/local/share/ca-certificates/cert_name.cer"]
RUN openssl x509 -inform PEM -in '/usr/local/share/ca-certificates/cert_name.cer' -out '/usr/local/share/ca-certificates/cert_name.crt'
RUN update-ca-certificates
It can also be used DER certificate type instead of PEM.
Comments
-
prisar almost 2 years
I am getting nugget restore error while building using docker-compose behind proxy. I have set proxy in docker for windows. Nuget restore works for command line
dotnet restoreand visual studio debug, but not usingdocker-compose.:\Program Files\dotnet\sdk\2.1.104\NuGet.targets(104,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [C:\src\WebApp.sln] :\Program Files\dotnet\sdk\2.1.104\NuGet.targets(104,5): error : An error occurred while sending the request. [C:\src\WebApp.sln] :\Program Files\dotnet\sdk\2.1.104\NuGet.targets(104,5): error : A connection with the server could not be established [C:\src\WebApp.sln] ERROR: Service 'idenityapi' failed to build: The command 'powershell -Command $ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue'; dotnet restore -nowarn:msb3202,nu1503' r turned a non-zero code: 1 -
Wauna about 6 yearsI am suspicious of our Anti-Virus program catching something. I see in the Windows event logs that it catches something right before .
-
Wauna about 6 yearsSo, what is actually happening here is docker-compose creates a short-lived container while building. If you do do "docker ps" you can see the container spool up and then try to reach out to restore packages from the Docker Container. The error message is actually saying that "from within the Docker Container, I cannot Restore". Still digging into why....
-
Wauna about 6 yearsI tried using an updated BUILD Image.. that didn't seem to work either. -<Snippet from DockerFile> FROM microsoft/aspnetcore-build:2.0.7-2.1.105-nanoserver-sac2016 AS build I was hopeful that would resolve it, but it appears not to. I also attempted the 1.0-2.0 and that didn't work. Next stop it to try and get into the container while it's running and see why the build container cannot nuget restore
-
prisar about 6 yearsi am still not able to do that.
-
AJAY KUMAR about 4 years@uosjeadad ..Can you elaborate what is a Proxy Certificate and where it is found in the system? Please help me in adding the above lines ..
