Docker Desktop proxy not being recognized when doing a build. #1979
Description
Contributing guidelines
- I've read the contributing guidelines and wholeheartedly agree
I've found a bug and checked that ...
- ... the documentation does not mention anything about my problem
- ... there are no open or closed issues that are related to my problem
Description
Running the Docker build command will work fine when OFF the VPN and I disable the Proxy settings in Docker Desktop.
Expected behaviour
When we do the command:
$ docker build -t foo:latest -f Dockerfile_bad .
While on VPN and the Proxy information set in Docker Desktop, we expect the images in the FROM command to come down, just like they would when NOT on VPN.
Actual behaviour
When the command
$ docker build -t foo:latest -f Dockerfile_bad .
is run while on VPN and the proxy settings made in Docker Desktop, the build fails. This only happens when we have a FROM command that uses an image from docker.com. If we use an image from another repository, like IBM's registry (registry.access.redhat.com/ubi8/ubi:latest), the build will work because it does not go to docker.io to authenticate the user.
Once the image comes down, the "docker build" command will work fine because the image is in the build cache. If we use "docker compose build", the command works fine. It only fails during a "docker build" of a Dockerfile that uses an image from docker.com, while on VPN, the terminal window does not have the HTTP_PROXY or HTTPS_PROXY variables set and the image is not in the build cache.
Buildx version
github.com/docker/buildx v0.11.0 687feca
Docker info
Client:
Version: 24.0.2
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.0
Path: /Users/s3643902/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.19.1
Path: /Users/s3643902/.docker/cli-plugins/docker-compose
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /Users/s3643902/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.20
Path: /Users/s3643902/.docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.6
Path: /Users/s3643902/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/s3643902/.docker/cli-plugins/docker-sbom
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: /Users/s3643902/.docker/cli-plugins/docker-scan
scout: Command line tool for Docker Scout (Docker Inc.)
Version: 0.16.1
Path: /Users/s3643902/.docker/cli-plugins/docker-scout
Server:
Containers: 22
Running: 22
Paused: 0
Stopped: 0
Images: 19
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 7.674GiB
Name: docker-desktop
ID: 23038e57-c72b-4a3e-b5ae-c64c42bd35ac
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
Builders list
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
default docker
default default running v0.11.7-0.20230525183624-798ad6b0ce9f linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
desktop-linux * docker
desktop-linux desktop-linux running v0.11.7-0.20230525183624-798ad6b0ce9f linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
Configuration
dockerfile FROM alpine
console docker builder prune WARNING! This will remove all dangling build cache. Are you sure you want to continue? [y/N] y docker build -t foo:latest -f Dockerfile_bad .
Build logs
$ docker build -t foo:latest -f Dockerfile_bad .
[+] Building 30.4s (4/4) FINISHED docker:desktop-linux
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile_bad 0.0s
=> => transferring dockerfile: 90B 0.0s
=> ERROR [internal] load metadata for docker.io/library/alpine:latest 30.4s
=> [auth] library/alpine:pull token for registry-1.docker.io 0.0s
------
> [internal] load metadata for docker.io/library/alpine:latest:
------
Dockerfile_bad:1
--------------------
1 | >>> FROM alpine
2 |
--------------------
ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: DeadlineExceeded: alpine: failed to authorize: DeadlineExceeded: failed to fetch oauth token: Post "https://auth.docker.io/token": dial tcp 44.205.64.79:443: i/o timeout
Additional info
Originally submitted as a ticket to Docker Desktop crew (Case #00069851).
Solution is to set the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables in the terminal before running the build. The proxy settings set in Docker Desktop are not used when connecting to docker.io but ARE used when connecting to other repositories like IBM's repository for UBI.