docker
Docker Desktop proxy not being recognized when doing a build.
Contributing guidelines
- [X] I've read the contributing guidelines and wholeheartedly agree
I've found a bug and checked that ...
- [X] ... the documentation does not mention anything about my problem
- [X] ... there are no open or closed issues that are related to my problem
Description
Running the Docker build command will work fine when OFF the VPN and I disable the Proxy settings in Docker Desktop.
Expected behaviour
When we do the command:
$ docker build -t foo:latest -f Dockerfile_bad .
While on VPN and the Proxy information set in Docker Desktop, we expect the images in the FROM command to come down, just like they would when NOT on VPN.
Actual behaviour
When the command
$ docker build -t foo:latest -f Dockerfile_bad .
is run while on VPN and the proxy settings made in Docker Desktop, the build fails. This only happens when we have a FROM command that uses an image from docker.com. If we use an image from another repository, like IBM's registry (registry.access.redhat.com/ubi8/ubi:latest), the build will work because it does not go to docker.io to authenticate the user.
Once the image comes down, the "docker build" command will work fine because the image is in the build cache. If we use "docker compose build", the command works fine. It only fails during a "docker build" of a Dockerfile that uses an image from docker.com, while on VPN, the terminal window does not have the HTTP_PROXY or HTTPS_PROXY variables set and the image is not in the build cache.
Buildx version
github.com/docker/buildx v0.11.0 687feca9e8dcd1534ac4c026bc4db5a49de0dd6e
Docker info
Client:
Version: 24.0.2
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.0
Path: /Users/s3643902/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.19.1
Path: /Users/s3643902/.docker/cli-plugins/docker-compose
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /Users/s3643902/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.20
Path: /Users/s3643902/.docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.6
Path: /Users/s3643902/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/s3643902/.docker/cli-plugins/docker-sbom
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: /Users/s3643902/.docker/cli-plugins/docker-scan
scout: Command line tool for Docker Scout (Docker Inc.)
Version: 0.16.1
Path: /Users/s3643902/.docker/cli-plugins/docker-scout
Server:
Containers: 22
Running: 22
Paused: 0
Stopped: 0
Images: 19
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 7.674GiB
Name: docker-desktop
ID: 23038e57-c72b-4a3e-b5ae-c64c42bd35ac
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
Builders list
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
default docker
default default running v0.11.7-0.20230525183624-798ad6b0ce9f linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
desktop-linux * docker
desktop-linux desktop-linux running v0.11.7-0.20230525183624-798ad6b0ce9f linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
Configuration
dockerfile FROM alpine
console docker builder prune WARNING! This will remove all dangling build cache. Are you sure you want to continue? [y/N] y docker build -t foo:latest -f Dockerfile_bad .
Build logs
$ docker build -t foo:latest -f Dockerfile_bad .
[+] Building 30.4s (4/4) FINISHED docker:desktop-linux
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile_bad 0.0s
=> => transferring dockerfile: 90B 0.0s
=> ERROR [internal] load metadata for docker.io/library/alpine:latest 30.4s
=> [auth] library/alpine:pull token for registry-1.docker.io 0.0s
------
> [internal] load metadata for docker.io/library/alpine:latest:
------
Dockerfile_bad:1
--------------------
1 | >>> FROM alpine
2 |
--------------------
ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: DeadlineExceeded: alpine: failed to authorize: DeadlineExceeded: failed to fetch oauth token: Post "https://auth.docker.io/token": dial tcp 44.205.64.79:443: i/o timeout
Additional info
Originally submitted as a ticket to Docker Desktop crew (Case #00069851).
Solution is to set the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables in the terminal before running the build. The proxy settings set in Docker Desktop are not used when connecting to docker.io but ARE used when connecting to other repositories like IBM's repository for UBI.
proxy settings made in Docker Desktop
This looks related to https://github.com/docker/buildx/pull/1487.
Hi @crazy-max!
Thanks for looking at this issue. You are right, it does look related to the issue discussed in #1487 . I am not overly familiar with what Docker Desktop does when we set the proxy information in the GUI. Is it supposed to set the proxy information in ~/.docker/buildx/proxy.json or is it supposed to call docker buildx with a prefix of the PROXY environment variables?
I suppose once #1487 is resolved, the Docker Desktop client would then be in a better position to move forward with what to do but I must leave it up to the developers to decide. If everyone feels this issue is another facet of the same problem and want to close, I am OK with that. If it's an extension of #1487 and requires more work to be done when #1487 is completed, and this issue needs to remain open, I am ok with that too.
In either case, I just want to give a shout out to the development teams of buildx and Docker Desktop. You guys are awesome and the work you do is greatly appreciated!
Just leaving an update for those who asked...
As of version 4.34.2 on Mac, I am no longer having a build issue. Not sure if this is because of the version of DD I'm using, or because we have changed our internal proxy servers but things have been good for me for some time.
I run without any environment variables set, no proxy server set in DD and I am able to build both on and off the proxy.
any update?
I modified the buildkitd.toml and set "[registry."docker.io"]",it works well
docker buildx build failed
PS D:\codes\canary-flow-app\frontend> docker buildx build --build-arg HTTP_PROXY=http://192.168.72.1:7897 --build-arg HTTPS_PROXY=http://192.168.72.1:7897 .
[+] Building 22.2s (5/5) FINISHED docker:desktop-linux
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 380B 0.0s
=> ERROR [internal] load metadata for docker.io/library/nginx:alpine 22.6s
=> ERROR [internal] load metadata for docker.io/library/node:24-alpine 22.6s
=> [auth] library/node:pull token for registry-1.docker.io 0.0s
=> [auth] library/nginx:pull token for registry-1.docker.io 0.0s
------
> [internal] load metadata for docker.io/library/nginx:alpine:
------
------
> [internal] load metadata for docker.io/library/node:24-alpine:
------
Dockerfile:10
--------------------
8 | RUN npm run build
9 |
10 | >>> FROM nginx:alpine
11 | COPY --from=build /app/build /usr/share/nginx/html
12 | EXPOSE 80
--------------------
ERROR: failed to build: failed to solve: failed to fetch oauth token: Post "https://auth.docker.io/token": dial tcp 157.240.16.50:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/hituqvb4x1k7h8xben6zlq7ht
docker pull success
PS D:\codes\canary-flow-app\frontend>
PS D:\codes\canary-flow-app\frontend> docker pull docker.io/library/nginx:alpine
alpine: Pulling from library/nginx
fe07684b16b8: Already exists
3b7062d09e02: Pull complete
fb746e72516f: Pull complete
a9ff9baf1741: Pull complete
2c127093dfc7: Pull complete
63dda2adf85b: Pull complete
b55ed7d7b2de: Pull complete
92971aeb101e: Pull complete
Digest: sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Status: Downloaded newer image for nginx:alpine
docker.io/library/nginx:alpine
PS D:\codes\canary-flow-app\frontend>
version
PS D:\codes\canary-flow-app\frontend> docker buildx version
github.com/docker/buildx v0.25.0-desktop.1 2cf9a0c0277eb26cabe7b3f77e2069437c4e33e0
docker buildx build failed
PS D:\codes\canary-flow-app\frontend> docker buildx build --build-arg HTTP_PROXY=http://192.168.72.1:7897 --build-arg HTTPS_PROXY=http://192.168.72.1:7897 . [+] Building 22.2s (5/5) FINISHED docker:desktop-linux => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 380B 0.0s => ERROR [internal] load metadata for docker.io/library/nginx:alpine 22.6s => ERROR [internal] load metadata for docker.io/library/node:24-alpine 22.6s => [auth] library/node:pull token for registry-1.docker.io 0.0s => [auth] library/nginx:pull token for registry-1.docker.io 0.0s ------ > [internal] load metadata for docker.io/library/nginx:alpine: ------ ------ > [internal] load metadata for docker.io/library/node:24-alpine: ------ Dockerfile:10 -------------------- 8 | RUN npm run build 9 | 10 | >>> FROM nginx:alpine 11 | COPY --from=build /app/build /usr/share/nginx/html 12 | EXPOSE 80 -------------------- ERROR: failed to build: failed to solve: failed to fetch oauth token: Post "https://auth.docker.io/token": dial tcp 157.240.16.50:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/hituqvb4x1k7h8xben6zlq7htdocker pull success
PS D:\codes\canary-flow-app\frontend> PS D:\codes\canary-flow-app\frontend> docker pull docker.io/library/nginx:alpine alpine: Pulling from library/nginx fe07684b16b8: Already exists 3b7062d09e02: Pull complete fb746e72516f: Pull complete a9ff9baf1741: Pull complete 2c127093dfc7: Pull complete 63dda2adf85b: Pull complete b55ed7d7b2de: Pull complete 92971aeb101e: Pull complete Digest: sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad Status: Downloaded newer image for nginx:alpine docker.io/library/nginx:alpine PS D:\codes\canary-flow-app\frontend>version
PS D:\codes\canary-flow-app\frontend> docker buildx version github.com/docker/buildx v0.25.0-desktop.1 2cf9a0c0277eb26cabe7b3f77e2069437c4e33e0
Does docker pull use the HTTP proxy or the configured registry-mirrors?