linuxdockernameservers

Docker on Linux: All actions (hello-world, pull image, etc) yield timeouts


I know this is a common question, but I've spent two hours trying to get past docker run hello-world and am totally stumped.

Everything I try yields a net/http waiting for connection timeout.

Running docker login:

Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: ******
Password: 
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

Running hello-world:

mike@tictac:~$ docker run hello-world
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.

My docker version is a clean install AFAIK:

mike@tictac:~$ docker --version
Docker version 18.09.0, build 4d60db4

I've tried adding 8.8.8.8 to my /etc/resolv.conf to no avail:

mike@tictac:~$ cat /etc/resolv.conf 
# Generated by NetworkManager
search home
nameserver 127.0.0.53
nameserver 8.8.8.8

I think my /etc/hosts file is also fine:

mike@tictac:~$ cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   tictac
8.8.8.8     tictac

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Here's my docker info:

mike@tictac:~$ docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.09.0
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-33-generic
Operating System: Linux Mint 19
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 15.37GiB
Name: tictac
ID: J54P:ILHO:J76M:AF27:MDKJ:BIDS:WODK:MA6N:IICP:TIMJ:BIUN:H56O
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: http://proxy.example.com:80/
HTTPS Proxy: http://1.1.1.1:111
No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

And I've confirmed that docker is indeed running:

mike@tictac:~$ sudo service docker status

    ● docker.service - Docker Application Container Engine
       Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
      Drop-In: /etc/systemd/system/docker.service.d
               └─10_docker_proxy.conf, http-proxy.conf
       Active: active (running) since Fri 2018-11-16 11:06:36 EST; 6min ago
         Docs: https://docs.docker.com
     Main PID: 6190 (dockerd)
        Tasks: 22
       CGroup: /system.slice/docker.service
               └─6190 /usr/bin/dockerd -H unix://

If I could just get through hello-world, I would be so happy.

EDIT: Also relevant, I can curl URL directly just fine:

mike@tictac:~/Projects/conserve-with-us/conserve-with-us-api$ curl https://registry-1.docker.io/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

Solution

  • In cases like this I usually suspect proxy configurations and your docker info also shows some inconsistent HTTP/HTTPS and bypass configurations.

    HTTP Proxy: http://proxy.example.com:80/
    HTTPS Proxy: http://1.1.1.1:111
    No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
    

    Usually most people doesn't need to set these at all, but some companies enforce non-transparent proxy settings, but in these cases the first 2 usually the same and for bypass config it may include the /var/run/docker.sock as well.

    I would remove or reset all your proxy configuration both for the docker deamon and client to make sure they all match-up:

    So if you need to setup a non-transparent proxy, I would also make sure that your http_proxy, https_proxy and proxy_bypass environment variables are also matching your expected proxy config:

    env | grep proxy
    

    So you would see the same results with curl or other linux apps which supports these.