dockerproxydnssockstunnel

Use socks5 proxy from host for docker build


To build a certain image I need to create a tunnel and make docker use this tunnel as a socks5 proxy (to use the proxy for DNS too).

So now i've got several problems:

  1. How to make docker use the proxy that is on the host?
  2. How to make docker use the proxy to get the base image?
  3. How to make docker use the proxy for the RUN instruction?
  4. How to make docker use the proxy for the ADD instruction?

Solution

  • Since I spent all day researching this, here are the answers.

    I will leave the partially incomplete/wrong/old answer below, since I set up a new system today and needed to figure out all of the questions again because some parts of the old answer didn't make sense anymore.

    1. Using localhost:port does not work. Until this issue is resolved, you need to use the IP address of your docker0 network interface (172.17.0.1 in my case). If your host OS is linux, you can use localhost:port by passing additional --network=host parameter to docker build as mentioned in some other answer.

    2. and 3. Just put this content (change IP and port if needed) into ~/.docker/config.json (notice that the protocol is socks5h)

        {
            "proxies":
            {
                "default":
                {
                    "httpProxy": "socks5h://172.17.0.1:3128",
                    // or "httpProxy": "socks5h://localhost:3128", with --network=host
                    "httpsProxy": "socks5h://172.17.0.1:3128",
                    "noProxy": ""
                }
            }
        }
    
    1. It seems that the ADD command is executed with the (proxy) environment variables of the host, ignoring those in config.json. To make things more complicated, since the daemon is usually running with the root user, only root user's environment variables are picked up. Even more complicated because the host of course needs to use localhost as host for the proxy. And the cherry on top: the protocol needs to be socks5 (missing the h at the end) in this case for whatever reason.

    In my case, since I switched to WSL2 and use docker within WSL2 (starting the dockerd docker daemon manually), I just export the needed environment variable before the call to dockerd:

    #!/bin/bash
    
    # Start Docker daemon automatically when logging in if not running.
    RUNNING=`ps aux | grep dockerd | grep -v grep`
    if [ -z "$RUNNING" ]; then
        unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
        export http_proxy=socks5h://localhost:30000
        sudo -E dockerd > /dev/null 2>&1 &
        disown
    fi
    

    If you have the "regular" setup on a linux machine, you could use the old answer to 4., but beware the probably there you also need to use localhost.

    Incomplete/wrong/old answer starting here

    1. Using localhost:port does not work. Until this issue is resolved, you need to use the IP address of your docker0 network interface (172.17.0.1 in my case).
    2. This answer applies to question 3 too. Just put this content (change IP and port if needed) into ~/.docker/config.json (notice that the protocol is socks5h)
        {
            "proxies":
            {
                "default":
                {
                    "httpProxy": "socks5h://172.17.0.1:3128",
                    "httpsProxy": "socks5h://172.17.0.1:3128",
                    "noProxy": ""
                }
            }
        }
    
    1. I do not know why (edit: now I know, it's because dockerd is running as root and it does not pick up proxy environment variables from the regular user), but for the ADD instruction the former settings to not apply (names do not get resolved through proxy). We need to put this content into /etc/systemd/system/docker.service.d/http-proxy.conf
    [Service]
    Environment="HTTP_PROXY=socks5://172.17.0.1:3128/"
    

    then

    sudo systemctl daemon-reload
    sudo systemctl restart docker
    

    (This is just wrong/unneeded with answer 2.)Also, for package managers like yum to be able to update the packages during build, you need to pass the environment variable like this:

    docker build --build-arg http_proxy=socks5://172.17.0.1:3128