Join Log in
Score:0
Rami avatar Server

Docker can't pull images behind proxy server

in flag
Rami

am using docker version 20.10.14 with CentOS Linux 7, i just installed docker and set up the proxy settings in /usr/lib/systemd/system/docker.service and my proxy settings are

Environment="HTTP_PROXY=http://10.330.100.100:3128/"
Environment="HTTPS_PROXY=https://10.330.100.100:3128/"
Environment=no_proxy=localhost,127.0.0.1

i get an error like

Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: tls: first record does not look like a TLS handshake

and when changing HTTPS_PROXY from https --> http i get

Error response from daemon: Get "https://registry-1.docker.io/v2/": Bad Request

and when trying to curl "https://registry-1.docker.io/v2/" i get

curl: (56) Received HTTP code 400 from proxy after CONNECT
63
0 + 0
Rami avatar
in flag
Rami
i guess the question is if the proxy server doesnot support https is there a work around it?
0
Reply
co flag
BMitch
"if the proxy server doesnot support https is there a work around" Nope, you need https support to pull from Docker Hub.
0
Reply
co flag
BMitch
This appears to be an XY question, the problem isn't how to pull images over http, it's how to fix the proxy server to support https. For that we need details on the proxy server, not on the docker setup.
1
Reply
Score:0
avatar Server
us flag
Rob 
Environment="HTTP_PROXY=http://10.330.100.100:3128/"
Environment="HTTPS_PROXY=https://10.330.100.100:3128/"
                             ^                  ^^^^

Here you configure your proxy server to available over plain HTTP and HTTPS on the same port. That is extremely unlikely to be the case.

Either your proxy server is configured with its own TLS certificate and will listen on different ports for http and https.

Or, and that is usually the case, the proxy server only supports plain http connections and requests to HTTPS resources will still need to use plain HTTP to make the connection to the proxy server. (Once connected to the proxy the client will use the CONNECT method to establish a TLS connection via the proxy to the webserver which creates an end-to-end encrypted channel.)

In other words: you probably need to change the HTTPS_PROXY variable to:

Environment="HTTPS_PROXY=http://10.330.100.100:3128/"

When you're required to use a proxy, that often means that also TLS traffic is controlled. You may need to install and enable your organisations CA certificate.

When you're required to use a proxy, that means that others in your organisation are required to do the same.

That means that you (or rather your proxy server, will very quickly run into the docker rate limiting. See: https://docs.docker.com/docker-hub/download-rate-limit/

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.