GHC with forward proxy not working

[petermozolik]

Hello GHC comunity,

I`ve deployed GHC as docker container following documentation.

My Docker host is behind firewall with no direct access to internet, so docker containers need to use forward proxy to access outer world ...

I`ve added http_proxy related environment variables in my docker-compose configuration (via ghc.env file).

My docker-compose.yml

version: "3"

services:
  ghc_web:
    image: geopython/geohealthcheck:latest
    container_name: ghc_web
    restart: unless-stopped
    env_file:
      - ghc.env
    ports:
      - 8083:80

  ghc_runner:
    image: geopython/geohealthcheck:latest
    container_name: ghc_runner
    restart: unless-stopped
    env_file:
      - ghc.env
    entrypoint:
      - /run-runner.sh

My ghc.env

SQLALCHEMY_DATABASE_URI=postgresql://ghc:<pass>@db01-t.envcloud.local:5432/ghc

# Core variables settings, change at will.
GHC_RUNNER_IN_WEBAPP=False
GHC_NOTIFICATIONS=False
GHC_LOG_LEVEL=20

# Optionally set container Timezone
CONTAINER_TIMEZONE=Europe/Bratislava

# Optionally: set language
LC_ALL=sk_SK.UTF-8
LANG=sk_SK.UTF-8
LANGUAGE=sk_SK.UTF-8

# HTTP proxy settings
HTTP_PROXY="http://100.74.173.131:3128"
HTTPS_PROXY="http://100.74.173.131:3128"
NO_PROXY=.envcloud.local,172.20.40.0/22,localhost,127.0.0.1

When I try to add remote resource for monitoring e.g. WMS I'm getting this error in container logs

docker-compose logs related line

ghc_web       | 2020-11-05 11:29:03,952 - views - WARNING - Cannot expand plugin vars for GeoHealthCheck.plugins.probe.wms.WmsGetMapV1 err=ProxyError(MaxRetryError('HTTPConnectionPool(host=\'"http\', port=80): Max retries exceeded with url: http://maps.geop.sazp.sk/wms?service=WMS&request=GetCapabilities&version=1.1.1 (Caused by ProxyError(\'Cannot connect to proxy.\', NewConnectionError(\'<urllib3.connection.HTTPConnection object at 0x7fa074b10a10>: Failed to establish a new connection: [Errno -3] Try again\')))'))

From this log it is clear that problem is with connection to proxy server. In access logs of my forward proxy (Squid), there is no evidence that ghc container reaches my proxy ...

When I did test and removed http_proxy environment variables from my ghc.env i could see timeout errors in GHC container logs which is fine because internet resources is not directly accessible from my docker host (and containers), that proves that http_proxy environment variables are somehow respected (they change situation at least), but nonetheless connection to proxy is not working ...

Does anybody have related experience or advice for me ???

Thanks

[justb4]

Hmm, it looks like the proxy env vars are indeed interpreted. In the scenario the WMS Probe is using OWSLib to fetch a WMS Capabilities doc to populate a layer list for the web UI. Internally the Requests lib is used: https://requests.readthedocs.io/en/master/user/advanced/#proxies. Requests should act on the proxy env settings. Also Docker has proxy support https://docs.docker.com/network/proxy/. Docker also acts on these env vars, maybe some weird interaction. Hard to assess and reproduce.

One thing you could do is bash (you have to use ash as the Image is based on Alpine Linux) into the GHC container and try from there to see if proxies from within the container work at all. You could install curl, sequence:

docker exec -it ghc_web /bin/ash
# in container
apk update
apk add curl
# test

[justb4]

Best is to pose your question on Gitter: https://gitter.im/geopython/GeoHealthCheck, referring to this issue here . There may be folks running GHC with proxies as well.

[petermozolik]

Thank you for your reply,

Problem was with using quotes in values for environment variables in ghc.env. Quotes here seems to be interpreted as part of variable value, not as string delimiter (which is the case in common shells) ...

HTTP_PROXY="http://100.74.173.131:3128"
HTTPS_PROXY="http://100.74.173.131:3128"

changed to

HTTP_PROXY=http://100.74.173.131:3128
HTTPS_PROXY=http://100.74.173.131:3128

and now proxy works like charm ...