Closed dduportal closed 9 years ago
Thank you for your information! That change seems excellent!
Anyway, do you mean add ,.sock
or /var/run/docker.sock
to vagrant-proxyconf default no_proxy
? If so, I think adding documentation is better way. Because vagrant-proxyconf no_proxy
affect not only Docker but also all applications. And Docker supports sock with no_proxy
by its documentation https://github.com/docker/docker/pull/10133 not default value adding.
I'm not sure on which route to use but here's my thoughts :
The things i want to test before pull-requesting a first solution :
Thank you for your thoughts.
I think I understand what you stated. We have some choices. Now, I think we are nice if we add avoidance to transfer via proxies for unix domain sockets. If you can test something, please share your results.
I think we can narrow the influence of adding the avoidance only for docker if we change action/configure_docker_proxy.rb.
If we can use unix://
, it is better than .sock
. Because now, there is no .sock
gtld, but it might be added...
Now, my idea for this feature,
config.proxy.docker_sock_noproxy_disabled
Thank you,
@otahi : in fact it seems that is Docker codebase's related. They have implemented and merged in master a patch that will change the behavior :
TL;DR :
The docker CLI won't use NO_PROXY
variables when using a Unix socket
This is perfect and it will handle what i was thinking, so i'm going to close the Issue.
Thank you !
@dduportal , Thank you for your giving good news. This seems completely OK :100:
I am still confused on how this all works together. After reading all the comments and posts about this I have the following scenario:
I need a proxy set in my environment at all times I also nee the docker daemon to use these proxy variables
I tried what is documented here: https://github.com/docker/docker/pull/10192/files
This sill fails and seems not to work as intended.
Here is what I found: Docker version 1.5.0, build a8a31ef Linux jbean 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[jbean@jbean ~] $ docker ps FATA[0000] Error response from daemon: 404 page not found [jbean@jbean ~] $ ps -ef | grep docker root 4455 1 0 10:18 ? 00:00:00 /usr/bin/docker -d --dns 10.21.223.53 --insecure-registry docker.example.com:5000 -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock jbean 5036 4971 0 10:26 pts/22 00:00:00 grep --colour=auto docker [jbean@jbean ~] $ env | grep proxy http_proxy=http://proxy.example.com:3128/ ftp_proxy=http://proxy.example.com:3128/ https_proxy=http://proxy.example.com:3128/ no_proxy=localhost,127.0.0.0/8,::1,/var/run/docker.sock [jbean@jbean ~] $ docker ps FATA[0000] Error response from daemon: 404 page not found [jbean@jbean ~] $ unset https_proxy [jbean@jbean ~] $ docker ps FATA[0000] Error response from daemon: 404 page not found [jbean@jbean ~] $ unset http_proxy [jbean@jbean ~] $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [jbean@jbean ~] $
In this case I have to unset my http_proxy to talk with the daemon. This worked just fine for everything before Docker 1.5.
@jeffbean : Could you provide me the output of
env | grep -i proxy
please ?
The -i of grep is important, because it'll check for the upper cases version, as i remember that the plugin set the two cases.
If i'm right, you should see a NO_PROXY var also.
oh man, so i am assuming I need to set the NO_PROXY as it takes president. [jbean@jbean ~] $ env | grep -i proxy NO_PROXY=localhost,127.0.0.0/8,::1 http_proxy=http://proxy.example.com:3128/ ftp_proxy=http://proxy.example.com:3128/ https_proxy=http://proxy.example.com:3128/ no_proxy=localhost,127.0.0.0/8,::1,/var/run/docker.sock
After setting the variable it works. [jbean@jbean ~] $ env | grep -i proxy NO_PROXY=localhost,127.0.0.0/8,::1,/var/run/docker.sock http_proxy=http://proxy.example.com:3128/ ftp_proxy=http://proxy.example.com:3128/ https_proxy=http://proxy.example.com:3128/ no_proxy=localhost,127.0.0.0/8,::1,/var/run/docker.sock [jbean@jbean ~] $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
As a side note /etc/environment does not work in Mint, I HAVE to do it through my .bash_profile. I saw some answers pointing to gconf and /etc/environment.
Thanks!
It doesn't work for me:
[root@lab-c1 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) [root@lab-c1 ~]# docker -v Docker version 1.12.1-cs1, build e7f4338 [root@lab-c1 ~]# env | grep -i proxy NO_PROXY=localhost,127.0.0.0/8,::1,/var/run/docker.sock http_proxy=http://proxy.esl.cisco.com:80/ ftp_proxy=http://proxy.esl.cisco.com:80/ https_proxy=http://proxy.esl.cisco.com:80/ no_proxy=localhost,127.0.0.0/8,::1,/var/run/docker.sock [root@lab-c1 ~]# firewall-cmd --list-ports 12385/tcp 2376/tcp 12384/tcp 12381/tcp 443/tcp 12380/tcp 12386/tcp 12383/tcp 12379/tcp 12382/tcp 12376/tcp
Yet I still get FATAL error with
... INFO[0000] Checking that required ports are available and accessible FATA[0034] The following required ports are blocked on your host: 443, 12386, 12376, 12379, 12385, 12381, 12380, 2376, 12383, 12384, 12382. Check your firewall settings.
OK, quick issue, due to the recent Docker 1.5.
It added that https://github.com/docker/docker/pull/9951 (cf. changelog : https://github.com/docker/docker/blob/master/CHANGELOG.md#150-2015-02-10, last item of 1.5.0). The documentation is here : https://github.com/docker/docker/pull/10192
So in my case :
It's not related to the vagrant-proxyconf directly, but we can enhance user experience by adding a pattern like
,.sock
or/var/run/docker.sock
in no_proxy vars for the Docker part ?