Search code examples
windowsdockerproxydocker-desktop

Docker Desktop for windows fails on search/build with corporate proxy

I have installed Docker Desktop for windows Docker version 18.09.2, build 6247962, and I'm not able to build and image. Even a docker search does not seem to work.

The error message (for example, when doing a docker search) is:

Error response from daemon: Get https://index.docker.io/v1/search?q=ubuntu&n=25: proxyconnect tcp: dial tcp 172.17.14.133:3128: connect: no route to host

My office is behind a proxy. So on the "Proxies" settings of DockerDesktop I set http://172.17.14.133:3128 for both HTTP and HTTTPS. But it still does not seem to work.

I have defined some ENV variables (both user and system) like this:

HTTPS_PROXY=http://proxypmi.tradyso.com:3128
HTTP_PROXY=http://proxypmi.tradyso.com:3128

Also:

C:\Users\my.user\AppData\Roaming\Docker\http_proxy.json:

{
  "http": "http://172.17.14.133:3128",
  "https": "http://172.17.14.133:3128",
  "exclude": null,
  "transparent_http_ports": [],
  "transparent_https_ports": []
}

C:\Users\my.user\AppData\Roaming\Docker\settings.json:

{
  "settingsVersion": 1,
  "autoStart": false,
  "checkForUpdates": true,
  "analyticsEnabled": false,
  "displayedWelcomeWhale": true,
  "displayed14393Deprecation": false,
  "displayRestartDialog": true,
  "displaySwitchWinLinContainers": true,
  "latestBannerKey": "",
  "debug": false,
  "memoryMiB": 2048,
  "swapMiB": 1024,
  "cpus": 2,
  "diskPath": null,
  "diskSizeMiB": 64000000000,
  "networkCIDR": "10.0.75.0/24",
  "proxyHttpMode": true,
  "overrideProxyHttp": "http://172.17.14.133:3128",
  "overrideProxyHttps": "http://172.17.14.133:3128",
  "overrideProxyExclude": null,
  "useDnsForwarder": true,
  "dns": "10.44.24.10",
  "kubernetesEnabled": false,
  "showKubernetesSystemContainers": false,
  "kubernetesInitialInstallPerformed": false,
  "cliConfigCreationDate": "03/22/2019 12:23:58",
  "linuxDaemonConfigCreationDate": "03/22/2019 12:22:19",
  "windowsDaemonConfigCreationDate": null,
  "versionPack": "default",
  "sharedDrives": {},
  "executableDate": "",
  "useWindowsContainers": false,
  "swarmFederationExplicitlyLoggedOut": false,
  "activeOrganizationName": null,
  "exposeDockerAPIOnTCP2375": false
}

C:\Users\my.user\.docker\config.json:

{
  "stackOrchestrator": "swarm",
  "auths": {},
  "credsStore": "wincred",
  "proxies":
  {
    "default":
    {
      "httpProxy": "http://172.17.14.133:3128",
      "httpsProxy": "http://172.17.14.133:3128",
      "noProxy": ""
    }
  }
}

I also tried passing build-arg to tocker build:

docker build --build-arg HTTP_PROXY=http://172.17.14.133:3128 --build-arg HTTPS_PROXY=http://172.17.14.133:3128 ...

Finally, on the Docker Desktop network configuration, I have tried with DNSs both "Automatic" and Manual (Using my corporate dns servers)

None of this has worked.

Any hint on what should I do?

Thank you.

Solution

  • A collegue found out the problem:

    By default, the bridge network that docker creates uses the same subnet as our office (172.17.0.0/16) and that causes trouble with the proxy ip address (172.17.14.133).

    To solve this:

    [Edit]: for a simpler method, use the following:

    On daemon configuration, add "bip": "new_subbet". For example: "bip": "172.19.0.1/16". Then, restart docker.

    Now, you won't even need to pass the extra --network="docker_gwbridge" parameter to the commands.

    This shorter solution may not work with older versions of Docker for windows, so you may consider the original answer if this option does not work.

    [Edit]: original method for old versions of docker for windows:

    The bridge network cannot be deleted, but We can tell docker not to create it.

    Go to Daemon Settings, Advanced => add "bridge": "none", to the configuration

    After applying changes, Docker will restart and now We will be able to create our own custom bridge network

    In this example, We are going to use (172.19.0.0/16)

    Open a console and write:

    docker network create --subnet=172.19.0.0/16 --gateway 172.19.0.1 -o com.docker.network.bridge.enable_icc=true -o com.docker.network.bridge.name=docker_gwbridge -o com.docker.network.bridge.enable_ip_masquerade=true docker_gwbridge

    Then we can do a docker ls for checking that the previous command was successful:

    $ docker network ls
 
NETWORK ID          NAME                DRIVER              SCOPE
2a3635a49ffa        docker_gwbridge     bridge              local
4e9ec758ee9f        host                host                local
737c6c5fc82b        none                null                local

    Now do a docker search ubuntu (for example). It should be able to connect to the internet and fetch the images.

    Important: From now on, some commands that need internet access will need to specify the new docker network with the extra parameter --network="docker_gwbridge"

    For example a docker build command could be:

    docker build --network="docker_gwbridge" --build-arg http_proxy=http://172.17.14.133:3128 --build-arg https_proxy=http://172.17.14.133:3128 -t foobar .