How can I build a Dockerfile in finch when sitting behind a proxy and using cntlm as local proxy?
Question:
Given the Dockerfile:
FROM nexus.company.net/python:3.10-slim-bullseye
ARG TWINE_USERNAME
ARG TWINE_PASSWORD
ARG COMMIT_SHA
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONFAULTHANDLER 1
ENV APP_PATH=/home/appuser/app
RUN echo "deb http://ftp.debian.org/debian bullseye-backports main" |
tee /etc/apt/sources.list.d/backports.list
&& apt-get update && apt -t bullseye-backports upgrade -y
&& apt-get update && apt-get install -y libpq-dev gcc procps build-essential
RUN set -ex && pip install -U pip && pip install pipenv
WORKDIR ${APP_PATH}
COPY . ./
RUN set -ex && echo "${TWINE_USERNAME}" && pipenv sync --system
RUN groupadd -g 999 appuser &&
useradd -r -u 999 -g appuser appuser
USER appuser
EXPOSE 8000
ENTRYPOINT ["/home/appuser/app/entrypoint.sh"]
When trying to build with:
finch build --build-arg TWINE_USERNAME=xxx --build-arg TWINE_PASSWORD="$TWINE_PASSWORD"
--build-arg NO_PROXY='localhost,127.0.0.*,10.*,192.168.*'
--build-arg http_proxy=http://127.0.0.1:3128
--build-arg https_proxy=http://127.0.0.1:3128
--build-arg HTTP_PROXY=http://127.0.0.1:3128
--build-arg HTTPS_PROXY=http://127.0.0.1:3128
-t appname .
I keep getting network error:
...
#0 0.230 deb http://ftp.debian.org/debian bullseye-backports main
#0 0.253 Err:1 http://deb.debian.org/debian bullseye InRelease
#0 0.253 Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.253 Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
#0 0.253 Unable to connect to 127.0.0.1:3128:
#0 0.253 Err:3 http://ftp.debian.org/debian bullseye-backports InRelease
#0 0.253 Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.253 Err:4 http://deb.debian.org/debian bullseye-updates InRelease
#0 0.253 Unable to connect to 127.0.0.1:3128:
#0 0.257 Reading package lists...
#0 0.263 W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.263 W: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease Unable to connect to 127.0.0.1:3128:
#0 0.263 W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease Unable to connect to 127.0.0.1:3128:
#0 0.263 W: Failed to fetch http://ftp.debian.org/debian/dists/bullseye-backports/InRelease Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.263 W: Some index files failed to download. They have been ignored, or old ones used instead.
...
I assume my problem is the proxy configuration, but I am not sure what is expected.
I tried various proxy settings like but nothing seems to be working. 127.0.0.1:3128
is the proxy setting which is working with my general setup.
Answers:
Eventually I found the answer: BuildKit needs to know the hosts real address during build. localhost
is only pointing to the builder container and not to the build host.
To find the build host address:
export SYSID_HOST="http://$(ifconfig | grep -E "([0-9]{1,3}.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1):3128"
Then the final command for building is:
finch build --build-arg TWINE_USERNAME=xxx --build-arg TWINE_PASSWORD="$TWINE_PASSWORD"
--build-arg NO_PROXY='localhost,127.0.0.*,10.*'
--build-arg http_proxy=${SYSID_HOST}
--build-arg https_proxy=${SYSID_HOST}
--build-arg HTTP_PROXY=${SYSID_HOST}
--build-arg HTTPS_PROXY=${SYSID_HOST}
-t appname .
Given the Dockerfile:
FROM nexus.company.net/python:3.10-slim-bullseye
ARG TWINE_USERNAME
ARG TWINE_PASSWORD
ARG COMMIT_SHA
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONFAULTHANDLER 1
ENV APP_PATH=/home/appuser/app
RUN echo "deb http://ftp.debian.org/debian bullseye-backports main" |
tee /etc/apt/sources.list.d/backports.list
&& apt-get update && apt -t bullseye-backports upgrade -y
&& apt-get update && apt-get install -y libpq-dev gcc procps build-essential
RUN set -ex && pip install -U pip && pip install pipenv
WORKDIR ${APP_PATH}
COPY . ./
RUN set -ex && echo "${TWINE_USERNAME}" && pipenv sync --system
RUN groupadd -g 999 appuser &&
useradd -r -u 999 -g appuser appuser
USER appuser
EXPOSE 8000
ENTRYPOINT ["/home/appuser/app/entrypoint.sh"]
When trying to build with:
finch build --build-arg TWINE_USERNAME=xxx --build-arg TWINE_PASSWORD="$TWINE_PASSWORD"
--build-arg NO_PROXY='localhost,127.0.0.*,10.*,192.168.*'
--build-arg http_proxy=http://127.0.0.1:3128
--build-arg https_proxy=http://127.0.0.1:3128
--build-arg HTTP_PROXY=http://127.0.0.1:3128
--build-arg HTTPS_PROXY=http://127.0.0.1:3128
-t appname .
I keep getting network error:
...
#0 0.230 deb http://ftp.debian.org/debian bullseye-backports main
#0 0.253 Err:1 http://deb.debian.org/debian bullseye InRelease
#0 0.253 Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.253 Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
#0 0.253 Unable to connect to 127.0.0.1:3128:
#0 0.253 Err:3 http://ftp.debian.org/debian bullseye-backports InRelease
#0 0.253 Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.253 Err:4 http://deb.debian.org/debian bullseye-updates InRelease
#0 0.253 Unable to connect to 127.0.0.1:3128:
#0 0.257 Reading package lists...
#0 0.263 W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.263 W: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease Unable to connect to 127.0.0.1:3128:
#0 0.263 W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease Unable to connect to 127.0.0.1:3128:
#0 0.263 W: Failed to fetch http://ftp.debian.org/debian/dists/bullseye-backports/InRelease Could not connect to 127.0.0.1:3128 (127.0.0.1). - connect (111: Connection refused)
#0 0.263 W: Some index files failed to download. They have been ignored, or old ones used instead.
...
I assume my problem is the proxy configuration, but I am not sure what is expected.
I tried various proxy settings like but nothing seems to be working. 127.0.0.1:3128
is the proxy setting which is working with my general setup.
Eventually I found the answer: BuildKit needs to know the hosts real address during build. localhost
is only pointing to the builder container and not to the build host.
To find the build host address:
export SYSID_HOST="http://$(ifconfig | grep -E "([0-9]{1,3}.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1):3128"
Then the final command for building is:
finch build --build-arg TWINE_USERNAME=xxx --build-arg TWINE_PASSWORD="$TWINE_PASSWORD"
--build-arg NO_PROXY='localhost,127.0.0.*,10.*'
--build-arg http_proxy=${SYSID_HOST}
--build-arg https_proxy=${SYSID_HOST}
--build-arg HTTP_PROXY=${SYSID_HOST}
--build-arg HTTPS_PROXY=${SYSID_HOST}
-t appname .