git 如何在 Jenkins 的 HTTP_PROXY 后面使用 Dockerfile 构建 Docker 镜像?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27749193/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to build Docker Images with Dockerfile behind HTTP_PROXY by Jenkins?
提问by Marcello de Sales
Building Docker images works in a desktop without a problem. Installing Node.js NPM dependencies work as usual. However, when using a continuous integration server such as Jenkins that is hosted behind a corporate proxy, the build Docker Images fail.
在桌面上构建 Docker 镜像没有问题。安装 Node.js NPM 依赖项照常工作。但是,当使用持续集成服务器(例如托管在公司代理后面的 Jenkins)时,构建 Docker 映像会失败。
Node.js NPM Dependencies
Node.js NPM 依赖项
While building Node.js pacakges, the command npm installfails when it cannot connect to GIT while cloning GIT dependencies.
在构建 Node.js pacakges 时,如果在克隆 GIT 依赖项时无法连接到 GIT ,命令npm install 将失败。
e1ce5e8407d1: Already exists
Status: Image is up to date for node:0.10.33
---> e1ce5e8407d1
Step 1 : RUN mkdir -p /usr/src/app
---> Using cache
---> 965cad0c68b0
Step 2 : WORKDIR /usr/src/app
---> Using cache
---> 4c498f0c07e9
Step 3 : COPY package.json /usr/src/app/
---> b0662a8275fb
Removing intermediate container 5aca20551452
Step 4 : RUN npm install
---> Running in 7ccf9e5362af
npm WARN package.json [email protected] No README data
npm WARN package.json Dependency 'async-cache' exists in both dependencies and devDependencies, using 'async-cache@^0.1.5' from dependencies
npm ERR! git clone https://github.com/npm/npm2es.git Cloning into bare repository '/root/.npm/_git-remotes/https-github-com-npm-npm2es-git-60a75edb'...
npm ERR! git clone https://github.com/npm/npm2es.git fatal: unable to access 'https://github.com/npm/npm2es.git/': Failed to connect to github.com port 443: Connection timed out
Java Maven, Ruby, Go Docker Images with Dependencies
Java Maven、Ruby、Go Docker 镜像与依赖
The same occurs when building Java, Ruby or Go containers, where dependencies are located in repository servers across your corporate Proxy server.
构建 Java、Ruby 或 Go 容器时也会发生同样的情况,其中依赖项位于跨公司代理服务器的存储库服务器中。
Knowing that you can configure Docker with HTTP_PROXY environment variable, how to properly configure Docker to properly build images in CI environments?
知道可以使用 HTTP_PROXY 环境变量配置 Docker,如何正确配置 Docker 以在 CI 环境中正确构建镜像?
回答by VonC
Note: Docker 1.9 mighthelp solve this:
注意:Docker 1.9可能有助于解决这个问题:
- "Issue 14634": Builder - Build-time argument passing(e.g.,
HTTP_PROXY) - "PR 15182": Support for passing build-time variables in build context
Usage (proposed):
用法(建议):
docker build --build-arg http_proxy=http://my.proxy.url --build-arg foo=bar <<MARK
FROM busybox
RUN <command that need http_proxy>
ARG --description="foo's description" foo
USER $foo
MARK
回答by jeremysprofile
Docker has multiple ways to set proxies that take effect at different times.
Docker 有多种方式来设置代理在不同时间生效。
If your docker buildhas to retrieve a base image through a proxy, you'll want to specify build-args:
如果您docker build必须通过 proxy 检索基本图像,则需要指定build-args:
docker build --build-arg HTTP_PROXY=$http_proxy \
--build-arg HTTPS_PROXY=$http_proxy --build-arg NO_PROXY="$no_proxy" \
--build-arg http_proxy=$http_proxy --build-arg https_proxy=$http_proxy \
--build-arg no_proxy="$no_proxy" -t myContainer /path/to/Dockerfile/directory
where $http_proxyand $no_proxywere set in my bashrc. I used both HTTP_PROXYand http_proxybecause different utilities will check different variables (curlchecks both, wgetonly checks the lowercase ones, etc).
其中,$http_proxy和$no_proxy在我的.bashrc分别设置。我使用了两者HTTP_PROXY,http_proxy因为不同的实用程序会检查不同的变量(curl检查两者,wget只检查小写的,等等)。
如果你
docker builddocker build有一个RUN curl/wget/etccommand that has to go through the proxyRUN curl/wget/etc命令必须通过 proxy,您需要在 docker 映像中指定一个环境变量:ENV https_proxy=http://proxy-us02.org.nasdaqomx.com:8080
ENV http_proxy=http://proxy-us02.org.nasdaqomx.com:8080
ENV HTTP_PROXY=http://proxy-us02.org.nasdaqomx.com:8080
ENV HTTPS_PROXY=http://proxy-us02.org.nasdaqomx.com:8080
ENV no_proxy="localhost,localdomain,127.0.0.1,etc"
ENV NO_PROXY="localhost,localdomain,127.0.0.1,etc"
If you don't want this environment variable inside your image at runtime, you can remove all these at the end:
如果您不希望在运行时在您的图像中使用此环境变量,您可以在最后删除所有这些:
RUN unset http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY
回答by Marcello de Sales
Docker Daemon HTTP Proxy
Docker 守护进程 HTTP 代理
A lot of documentation is available about setting up the HTTP_PROXY environment variable for Docker's daemon. The environment variable is only available when running containers, so it won't help us here.
有很多关于为 Docker 守护进程设置 HTTP_PROXY 环境变量的文档。环境变量仅在运行容器时可用,因此它在这里对我们没有帮助。
Solution in Dockerfile
Dockerfile 中的解决方案
Although setting up the environment variable HTTP_ENVor http_envin the Dockerfile might help, it does not help our cause either.
尽管在Dockerfile中设置环境变量HTTP_ENV或http_env可能会有所帮助,但它也无助于我们的事业。
ENV http_proxy http://proxy.mycompany.com:80
ENV http_proxy http://proxy.mycompany.com:80
The reason why is that each specific service only honors HTTP Proxy setting in a different way. The way I could solve is below.
原因是每个特定服务仅以不同的方式尊重 HTTP 代理设置。我可以解决的方法如下。
- NPM: NPM requires setting up the HTTP_PROXY variable using a CLI command.
- GIT: GIT requires setting up the HTTP_PROXY variable using a CLI command as well.
- MAVEN: MVN command requires setting up the HTTP_PROXY as an XML file under the user's directory at ~/.m2/settings.xml. For Docker, you can add it to the root's "/root/.m2/settings.xml" directory (unsafe, development-only), or to the Dockerfile's user's home directory.
- NPM:NPM 需要使用 CLI 命令设置 HTTP_PROXY 变量。
- GIT:GIT 还需要使用 CLI 命令设置 HTTP_PROXY 变量。
- MAVEN:MVN 命令需要将 HTTP_PROXY 设置为~/.m2/settings.xml用户目录下的 XML 文件。对于 Docker,您可以将其添加到根目录的“/root/.m2/settings.xml”目录(不安全,仅限开发),或者添加到 Dockerfile 的用户主目录。
For instance, running an application using Dockerfile, I can build an image using the following Dockerfile:
例如,使用 Dockerfile 运行应用程序,我可以使用以下 Dockerfile 构建映像:
FROM node:0.10.33
# Prepare
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
# Use the cache for dependencies
COPY package.json /usr/src/app/
# If building behind an http_proxy, set them for git and npm
RUN git config --global http.proxy http://qypprdproxy02.ie.company.net:80 && \
npm config set proxy http://qypprdproxy02.ie.company.net:80 && \
npm config set https-proxy http://qypprdproxy02.ie.company.net:80
# Install dependencies
RUN npm install
# Copy all the source
COPY . /usr/src/app
# Execute the dev steps
COPY ./numbat-config.example.js /usr/src/app/numbat-config.js
COPY ./.env.example /usr/src/app/.evn
RUN touch /usr/src/app/config.admin.js
Note that I have configured both GIT and NPM using their CLI command to explicitly take the proxy settings before running the NPM install command. That way, both NPM and GIT dependencies will be automatically retrieved and cloned, respectively.
请注意,我已使用其 CLI 命令配置了 GIT 和 NPM,以在运行 NPM 安装命令之前显式采用代理设置。这样,NPM 和 GIT 依赖项将分别自动检索和克隆。
The result of building an image with this Dockerfile works as expected:
使用此 Dockerfile 构建映像的结果按预期工作:
[root@pppdc9prd6dq newww]# fig build
...
...
Building npmregistryserver...
---> Using cache
---> 965cad0c68b0
Step 2 : WORKDIR /usr/src/app
---> Using cache
---> 4c498f0c07e9
Step 3 : COPY package.json /usr/src/app/
---> ae8ff7861246
Removing intermediate container ba1d7b8c9963
Step 4 : RUN npm config set proxy http://qypprdproxy02.ie.company.net:80 && npm config set https-proxy http://qypprdproxy02.ie.company.net:80 && npm install
---> Running in aa6e05d9c7a4
npm WARN package.json [email protected] No README data
npm WARN package.json Dependency 'async-cache' exists in both dependencies and devDependencies, using 'async-cache@^0.1.5' from dependencies
npm WARN deprecated [email protected]: Please update to the latest version.
> [email protected] install /usr/src/app/node_modules/gulp/node_modules/v8flags
> node fetch.js
> [email protected] install /usr/src/app/node_modules/hiredis
> node-gyp rebuild
make: Entering directory '/usr/src/app/node_modules/hiredis/build'
CC(target) Release/obj.target/hiredis/deps/hiredis/hiredis.o
CC(target) Release/obj.target/hiredis/deps/hiredis/net.o
CC(target) Release/obj.target/hiredis/deps/hiredis/sds.o
CC(target) Release/obj.target/hiredis/deps/hiredis/async.o
AR(target) Release/obj.target/deps/hiredis.a
COPY Release/hiredis.a
CXX(target) Release/obj.target/hiredis/src/hiredis.o
CXX(target) Release/obj.target/hiredis/src/reader.o
SOLINK_MODULE(target) Release/obj.target/hiredis.node
SOLINK_MODULE(target) Release/obj.target/hiredis.node: Finished
COPY Release/hiredis.node
make: Leaving directory '/usr/src/app/node_modules/hiredis/build'
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
> [email protected] postinstall /usr/src/app/node_modules/imagemin-pngcrush/node_modules/pngcrush-bin
> node lib/install.js
fetch : https://raw.githubusercontent.com/imagemin/pngcrush-bin/v1.0.0/vendor/linux/pngcrush
? pre-build test passed successfully!
> [email protected] install /usr/src/app/node_modules/npm-typeahead/node_modules/restify/node_modules/dtrace-provider
> scripts/install.js
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN engine [email protected]: wanted: {"node":"0.8.x"} (current: {"node":"0.10.33","npm":"2.1.11"})
npm WARN cannot run in wd [email protected] gulp build (wd=/usr/src/app)
[email protected] node_modules/newww-metrics
[email protected] node_modules/murmurhash
[email protected] node_modules/npm-humans
[email protected] node_modules/leven
[email protected] node_modules/chunk
[email protected] node_modules/npm-expansions
[email protected] node_modules/similarity
[email protected] node_modules/truncate
This properly worked as expected and you can have a CI/CD environment behind an http proxy to rebuild images based on this Dockerfile.
这按预期正常工作,您可以在 http 代理后面拥有一个 CI/CD 环境,以基于此 Dockerfile 重建图像。
回答by danday74
We are doing ...
我们正在做 ...
ENV http_proxy http://9.9.9.9:9999
ENV https_proxy http://9.9.9.9:9999
and at end of dockerfile ...
并在 dockerfile 的末尾...
ENV http_proxy ""
ENV https_proxy ""
This, for now (until docker introduces build env vars), allows the proxy vars to be used for build without publicly exposing them
目前(直到 docker 引入构建环境变量),允许将代理变量用于构建而无需公开暴露它们
回答by desolat
Starting with Docker 17.07 you can alternatively use the Docker Client configuration file for providing the proxy configuration centrally:
从 Docker 17.07 开始,您也可以使用 Docker 客户端配置文件来集中提供代理配置:
https://docs.docker.com/network/proxy/#configure-the-docker-client
https://docs.docker.com/network/proxy/#configure-the-docker-client
回答by senthil sivasamy
I had a problem when corporate network was not allowing to download and setup docker image so n/w gave http proxy information. while running docker image build I passed the variable and it worked without any issues.
当公司网络不允许下载和设置 docker 映像时,我遇到了问题,因此 n/w 提供了 http 代理信息。在运行 docker image build 时,我传递了变量,它没有任何问题。
docker build --build-arg http_proxy="http://userid:[email protected]:8080" - < Dockerfile
回答by Atila Romero
You can use a transparent proxy, as described in:
您可以使用透明代理,如下所述:
https://jpetazzo.github.io/2014/06/17/transparent-squid-proxy-docker/
https://jpetazzo.github.io/2014/06/17/transparent-squid-proxy-docker/
docker run --net host jpetazzo/squid-in-a-can
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3129
