Docker DNS problems behind a proxy
I'm fairly new to Docker so bear with me for a minute :-)
I'm trying to run a container under Docker Desktop on one on my Windows 2019 servers that operates behind a proxy. The Docker Version is 20.10.8. I have configured the proxy server + credentials under Settings->Resources->Proxies and specified the DNS under Settings->Resources->Network, pointing to the main DNS server my Windows server uses. Whenever I try to pull or run an container, I get the following error:
Using default tag: latest Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup http on 192.168.178.5:53: read udp 192.168.178.4:64413->192.168.178.5:53: i/o timeout
This seems to be a DNS error, but I can't figure out whats actually wrong here. The IPs mentioned are coming from the configured docker subnet, but I don't get why, because so far,there a no containers running on the server as I have not been able to pull an image.
When I call https://registry-1.docker.io using Chrome, I get
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]},
so the address it at least reachable.
Something seems really iffy here, and I don't know where to look. Am I missing something how DNS works in this scenario ?
do you know?
how many words do you know
See also questions close to this topic
-
best way to add a spring boot web application with JSPs to a docker container?
so i have a spring boot web application, it uses JSPs, and im supposed to put it in a container .
my question is what is the best way ? ive tried to copy the project and then run it there using a wmvn like so : dockerfile:FROM openjdk:8-jdk-alpine ADD . /input-webapp WORKDIR /input-webapp EXPOSE 8080:8080 ENTRYPOINT ./mvnw spring-boot:runwhich works, but it takes a long time getting the dependencies and feels messy .
and ive tried to package it into a jar, and then copy the jar only, and run it : dockerfile:
FROM openjdk:8-jdk-alpine ADD target/input-webapp-0.0.1-SNAPSHOT.jar input-webapp-0.0.1-SNAPSHOT.jar EXPOSE 8080:8080 ENTRYPOINT ["java","-jar","input-webapp-0.0.1-SNAPSHOT.jar"]but this way it cant see the JSPs, or at least i think this is the problem, as i get a 404.
so is there a better way ? can i copy the jsps plus the jar to make it work? thanks
-
build spring boot (mvnw) with docker can not use cache
Spring Boot Docker Experimental Features Docker 18.06 comes with some “experimental” features, including a way to cache build dependencies. To switch them on, you need a flag in the daemon (dockerd) and an environment variable when you run the client. With the experimental features, you get different output on the console, but you can see that a Maven build now only takes a few seconds instead of minutes, provided the cache is warm.
my dockerfile can not use cache.
dockerfile
# syntax=docker/dockerfile:experimental FROM openjdk:8-jdk-alpine as build WORKDIR /workspace/app COPY mvnw . COPY .mvn .mvn COPY pom.xml . COPY src src RUN --mount=type=cache,target=/root/.m2 ./mvnw install -DskipTests -s .mvn/wrapper/settings.xml RUN mkdir -p target/extracted && java -Djarmode=layertools -jar target/*.jar extract --destination target/extracted FROM openjdk:8-jre-alpine ENV TZ Asia/Shanghai RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone RUN addgroup -S spring && adduser -S spring -G spring USER spring:spring ARG EXTRACTED=/workspace/app/target/extracted ARG JAVA_OPTS="-Xmx100m -Xms100m" COPY --from=build ${EXTRACTED}/dependencies/ ./ COPY --from=build ${EXTRACTED}/spring-boot-loader/ ./ COPY --from=build ${EXTRACTED}/snapshot-dependencies/ ./ COPY --from=build ${EXTRACTED}/application/ ./ ENTRYPOINT ["sh", "-c","java ${JAVA_OPTS} org.springframework.boot.loader.JarLauncher"]run shell
DOCKER_BUILDKIT=1 docker build -t org/spring-boot .every time use many minutes
-
PyQT5 doesn't work on docker ImportError: libsmime3.so: cannot open shared object file: No such file or directory
I have a Dockerfile with PyQT installed like below
FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive RUN adduser --quiet --disabled-password qtuser && usermod -a -G audio qtuser RUN apt-get update -y \ && apt-get install alsa -y \ && apt-get install -y python3-pyqt5 \ && apt-get install python3-pip -y && \ pip3 install pyqtwebengine WORKDIR /htmltopdfI built my image like this
docker build -t html-to-pdf .Then I ran my image like this
docker run --rm -v "$(pwd)":/htmltopdf -u qtuser -it html-to-pdf python3 htmlToPdfnew.py --url https://www.w3schools.com/howto/howto_css_register_form.aspBut I'm getting below error
Traceback (most recent call last): File "htmlToPdfnew.py", line 2, in <module> from PyQt5 import QtWidgets, QtWebEngineWidgets ImportError: libsmime3.so: cannot open shared object file: No such file or directoryI do NOT get that error in my PC.
below is my python code
import sys from PyQt5 import QtWidgets, QtWebEngineWidgets from PyQt5.QtCore import QUrl, QTimer from PyQt5.QtGui import QPageLayout, QPageSize from PyQt5.QtWidgets import QApplication import argparse def main(): url = '' parser = argparse.ArgumentParser(description="Just an example", formatter_class=argparse.ArgumentDefaultsHelpFormatter) parser.add_argument("--url", help="Type url") args = parser.parse_args() config = vars(args) url = config['url'] app = QtWidgets.QApplication(sys.argv) loader = QtWebEngineWidgets.QWebEngineView() loader.setZoomFactor(1) layout = QPageLayout() layout.setPageSize(QPageSize(QPageSize.A4Extra)) layout.setOrientation(QPageLayout.Portrait) loader.load(QUrl(url)) loader.page().pdfPrintingFinished.connect(lambda *args: QApplication.exit()) def emit_pdf(finished): QTimer.singleShot(2000, lambda: loader.page().printToPdf("test.pdf", pageLayout=layout)) loader.loadFinished.connect(emit_pdf) sys.exit(app.exec_()) if __name__ == '__main__': main()so how do I resolve below error ?
Traceback (most recent call last): File "htmlToPdfnew.py", line 2, in <module> from PyQt5 import QtWidgets, QtWebEngineWidgets ImportError: libsmime3.so: cannot open shared object file: No such file or directory -
How to proxy MSSQL connections over TCP proxy with cached Kerberos credential?
I need to proxy MSSQL connections over a TCP proxy using cached kerberos credentials. The idea is to authenticate against the database with kerberos, cache the cred, and then use that cred from a locked down environment to connect to the database over a proxy.
The Source and Proxy instances are both Linux machines running Centos 8.
The Source/Client instance in this case has no connectivity to the domain controllers used for kerberos auth, neither does the proxy. The proxy is pure pass through to the destination server, which does have connectivity to the domain controllers to perform the kerberos ticket <--> token exchange and authenticate.
This is what my current environment looks like:
Source Proxy Dest +-+----+--+ +-----------------------------+ +-----------------+ | | tcp1 | HAProxy | tcp2 | | | Client +--------------> front_end backend----------------->+ SQL Server | | | | | | | +---------+ +-----------------------------+ +-----------------+My proxy config:
frontend tcp-in-mssql bind :5650 mode tcp use_backend mssql backend mssql mode tcp server mssql.mydomain.com mssql.mydomain.com:5650 checkWhen testing, I can connect directly to the SQL Server on the Dest instance from the Proxy instance both via password based auth and kerberos auth.
Examples of successfully connecting to the SQL Server from the Proxy instance:
$ env | grep KRB5 KRB5CCNAME=/tmp/krb5cc_12345 # <-- this is a valid ticket cache $ /opt/mssql-tools18/bin/sqlcmd -C -S mssql.mydomain.com,5650 -U myuser Password: 1> quit $ /opt/mssql-tools18/bin/sqlcmd -C -S mssql.mydomain.com,5650 -E 1> quitWhen connecting over the Proxy from the Proxy host:
$ /opt/mssql-tools18/bin/sqlcmd -C -S localhost,5650 -U myuser Password: 1> quit $ /opt/mssql-tools18/bin/sqlcmd -C -S localhost,5650 -E Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : SSPI Provider: Server not found in Kerberos database. Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Cannot generate SSPI context.I guess this makes sense if I use localhost in the
sqlcmdserver parameter.I get the exactly same results when replacing
localhostwith the proxy host in thesqlcmd.I believe my only major issue here is that I cannot get the connection to go over the proxy when setting
socks_proxyorall_proxyenv vars, so I can use the SQL Server host name in thesqlcmdserver param.Each of the below do not go over the proxy and go directly to the host in the
sqlcmdserver param. The same happens when using password auth. I know this because I do not see the connections logged in the haproxy logs.$ socks_proxy=socks5://localhost:5640 /opt/mssql-tools18/bin/sqlcmd -C -S mssql.mydomain.com,5650 -E 1> quit $ socks_proxy=socks://localhost:5640 /opt/mssql-tools18/bin/sqlcmd -C -S mssql.mydomain.com,5650 -E 1> quit $ all_proxy=socks5://localhost:5640 /opt/mssql-tools18/bin/sqlcmd -C -S mssql.mydomain.com,5650 -E 1> quit $ all_proxy=socks://localhost:5640 /opt/mssql-tools18/bin/sqlcmd -C -S mssql.mydomain.com,5650 -E 1> quitThe only way I can seem to go over the proxy is to use the proxy in the
sqlcmdserver param, which works with password auth, but fails with kerberos auth.I've also tried adding
ServerSPN=MSSQLSvc/mssql.mydomain.com:5650to both myodbc.iniandodbcinst.inifiles.There's nothing in the
sqlcmddoc that accepts proxy settings, so I'm at a loss as to what to do here. I'm flexible on the proxy, it doesn't have to be HAProxy, but HAProxy seemed like the easiest pass through TCP proxy to stand up so I went with it over nginx. -
What env var to send requests to a HAProxy instance?
I have a HAProxy configured that works as expected when sending requests directly to the proxy host and port that the proxy is listening on. The proxy is running in TCP mode.
frontend tcp-in-mssql bind :5650 mode tcp use_backend mssql backend mssql mode tcp server mssql01.mydomain.com mssql01.mydomain.com:5650 checkWhen I try to send requests to the proxy by using the SOCKS_PROXY or ALL_PROXY env vars, the proxy isn't used and the connection is made directly.
example:
SOCKS_PROXY=socks://localhost:5650 my_command --target=mssql01.mydomain.com:5650 ALL_PROXY=socks://localhost:5650 my_command --target=mssql01.mydomain.com:5650The proxy is bypassed and a TCP connection is made directly to the target host. Though if do something like
my_command --target=localhost:5650the TCP connection goes through the proxy and is made successfully to the backend target server.How can I route traffic to the proxy?
-
Able to proxy my React app in localhost to heroku server but not on firebase
I was wondering if there was a way to proxy my firebase-deployed app to redirect all requests to a heroku API URL.
{ "name": "denrol", "version": "0.1.0", "private": true, "proxy": "https://kareemapp.herokuapp.com", ... }my React app package.json looks something like this and it works fine in localhost. However when I deploy it to firebase. It automatically reconfigures to direct requests to
https://kareemsapp.web.appwhich is the firebase hosting default url
is there a way to configure firebase to proxy from the correct URL?
if relevant, this is what my firebase.json looks like
{ "hosting": { "public": "build", "ignore": ["firebase.json", "**/.*", "**/node_modules/**"], "rewrites": [ { "source": "**", "destination": "/index.html" } ] } }