在代理之后无法为node.js应用构建docker镜像 [英] Building a docker image for a node.js app fails behind proxy

问题描述

在docker构建期间，npm出现问题.我是公司代理的幕后推手，并且阅读了大约30篇文章(和stackoverflow帖子)来解决类似问题.但是我仍然无法克服这个问题.

I have an issue with npm during the docker build. I am behind a corporate proxy and have read about 30 articles (and stackoverflow posts) addressing similar issues. However I was still not able to overcome this.

我能够"npm install"项目，并在docker构建过程之外(但也可以使用代理)获取所有必需的依赖关系，但不能在此过程中获取.

I am able to "npm install" the project and fetch all necessary dependencies outside of the docker build process (but also using the proxy), but not during.

到目前为止，我已经尝试过:

1. 直接使用代理(以及经过硬编码的身份验证数据)，以及 在CNTLM之上.下面的描述是使用CNTLM时的.
2. 使用如下所示的http存储库，strict_ssl为false.

1. Using the proxy directly (along with hardcoded auth data) and also over CNTLM. The description below is when using CNTLM.
2. Using the http repository as depicted below with strict_ssl false.

npm config set strict-ssl=false \

npm config set registry=http://registry.npmjs.org/ \

1. 通过--build-arg，env并通过RUN参数传递代理设置

1. Passing the proxy settings as --build-arg, env and via the RUN param

从干净的git checkout开始(没有node_modules)，之后 运行npm install

Starting with a clean git checkout (without node_modules) and after running the npm install

我正在尝试使用:

$ sudo docker build --build-arg HTTP_PROXY=http://127.0.0.1:3128 --build-arg HTTPS_PROXY=http://127.0.0.1:3128 .

输出

Sending build context to Docker daemon 226.6 MB
Step 1 : FROM node:argon
 ---> c74c117ed521
Step 2 : ENV http_proxy http://127.0.0.1:3128/
 ---> Using cache
 ---> ad2e2df7429b
Step 3 : ENV https_proxy http://127.0.0.1:3128/
 ---> Using cache
 ---> 75fb2eb0bb22
Step 4 : RUN mkdir -p /usr/src/app
 ---> Using cache
 ---> ee79de37d6d7
Step 5 : WORKDIR /usr/src/app
 ---> Using cache
 ---> 404356f5def0
Step 6 : COPY package.json /usr/src/app/
 ---> Using cache
 ---> a2ec47267628
Step 7 : RUN git config --global http.proxy http://127.0.0.1:3128/
 ---> Running in 3cd5db8b1371
 ---> 7353cd94b67a
Removing intermediate container 3cd5db8b1371
Step 8 : RUN npm install
 ---> Running in 79ed0eb809d8
npm info it worked if it ends with ok
npm info using npm@2.15.5
npm info using node@v4.4.6
npm info preinstall app
npm info attempt registry request try #1 at 10:24:02 AM
npm http request GET https://registry.npmjs.org/bufferutil
npm info attempt registry request try #1 at 10:24:02 AM
npm http request GET https://registry.npmjs.org/connect-mongo
<snip>

npm info retry will retry, error on last attempt: Error: tunneling socket could not be established, cause=connect ECONNREFUSED 127.0.0.1:3128
npm info retry will retry, error on last attempt: Error: tunneling socket could not be established, cause=connect ECONNREFUSED 127.0.0.1:3128
<snip>

npm ERR! Linux 3.13.0-88-generic
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install"
npm ERR! node v4.4.6
npm ERR! npm  v2.15.5
npm ERR! code ECONNRESET

npm ERR! network tunneling socket could not be established, cause=connect ECONNREFUSED 127.0.0.1:3128
npm ERR! network This is most likely not a problem with npm itself
npm ERR! network and is related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network 
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly.  See: 'npm help config'

npm ERR! Please include the following file with any support request:
npm ERR!     /usr/src/app/npm-debug.log

这是我的docker脚本

FROM node:argon

ENV http_proxy http://127.0.0.1:3128/
ENV https_proxy http://127.0.0.1:3128/

# Create app directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

# Install app dependencies
COPY package.json /usr/src/app/

# setup proxies
RUN git config --global http.proxy http://127.0.0.1:3128/ && \
    npm config set strict-ssl=false \
    npm config set registry=http://registry.npmjs.org/ \
    npm config set proxy=http://127.0.0.1:3128/ && \
    npm config set https-proxy=http://127.0.0.1:3128/

# Install dependencies for node.js
RUN npm install

# Bundle app source
COPY . /usr/src/app

EXPOSE 8080
CMD [ "npm", "start" ]

推荐答案

使用--build-arg的方法是正确的:您只想在构建Docker映像时使用代理设置，而不希望将它们包含在Dockerfile中，因此它不依赖于特定的环境(您不需要在其上的ENV条目).

The approach using --build-arg is the correct one: you only want to use the proxy settings when building the Docker image, and not having them inside the Dockerfile so it is not tied to an specific environment (you don't need the ENV entries on it).

您的问题是您试图在docker build localhost中用作cntlm代理，这是无效的，因为在构建时它将指向运行该build的docker容器，但实际上应指向该地址docker网络中提供cntlm的主机的数量.

Your issue is that you are trying to use as cntlm proxy inside the docker build localhost, which is not valid since at build time it will point to the docker container running the build, but it should actually point to the address of your host offering cntlm in the docker network.

为了使该功能起作用，您可以将cntlm配置为在多个接口中进行侦听，然后激活网关模式，以便可以从其他计算机上使用它.这样，在构建映像时，您会将请求从Docker实例发送到主机.

In order to make that work, you can configure your cntlm to listen in several interfaces, and then activate gateway mode so you can use it from other machines. This way, when your image is being built, you will send the requests from the docker instance to the host.

我的docker网桥网络如下(我的主机以docker0 172.17.0.1中的地址的形式获取):

My docker bridge network is as follows (my host gets as address in docker0 172.17.0.1):

$ docker network inspect bridge
...
            "Config": [
            {
                "Subnet": "172.17.0.0/16",
                "Gateway": "172.17.0.1"
            }
...

在我的cntlm.conf中:

...
Listen          127.0.0.1:3128
Listen          172.17.0.1:3128
...
Gateway yes
Allow           127.0.0.1/32
Allow           172.17.0.0/16
Deny            0/0
...

使用此配置，cntlm将同时侦听localhost和docker bridge网络，仅允许来自任何docker容器的远程连接.

With this config, cntlm will listen to both localhost and the docker bridge network, only allowing remote connections from any docker container.

然后在使用npm构建映像时使用代理设置:

You then use the proxy settings when building your image with npm:

$ docker build --build-arg=HTTP_PROXY=http://172.17.0.1:3128 --build-arg=HTTPS_PROXY=http://172.17.0.1:3128 .

我希望能有所帮助，我知道在企业网络中做到所有这些都是皮塔饼！

I hope that helps, I know that making all of this in corporate networks is really a pita!

编辑2016年8月18日

我今天发现的事情是，如果您使用v2格式的docker-compose文件，则启动compose文件将为您的容器创建一个新的网络.这意味着您需要相应地修改cntlm文件，以接受来自这些新范围的连接.

Something I discovered today is, if you use docker-compose files with v2 format, starting the compose file will create a new network for your containers. This means that you need to adapt your cntlm file accordingly to accept connections from those new ranges.

作为一个例子，我的一个撰写文件刚刚在172.19.0.0/16下创建了一个网络，但是我的cntlm配置只允许来自172.17.0.0/16的连接.如果遇到连接问题，请检查系统日志以找出问题.

As an example, one of my compose files has just created a network under 172.19.0.0/16, but my cntlm config only allowed connections from 172.17.0.0/16. Check your syslog to identify the issue if you experience connection problems.

https://docs.docker.com/compose/networking/

这篇关于在代理之后无法为node.js应用构建docker镜像的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！