Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running apk commands behind proxy fails #171

Closed
nrvnrvn opened this issue May 10, 2016 · 6 comments
Closed

Running apk commands behind proxy fails #171

nrvnrvn opened this issue May 10, 2016 · 6 comments

Comments

@nrvnrvn
Copy link

nrvnrvn commented May 10, 2016

Environment variables are set up properly. But running apk update for instance just hangs. It looks like an upstream issue. If so, point where to file it.
@nrvnrvn
Copy link
Author

nrvnrvn commented May 17, 2016

Turned out that {http,https}_proxy variables must contain scheme, not only host and port. So setting http_proxy=proxy.example.com won't work but http_proxy=http://proxy.example.com will do.

@nrvnrvn nrvnrvn closed this as completed May 17, 2016
@jfloff jfloff mentioned this issue Mar 30, 2017
Closed
@hichamuntitled hichamuntitled mentioned this issue Sep 27, 2018
Closed
@Duke4848
Copy link

Where do you put the proxy url? Could you specify file and command format please?

@JFLarvoire
Copy link

apk update still fails with a timeout for me, despite having carefully entered the protocol in all proxy variables.
(And that proxy variable setting works for all other Linux distributions I use.)
This is Alpine Linux v3.13.0 with BusyBox v1.32.1.

Our proxy uses port 8080. Could it be that apk does not process the port?
ex:

export http_proxy='http://proxy.example.com:8080'

Note that BusyBox's wget does not work either. Contrary to apk, it does not time out, but fails with error:

/tmp # wget https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
Connecting to proxy.example.com:8080 (1.2.3.4:8080)
wget: server returned error: HTTP/1.1 400 Bad Request
/tmp #

Again, wget (The real one though) works in all other distributions I've used.

@NeroBurner
Copy link

it seems there is a problem with newest wget https request over a http-proxy

I worked around this bug by using http repositories instead of https

sed -i.bak 's+https://+http://+' /etc/apk/repositories

@abdennour
Copy link 

FROM abdennour/alpine:3.14-ssl

RUN openssl x509 -inform der -in COMPANY.der -out /usr/local/share/ca-certificates/company-cert.crt && \
   cat /usr/local/share/ca-certificates/company-cert.crt >> /etc/ssl/certs/ca-certificates.crt && \
   update-ca-certificates

EXPLAINED!

  1. Request the CA certificate from the team who purchased the SSL Certificates.
    Tell them provide me the certificate file "*.der"

  2. Got it ? convert it to .cert file

RUN openssl x509 -inform der -in COMPANY.der -out /usr/local/share/ca-certificates/company-cert.crt && \
   cat /usr/local/share/ca-certificates/company-cert.crt >> /etc/ssl/certs/ca-certificates.crt && \
   update-ca-certificates

But this requires to have openssl ca-certificates packages in the image.
And because you can't install anything, then you can rely on alpine image which includes at least these two packages, like my base image:

FROM abdennour/alpine:3.14-ssl

@dariusj1
Copy link

apparently, apk cares greatly about the protocol. Not only you have to specify it, but you also must specify a correct one. What I mean by that is that

HTTP_PROXY=http://<proxy_address> 
HTTPS_PROXY=https://<proxy_address>

mind the httpS://

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@abdennour @nrvnrvn @NeroBurner @JFLarvoire @Duke4848 @dariusj1