Docker behind a proxy requires restart on boot - linux

I apologise if I am posting this in the wrong section, I need some help and unsure where to turn to.
I am trying to run docker behind a proxy on a linux/ubuntu server machine. I have configured every proxy on the box (FTP/HTTPS/HTTP), I have also configured the Docker proxies mentioned here: https://docs.docker.com/config/daemon/systemd/#httphttps-proxy and https://stackoverflow.com/a/28093517/4261713
However, I have the docker service set to auto-start on machine boot, unless I log onto the machine and run sudo service docker restart those settings are ignored, and docker fails to use a proxy. This is all fine, we have a work around for local access, but I need to use this machine remotely using auto-builds/deployments etc. Therefore, the builds break without running that command.
Unfortunately I cannot get any help from Docker support, I have waited around 3 weeks for them to reply with no luck. This problem is more than likely me not understanding linux services/daemons. Can someone help me out?
To confirm what I have already tried:
I have created the http-proxy.conf in /etc/systemd/system/docker.service.d and created the Environment variable there for the proxy.
I have tried to modify the docker service init.d file by adding to the "DOCKER_OPTS" variable at the top using -e "HTTP_PROXY=http://addressofproxy:portofproxy" -e "HTTPS_PROXY=http://addressofproxy:portofproxy" However, this also has made no difference and I still need to restart the service after a reboot!
EDIT: I have also set/configured the client config in ~/.docker/config.json to have the proxies in. (as mentioned in the answers below by Kerat)
Any assistance is much appreciated, I am totally stuck with why it wont read the options in on startup.

This turned out to be a double instance installation. Confusingly ubuntu server comes with docker installed under package manager - snap, so installing under apt-get led to double installation.
I think this is a poor way to manage Ubuntu server, I would expect a plain, vanilla OS with nothing installed.. Hopefully this helps someone else in the future!

have you tried to configure the proxy in ~/.docker/config.json with :
{
"proxies":
{
"default":
{
"httpProxy": "http://127.0.0.1:3001",
"httpsProxy": "http://127.0.0.1:3001",
"noProxy": "*.test.example.com,.example2.com"
}
}
}
as mentionned at https://docs.docker.com/network/proxy/#configure-the-docker-client ?

Related

Multiple Linux Grafana Integration

I started with Grafana to monitor on-premise Linux Servers. I am using the Cloud Portal. On the Grafana Dashboard, I installed the Linux Server Integration using this tutorial -> https://grafana.com/docs/grafana-cloud/quickstart/agent_linuxnode/.
I used the command line on one server to setup the agent:
sudo ARCH=amd64 GCLOUD_STACK_ID="XXXXX" GCLOUD_API_KEY="xxxxx" GCLOUD_API_URL="https://integrations-api-eu-west.grafana.net" /bin/sh -c "$(curl -fsSL https://raw.githubusercontent.com/grafana/agent/release/production/grafanacloud-install.sh)"
sudo systemctl restart grafana-agent.service
It works perfectly with one server. However, when I added a new Remote Linux Server with the same command line, it replaced the previous server in the dashboard and I cannot select the other server. I feel I should not use the same command line, but I cannot find what parameters I should modify.
Did someone face the same issue and found a solution ?
Thank you in advance,
B.
PS: Ideally I would make it work using docker containers on each Linux Server, communicating to the Cloud Portal
Assume sudo systemctl restart grafana-agent.service is restarting a specific server with the execution command in /etc/systemd/system/grafana-agent.service
If you want to have another grafana-agent you need additional service file. For example: grafana-agent-2.service with different configuration.

How to run a docker container as a windows service

I have a windows service that I want to run in a docker container on Azure.
I would like to have the same setup when running the service locally, so I would like to run the same docker container locally as a windows service (I think?).
How would I do that? Or is there a better approach?
Thanks,
Michael
IMHO Michael asked how to start docker images without the need to have a user logged in. The docker restart flag actually only deals with starting images after docker is running. To get docker to run without logged in user (or after automatic windows updates) it seems to me you will also need to make a windows service that runs docker.
A good explanation for this part of the problem can be found here (no good solution has been found yet without paying for it - docker team ignored request to make this work without third party so far):
How to start Docker daemon (windows service) at startup without the need to log-in?
You can use the flag --restart=unless-stopped with the docker run command and the docker container will run automatically even if the server was shutdown.
Further read for the restart policy and flag here
but conditions apply - docker itself should always run on startup. which is default setting by itself.

How to enable the Docker Remote API on Windows

I am trying to use the Docker Remote API on a Windows 10 host machine. I am using Chrome's Postman extension to see if I can get results from the docker remote api's endpoints. Here are the endpoints that I've tried:
GET http://192.168.99.100:4243/images/json
GET http://192.168.99.100:2376/images/json
Both returned Connection to server 192.168.99.100 failed (The server is not responding)
After a few searches I found out that the Docker Remote API is not enabled by default on Windows. Most of the guides are for Ubuntu but I have found this particular one for Windows.
These are the steps that I performed on my machine
docker-machine ssh
cd /var/lib/boot2docker
sudo vi profile
Change DOCKER_HOST='H tcp://0.0.0.2376' to DOCKER_HOST='H tcp://0.0.0.2375'
change DOCKER_TLS=auto to DOCKER_TLS=no
export DOCKER_HOST='-H tcp://0.0.0.2375'
export DOCKER_TLS_VERIFY=0
env | grep DOCKER
docker-machine restart
docker-machine env
docker-machine regenerate-certs
After performing the steps above, I did try again the endpoints on Postman but I still get the same result.
Can you perhaps give a little help if I have missed a step? Or am I on track?
Also, to answer some of my queries.
Is the docker remote api port for Windows 2375 and 4243 for Linux?
Is DOCKER_HOST for Windows and DOCKER_OPTS for Linux?
Switch your docker to windows container
Got to C:\ProgramData\Docker\config
in deamon.json file
add "hosts": ["tcp://0.0.0.0:2376", "npipe://"]
restart docker.
give command : docker -H tcp://0.0.0.0:2376 ps
The Remote API is now enabled by default on Windows (see ticket here).
It is reachable at http:\\localhost:2375 indeed (tested it).
I faced the same issue and found a quick solution for this. Just open docker settings and enable "Expose daemon on TCP..." checkbox. Docker will start automatically and the problem should be solved.Please find the image attached for reference
using docker desktop, go to settings and check "Expose daemon on tcp://localhost:2375 without TLS"

Run IIS Windows container

I have followed this (IIS Windows Container) https://hub.docker.com/r/microsoft/iis/ and am running into this (Not authorised) https://github.com/docker/docker/issues/21558 is it just me? Am i doing something wrong? Or does this just not work yet?
I'm running Windows 10 (Build 14931) in VM Ware with Docker beta 1.12.2-Beta28
ps I don't have enough rep to create windows-containers as a tag...
No the Docker image is fine on Win10 - you may be hitting the loopback problem, where you can't connect via localhost or 127.0.0.1 because of a limitation in the Windows network stack.
Try this:
docker run -d -p 80:80 --name iis microsoft/iis
docker inspect --format '{{ .NetworkSettings.Networks.nat.IPAddress }}' iis
The second line will give you the NAT IP address of the container, and you should be able to browse to http://{container-ip} and see the IIS welcome page.
Incidentally, if you're using the VM just to work with Docker, you'd be better off using Windows Server 2016 - you can use Windows Server Containers instead of Hyper-V Containers, and they're quite a bit faster to start.
For future me / people having the same issue. Firstly definitely follow Elton's advice the links provided make for a much better dockerfile / experience when building the container. However the issue (for me) was that I don't think I was copying / adding the files to the build. {Oops} Still not clear what magic is done on the Nerd-dinner clone so that it imports the correct files but that gav e the hint I needed
https://github.com/sixeyed/nerd-dinner/blob/dockerize-part1/docker/Dockerfile
https://blog.sixeyed.com/windows-dockerfiles-and-the-backtick-backslash-backlash/

Using a Cron Job to check if my mod_wsgi / apache server is running and restart

my group and I are running a server that is based upon Django and uses mod_wsgi to run an Apache server. We will not be working on this project after it is over, so I am attempting to set up cronjob similar functionality to check if the apache server has shut down(system restart or power failure), and if it has, will restart the server for me. I've found documentation on how to check if an apache server is down and restart the server if it is, but our server uses https and thus our start command is pretty verbose.
Can I simply use the functionality provided in these examples:
https://askubuntu.com/questions/277389/cron-job-to-restart-apache
https://www.digitalocean.com/community/tutorials/how-to-use-a-simple-bash-script-to-restart-server-programs
Or do I need a much more complicated process to make this happen?
The command we use to initially start the server is
python manage.py runmodwsgi --host 0.0.0.0 --port 8001 --https-port 8000 --ssl-certificate (certificate Location) --server-name (Domain Name)
I'm pretty new to Linux and using both Mod-wsgi as well as Apache so any help is greatly appreciated.
I suppose it is not good way to resolve this problem.
I recommend you use monit (https://mmonit.com/). It is cool program for checking services.
apt-get install monit
Apache restart configuration directives:
check process httpd with pidfile /var/run/httpd.pid
group apache
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
if failed host 127.0.0.1 port 80
protocol http then restart
if 5 restarts within 5 cycles then timeout
You are better off using the --setup-only option to mod_wsgi-express or the Django integration for it, to generate the configuration but not run it. Then as others have mentioned, integrate it into the system service manager.
The two commands for starting and stopping the Apache/mod_wsgi instance would be apachectl start and apachectl stop, where apachectl is that which was generated when running with the additional --setup-only option.
When running it as a system service, also make sure you use the --server-root option to specify a more persistent location for the generated configuration. Do not use the default under /tmp if running for anything but temporary development sessions as some Linux systems will remove files under /tmp causing things to start failing after a while.
Also, since under a service manager it would generally be starting as root, particularly if listening on port 80 is a requirement, ensure you use the --user and --group options to specify what user/group your Python web application should run as.
Read:
https://pypi.python.org/pypi/mod_wsgi
for more details of the --setup-only option and start-server commands for generating the configuration. Because you are using the Django integration, you will need to use the --setup-only option.
For more informed helped, bring your issue to the mod_wsgi mailing list. The mod_wsgi-express way of running Apache/mod_wsgi is new enough that unlikely that anyone here is really going to know much about it.
There is no need to do this at all. There is no reason to start up Apache manually; once it's installed as a system service, Ubuntu will start it up automatically on restart or crash.
You should reflect on why you feel the need to do this for Apache specifically, and not any of the other system services you depend on, such as the database.

Resources