David M. Karr (83) [Avatar] Offline
#1
Section "6.2.1. Using an emptyDir volume" has a problem that I ran into in earlier sections, and will probably hit many more times. The build of the "fortune" image fails when run behind a proxy.

I see the following:

Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [14.8 kB]
Err:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)


The fix is to configure the image so that apt has proxy information. This could be done by writing a custom apt.conf file to dump into the image, but it's likely easier to just set the http_proxy and https_proxy environment variables in the Dockerfile, making sure they are BEFORE the apt calls, like this:

FROM ubuntu:latest
ENV http_proxy "http://proxyhost:proxyport"
ENV https_proxy "http://proxyhost:proxyport"
RUN apt-get update ; apt-get -y install fortune
ADD fortuneloop.sh /bin/fortuneloop.sh
ENTRYPOINT /bin/fortuneloop.sh
Marko Lukša (67) [Avatar] Offline
#2
It may be better to set build-time environment variables by running the build like this:

docker build --build-arg http_proxy=... -t myimage .


This way, if you build the image behind a corporate proxy, but then someone runs it outside of the company, the containers created from the image will not use the proxy. If you set the environment variables in the Dockerfile, they would also be set every time the container runs.