Running apk commands behind proxy fails

Question

Running apk commands behind proxy fails

nrvnrvn opened this issue 9 years ago · 6 comments

Environment variables are set up properly. But running apk update for instance just hangs. It looks like an upstream issue. If so, point where to file it.

Answer 1 · 2016-05-17T21:23:45.000Z

Turned out that {http,https}_proxy variables must contain scheme, not only host and port. So setting http_proxy=proxy.example.com won't work but http_proxy=http://proxy.example.com will do.

Answer 2 · 2020-08-21T05:58:59.000Z

Where do you put the proxy url? Could you specify file and command format please?

Answer 3 · 2021-01-25T17:41:35.000Z

apk update still fails with a timeout for me, despite having carefully entered the protocol in all proxy variables.
(And that proxy variable setting works for all other Linux distributions I use.)
This is Alpine Linux v3.13.0 with BusyBox v1.32.1.

Our proxy uses port 8080. Could it be that apk does not process the port?
ex:

export http_proxy='http://proxy.example.com:8080'

Note that BusyBox's wget does not work either. Contrary to apk, it does not time out, but fails with error:

/tmp # wget https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
Connecting to proxy.example.com:8080 (1.2.3.4:8080)
wget: server returned error: HTTP/1.1 400 Bad Request
/tmp #

Again, wget (The real one though) works in all other distributions I've used.

Answer 4 · 2021-01-26T08:52:34.000Z

it seems there is a problem with newest wget https request over a http-proxy

I worked around this bug by using http repositories instead of https

sed -i.bak 's+https://+http://+' /etc/apk/repositories

Answer 5 · 2022-01-12T17:08:03.000Z

FROM abdennour/alpine:3.14-ssl

RUN openssl x509 -inform der -in COMPANY.der -out /usr/local/share/ca-certificates/company-cert.crt && \
   cat /usr/local/share/ca-certificates/company-cert.crt >> /etc/ssl/certs/ca-certificates.crt && \
   update-ca-certificates

EXPLAINED!

Request the CA certificate from the team who purchased the SSL Certificates.
Tell them provide me the certificate file "*.der"
Got it ? convert it to .cert file

RUN openssl x509 -inform der -in COMPANY.der -out /usr/local/share/ca-certificates/company-cert.crt && \
   cat /usr/local/share/ca-certificates/company-cert.crt >> /etc/ssl/certs/ca-certificates.crt && \
   update-ca-certificates

But this requires to have openssl ca-certificates packages in the image.
And because you can't install anything, then you can rely on alpine image which includes at least these two packages, like my base image:

FROM abdennour/alpine:3.14-ssl

Answer 6 · 2024-06-27T14:14:57.000Z

apparently, apk cares greatly about the protocol. Not only you have to specify it, but you also must specify a correct one. What I mean by that is that

HTTP_PROXY=http://<proxy_address> 
HTTPS_PROXY=https://<proxy_address>

mind the httpS://