Hi there
Acccording to System Proxy — VyOS 1.4.x (sagitta) documentation
set system proxy url <url>
- Set proxy for all connections initiated by VyOS, including HTTP, HTTPS, and FTP (anonymous FTP).
So I set it accordingly.
set system proxy port '6152'
set system proxy url 'http://192.168.1.200'
Ensured the proxy was working as expected.
ouzy@vyos:~$ curl --connect-timeout 5 --proxy "192.168.1.200:6152" https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
Add system image also works.
ouzy@vyos:~$ add system image https://github.com/vyos/vyos-nightly-build/releases/download/1.5-rolling-202410060007/vyos-1.5-rolling-202410060007-generic-amd64.iso
Redirecting to https://objects.githubusercontent.com/github-production-release-asset-2e65be/674742659/716c77c5-404a-4c0d-bf94-5d39b9bd098d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241007%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241007T091412Z&X-Amz-Expires=300&X-Amz-Signature=d5b3dab062bbee9d57f714cec1b2756d87f1ead655fbd8a91e9fed78d7ee1acc&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dvyos-1.5-rolling-202410060007-generic-amd64.iso&response-content-type=application%2Foctet-stream
The file is 472.000 MiB.
[#####################################################################################################################################################] 100%
Validating signature
Signature is valid
Validating image checksums
What would you like to name this image? (Default: 1.5-rolling-202410060007)
....
Question: Why does Add Container not work as expected?
- Due to the connectivity issues on Docker Hub and GitHub, I expect the system proxy to also be functional for adding containers.
- my workaround so far is to add config in /etc/containers/registries.conf, example like below.
[[registry]]
prefix = 'docker.io'
location = '123.xyz.abc'
But, obviously, it’s not.
ouzy@vyos:~$ add container image seansuny/shellcrash
Resolving "seansuny/shellcrash" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/seansuny/shellcrash:latest...
time="2024-10-07T17:20:45+08:00" level=warning msg="Failed, retrying in 1s ... (1/3). Error: initializing source docker://seansuny/shellcrash:latest: pinging container registry registry-1.docker.io: Get \"https://registry-1.docker.io/v2/\": dial tcp 103.252.115.221:443: i/o timeout"
time="2024-10-07T17:21:46+08:00" level=warning msg="Failed, retrying in 1s ... (2/3). Error: initializing source docker://seansuny/shellcrash:latest: pinging container registry registry-1.docker.io: Get \"https://registry-1.docker.io/v2/\": dial tcp 128.121.243.76:443: i/o timeout"
time="2024-10-07T17:22:47+08:00" level=warning msg="Failed, retrying in 1s ... (3/3). Error: initializing source docker://seansuny/shellcrash:latest: pinging container registry registry-1.docker.io: Get \"https://registry-1.docker.io/v2/\": dial tcp 128.121.243.76:443: i/o timeout"
Trying to pull quay.io/seansuny/shellcrash:latest...
Error: 2 errors occurred while pulling:
* initializing source docker://seansuny/shellcrash:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp 128.121.243.76:443: i/o timeout
* initializing source docker://quay.io/seansuny/shellcrash:latest: reading manifest latest in quay.io/seansuny/shellcrash: unauthorized: access to the requested resource is not authorized
I confirmed those connections won’t be made via proxy if they are NOT initiated by VyOS.
ouzy@vyos:~$ wget https://cdn.jsdelivr.net/gh/xukecheng/scripts@main/v2dat
Connecting to 192.168.1.200:6152 (192.168.1.200:6152)
wget: error getting response