apk authenticated proxy issue
Hey!
Using apk to install stuff behind a proxy does not work. It seems that there are no credentials provided to the proxy. This occurs only when requesting https urls. The following commands provide a quick way to reproduce this issue. You can use squid.conf as squid config.
How to reproduce?
Terminal 1:
docker run --rm -p 3128:3128 --volume $PWD/squid.conf:/etc/squid/squid.conf --volume $PWD/logs:/var/log/squid/ sameersbn/squid
Terminal 2:
tail -f logs/access.log
Terminal 3:
docker run --rm -it alpine
export http_proxy=http://alpine:xxx@172.17.0.1:3128
export https_proxy=http://alpine:xxx@172.17.0.1:3128
-
apk add --no-cache curl
-> fails sed -i 's/https/http/g' /etc/apk/repositories
-
apk add --no-cache curl
-> works curl https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz -I
Logs
failing request because no authentication to the proxy is provided:
proxy:
1615899619.390 0 172.17.0.1 TCP_DENIED/407 3981 CONNECT dl-cdn.alpinelinux.org:443 - HIER_NONE/- text/html
alpine:
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: Permission denied
working request when using http
proxy:
1615899677.349 260 172.17.0.1 TCP_MISS/200 631652 GET http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz alpine HIER_DIRECT/151.101.114.133 application/octet-stream
alpine:
fetch http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
example with curl to demonstrate that the requested url is available via https
HTTP/1.1 200 Connection established
HTTP/2 200
server: nginx
content-type: application/octet-stream
last-modified: Tue, 16 Mar 2021 10:59:20 GMT
etag: "60508f88-9a0ed"
strict-transport-security: max-age=31536000
x-frame-options: DENY
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 16 Mar 2021 13:10:25 GMT
age: 3
x-served-by: cache-lga21962-LGA, cache-hhn4059-HHN
x-cache: HIT, HIT
x-cache-hits: 2, 2
x-timer: S1615900225.337001,VS0,VE0
content-length: 631021