[ZBXNEXT-3779] Add optional HTTP proxy support for local builds by docker-compose Created: 2017 Apr 06  Updated: 2021 Aug 14

Status: Open
Project: ZABBIX FEATURE REQUESTS
Component/s: Installation (I)
Affects Version/s: None
Fix Version/s: None

Type: Change Request Priority: Major
Reporter: Marc Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: docker, docker-compose, httpproxy, svn
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File ZbxNext3779.diff    
Issue Links:
Duplicate

 Description   

The "...local.yaml" docker-compose files offer a way to build working Zabbix environments from scratch in a very easy manner - by firing a single command.

In many companies there is no direct internet access available. Instead one has to use a HTTP proxy.

Unfortunately it's not just about adding some "*_proxy" environment variables as the SVN protocol cannot be tunneled out-of-the-box through an HTTP proxy.
Obvious options to me are either switching from SVN to HTTP(S) or making use of an HTTP CONNECT tunnel application inside the containers.



 Comments   
Comment by Marc [ 2017 Apr 09 ]

Attached file ZbxNext3779.diff adds optional HTTP proxy support to local builds.
In order to do local builds behind a HTTP proxy, it just needs to properly set the shell variables http_proxy and https_proxy in advance of running docker-compose. The latter will be also used to tunnel Subversion connections.

Some explanations...

Consideration of http_proxy, resp. https_proxy environment variables:

--- a/docker-compose_v2_alpine_pgsql_local.yaml
+++ b/docker-compose_v2_alpine_pgsql_local.yaml
@@ -1,7 +1,11 @@
 version: '2'
 services:
  zabbix-server:
-  build: ./server-pgsql/alpine
+  build:
+   context: ./server-pgsql/alpine
+   args:
+    - http_proxy=${http_proxy}
+    - https_proxy=${https_proxy}
   image: zabbix-server-pgsql:alpine-local
   ports:
    - "10051:10051"
--- a/server-pgsql/alpine/Dockerfile
+++ b/server-pgsql/alpine/Dockerfile
@@ -5,6 +5,8 @@ ARG APK_FLAGS_COMMON="-q"
 ARG APK_FLAGS_PERSISTANT="${APK_FLAGS_COMMON} --clean-protected --no-cache"
 ARG APK_FLAGS_DEV="${APK_FLAGS_COMMON} --no-cache"
 ARG DB_TYPE=postgresql
+ARG http_proxy
+ARG https_proxy
 ENV TERM=xterm
 ENV MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL

Tunneling of the Subversion protocol via Netcat through a HTTP proxy:

@@ -41,6 +43,7 @@ RUN addgroup zabbix && \
             libldap \
             libcurl \
             openipmi-libs \
+            netcat-openbsd \
             libssh2 && \
     rm -rf /var/cache/apk/*

@@ -49,7 +52,19 @@ ARG ZBX_VERSION=${MAJOR_VERSION}.4
 ARG ZBX_SOURCES=svn://svn.zabbix.com/tags/${ZBX_VERSION}/
 ENV ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} DB_TYPE=${DB_TYPE}

-RUN apk add ${APK_FLAGS_DEV} --virtual build-dependencies \
+RUN [ $https_proxy ] && { \
+      PXY_HOST=$( echo $https_proxy | sed -rn 's%^([^:]+://)?([^/:]+)(:[0-9]+)?.*%\2%p' ) ; \
+      PXY_PORT=$( echo $https_proxy | sed -rn 's%^([^:]+://)?([^/:]+)(:([0-9]+))?.*%\4%p' ) ; \
+      SVN_PROXY=${PXY_HOST}:${PXY_PORT:-3128} ; \
+      SVN_HOST=$( echo $ZBX_SOURCES | sed -rn 's%^([^:]+://)?([^/:]+)(:[0-9]+)?.*%\2%p' ) ; \
+      SVN_PORT=$( echo $ZBX_SOURCES | sed -rn 's%^([^:]+://)?([^/:]+)(:[0-9]+)?.*%\3%p' ) ; \
+      SVN_PORT=${SVN_PORT:-3690} ; \
+      ZBX_SOURCES=$( echo $ZBX_SOURCES | sed -rn 's%^([^:]+://)?([^/:]+)(:[0-9]+)?(.*)%\1127.0.0.1\4%p' ) ; \
+      SVN_PIPE=$( mktemp -ut svn-proxy.XXXXXXXXXX ) ; \
+      mkfifo $SVN_PIPE ; \
+      nc -klw3 3690 < $SVN_PIPE | nc -X connect -x "$SVN_PROXY" "$SVN_HOST" "$SVN_PORT" > $SVN_PIPE & \
+    } ; \
+    apk add ${APK_FLAGS_DEV} --virtual build-dependencies \
             alpine-sdk \
             coreutils \
             automake \
@@ -100,7 +115,8 @@ RUN apk add ${APK_FLAGS_DEV} --virtual build-dependencies \
     rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \
     apk del ${APK_FLAGS_COMMON} --purge \
             build-dependencies && \
-    rm -rf /var/cache/apk/*
+    rm -rf /var/cache/apk/* && \
+    [ -e $SVN_PIPE ] && rm -f $SVN_PIPE

 EXPOSE 10051/TCP 162/UDP

Comment by Marc [ 2017 Apr 10 ]

For the record, the installation of netcat-openbsd is only required for Alpine based images.

Generated at Fri Mar 29 10:32:10 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.