Darius Knowledge Hub

Fixing Continental Proxy & Certificate Errors in Docker

2 min read

Fixing Continental Proxy & Certificate Errors in Docker

Created: =dateformat(this.file.ctime,"dd MMM yyyy, hh:mm a") | Modified: =dateformat(this.file.mtime,"dd MMM yyyy, hh:mm a") Tags: knowledge

For errors such as:

  • ProxyError('Cannot connect to proxy.'
  • Failed to establish a new connection: [Errno 111] Connection refused
  • SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain
  • 'ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 407 Proxy authentication required'))'

Add the following to Dockerfile, and ensure --network host is called in the docker build command.

#######################################################################################
##################### Continental Specific Build Settings [BEGIN] #####################
## Referenced from https://github-am.geo.conti.de/ADAS/llf_bev/blob/main/Dockerfile ###
##                                                                                  ###
## Note when using Singapore local workstations configured using CNTLM:             ###
## - Ensure build is called with `--network host` flag                              ###
##   e.g. `docker build docker/ --no-cache --rm --network host -t mmdetection3d `   ###
##   or   `docker build docker/ --no-cache --rm --network host -t c-adas-dlc-dl-    ###
##           project-mtl-heat-docker-l.eu.artifactory.conti.de/mmdetection3d:0.0.1` ###
##                                                                                  ###
#######################################################################################
 
# Proxy settings for PIP and APT
ENV HTTP_PROXY=http://sia-proxy.geo.int.automotive-wan.com:3128
ENV HTTPS_PROXY=http://sia-proxy.geo.int.automotive-wan.com:3128
ENV PIP_PROXY=${HTTP_PROXY}
RUN echo 'use_proxy=on' >> .wgetrc && \
    echo "http_proxy=${HTTP_PROXY}" >> .wgetrc && \
    echo "https_proxy=${HTTPS_PROXY}" >> .wgetrc && \
    printf 'Acquire::http::Proxy "%s";' "${HTTP_PROXY}" > /etc/apt/apt.conf && \
    printf 'Acquire::https::Proxy "%s";' "${HTTPS_PROXY}" >> /etc/apt/apt.conf
 
# Configure APT to avoid interactive installs (human interaction)
ENV DEBIAN_FRONTEND=noninteractive
 
# Install Conticertifi to handle certificates for PIP installations
RUN python3 -m pip install --index=https://eu.artifactory.conti.de/artifactory/api/pypi/c_adas_cip_pypi_v/simple conticertifi \
    && conticertifi configure_pip --force \
    && python3 -m pip config set global.find-links https://download.pytorch.org/whl/torch_stable.html
RUN CONTICERTS_PATH=$(conticertifi cert)
ENV REQUESTS_CA_BUNDLE=$CONTICERTS_PATH
 
#######################################################################################
###################### Continental Specific Build Settings [END] ######################
#######################################################################################

CNTLM Terence Config

Proxy       sia-proxy.geo.conti.de:3128
NoProxy     localhost, 127.0.0.*, 10.*, 192.168.*, *.conti.de, *.contiwan.com
Listen      3128
Username    uia73082
Domain      cw01.contiwan.com
PassNTLMv2  3EA66161333D289F252FD3C9A1AF2821

#
# Cntlm Authentication Proxy Configuration
#
Proxy           sia-proxy.geo.conti.de:3128
NoProxy         localhost, 127.0.0.*, 10.*, 192.168.*, *.conti.de, *.contiwan.com
Listen          3128
Username        uif60367
Domain          cw01.contiwan.com
PassNTLMv2      D2194F5B44EC884237CB7B7D7878B0F4

On a cntlm configured machine, how to enable docker / network access:


mkdir ~/.docker/
sudo nano ~/.docker/config.json
	{
	 "proxies":
	 {
	   "default":
	   {
	     "httpProxy": "http://localhost:3128",
	     "httpsProxy": "http://localhost:3128",
	     "noProxy": "localhost,127.0.0.0/8,.automotive-wan.com"
	   }
	 }
	}


ls /usr/local/share/ca-certificates
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp ./AUMOVIO_Certs/AutomotiveSubCATLS.crt /usr/local/share/ca-certificates/extra/
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
sudo nano /etc/apt/apt.conf.d/95proxies
	Acquire::http::Proxy "http://localhost:3128/";
	Acquire::https::Proxy "http://localhost:3128/";
	Acquire::ftp::Proxy "ftp://localhost:3128/";

add it to your .bashrc / .zshrc:

# For requests, pip, and many other python tools
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

# For libraries using standard OpenSSL defaults (often including httpx)
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

Graph View

Backlinks