Unable to update docker images using external proxy

Cory Candia

unread,

Feb 28, 2019, 9:23:16 AM2/28/19

to security-onion

I'm at a loss for getting the last piece of SO to update through our proxy server. apt-get is able to successfully get updates, as well as pulled pork. This makes docker the only piece I can't get right.

I would greatly appreciate anyone's assistance.

Our security onion doesn't have direct internet access (no NAT), so he uses a proxy server (Sophos UTM 9). As stated, apt and pulled pork are happy.

When I attempt to update docker, I see the following output:
========================================
Checking for updates...
E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/lib/apt/lists/

Checking Security Onion Docker image status...
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-curator update.
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-domainstats update.
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-elastalert update.
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-elasticsearch update.
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-freqserver update.
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-kibana update.
Error: error contacting notary server: proxyconnect tcp: EOF
Error checking for so-logstash update.
============================================

I used steps on the proxy setup guide, and he's the related config files:

----------
***********:~$ cat /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

export http_proxy=http://192.168.3.5:8080
export https_proxy=https://192.168.3.5:8080
export ftp_proxy=https://192.168.3.5:8080
export PERL_LWP_ENV_PROXY=https://192.168.3.5:8080
export no_proxy="localhost,127.0.0.1"
----------
***********:~$ cat /etc/systemd/system/docker.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.3.5:8080/" "HTTPS_PROXY=https://192.168.3.5:8080/" "NO_PROXY=127.0.0.1,localhost,.FQDN.TLD"
-----------
***********:~$ cat /etc/default/docker
# If you need Docker to use an HTTP proxy, it can also be specified here.
export http_proxy="http://192.168.3.5:8080/"
export https_proxy="https://192.168.3.5:8080/"
#export http_proxy="http://127.0.0.1:3128/"
(Did this one also just in case)
-----------

I have been using sudo -i soup to run the update, but I have also tried just using sudo soup. Neither one is successful.

I have checked with the proxy server, I have configured it to not block anything from ubuntu.com and ppa.launchpad.net for that host.

Any ideas?

Thanks

Cory Candia

unread,

Feb 28, 2019, 9:25:54 AM2/28/19

to security-onion

Sorry, forgot version

SO 16.04.5.6 ISO

Cory Candia

unread,

Feb 28, 2019, 9:30:58 AM2/28/19

to security-onion

On Thursday, February 28, 2019 at 9:25:54 AM UTC-5, Cory Candia wrote:
> Sorry, forgot version
>
> SO 16.04.5.6 ISO

Further clarification:
Ubuntu 16.04.6 LTS
securityonion-sostat 20120722-0ubuntu0securityonion121

-------------------
When I said apt was working, I meant to say OS packages were getting updates, like openssl, other OS packages.

Michael Bera

unread,

May 9, 2019, 12:44:37 PM5/9/19

to security-onion

I have been experiencing similar problems with getting docker images to update. The rest of the updates appear to work as expected.
The error messages I have been getting are different, witch are:
Starting Docker service...

Checking Security Onion Docker image status...