Skip to content

buildctl attempts to use configured HTTP_PROXY/HTTPS_PROXY for local unix:// address #6002

Closed
Bug
#6011
Closed
buildctl attempts to use configured HTTP_PROXY/HTTPS_PROXY for local unix:// address#6002
Bug
#6011
Labels
status/triage
@Nunction

Description

@Nunction
Nunction
opened on May 30, 2025

Contributing guidelines and issue reporting guide

Well-formed report checklist

  • I have found a bug that the documentation does not mention anything about my problem
  • I have found a bug that there are no open or closed issues that are related to my problem
  • I have provided version/information about my environment and done my best to provide a reproducer

Description of bug

Bug description

It seems that buildctl now attempts to to use the configured proxy for connections to unix:// addresses which results in proxy errors as they can not reach a local socket address. I am not sure if a unix:// could ever be reached via proxy and this is intended behavior but I would assume that the proxy should only be used for tcp:// style addresses.

Reproduction

Running buildctl with a configured proxy results in an error response from the proxy being printed with it being unable to find the requested address.

# export BUILDKIT_HOST=unix:///run/buildkit/buildkitd.sock
# export HTTP_PROXY=http://proxy.example.com:3128
# export HTTPS_PROXY=http://proxy.example.com:3128
# export http_proxy=http://proxy.example.com:3128
# export https_proxy=http://proxy.example.com:3128
# buildctl debug workers

error: failed to list workers: Unavailable: connection error: desc = "transport: Error while dialing: failed to do connect handshake, response: \"HTTP/1.1 503 Service Unavailable\\r\\nContent-Length: 3614\\r\\nContent-Language: en\\r\\nContent-Type: text/html;charset=utf-8\\r\\nDate: Fri, 30 May 2025 07:39:05 GMT\\r\\nMime-Version: 1.0\\r\\nServer: squid/3.5.27\\r\\nVary: Accept-Language\\r\\nX-Squid-Error: ERR_DNS_FAIL 0\\r\\n\\r\\n<!DOCTYPE html PUBLIC \\\"-//W3C//DTD HTML 4.01//EN\\\" \\\"http://www.w3.org/TR/html4/strict.dtd\\\">\\n<html><head>\\n<meta type=\\\"copyright\\\" content=\\\"Copyright (C) 1996-2017 The Squid Software Foundation and contributors\\\">\\n<meta http-equiv=\\\"Content-Type\\\" content=\\\"text/html; charset=utf-8\\\">\\n<title>ERROR: The requested URL could not be retrieved</title>\\n<style type=\\\"text/css\\\"><!-- \\n /*\\n * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\\n *\\n * Squid software is distributed under GPLv2+ license and includes\\n * contributions from numerous individuals and organizations.\\n * Please see the COPYING and CONTRIBUTORS files for details.\\n */\\n\\n/*\\n Stylesheet for Squid Error pages\\n Adapted from design by Free CSS Templates\\n http://www.freecsstemplates.org\\n Released for free under a Creative Commons Attribution 2.5 License\\n*/\\n\\n/* Page basics */\\n* {\\n\\tfont-family: verdana, sans-serif;\\n}\\n\\nhtml body {\\n\\tmargin: 0;\\n\\tpadding: 0;\\n\\tbackground: #efefef;\\n\\tfont-size: 12px;\\n\\tcolor: #1e1e1e;\\n}\\n\\n/* Page displayed title area */\\n#titles {\\n\\tmargin-left: 15px;\\n\\tpadding: 10px;\\n\\tpadding-left: 100px;\\n\\tbackground: url('/squid-internal-static/icons/SN.png') no-repeat left;\\n}\\n\\n/* initial title */\\n#titles h1 {\\n\\tcolor: #000000;\\n}\\n#titles h2 {\\n\\tcolor: #000000;\\n}\\n\\n/* special event: FTP success page titles */\\n#titles ftpsuccess {\\n\\tbackground-color:#00ff00;\\n\\twidth:100%;\\n}\\n\\n/* Page displayed body content area */\\n#content {\\n\\tpadding: 10px;\\n\\tbackground: #ffffff;\\n}\\n\\n/* General text */\\np {\\n}\\n\\n/* error brief description */\\n#error p {\\n}\\n\\n/* some data which may have caused the problem */\\n#data {\\n}\\n\\n/* the error message received from the system or other software */\\n#sysmsg {\\n}\\n\\npre {\\n    font-family:sans-serif;\\n}\\n\\n/* special event: FTP / Gopher directory listing */\\n#dirmsg {\\n    font-family: courier;\\n    color: black;\\n    font-size: 10pt;\\n}\\n#dirlisting {\\n    margin-left: 2%;\\n    margin-right: 2%;\\n}\\n#dirlisting tr.entry td.icon,td.filename,td.size,td.date {\\n    border-bottom: groove;\\n}\\n#dirlisting td.size {\\n    width: 50px;\\n    text-align: right;\\n    padding-right: 5px;\\n}\\n\\n/* horizontal lines */\\nhr {\\n\\tmargin: 0;\\n}\\n\\n/* page displayed footer area */\\n#footer {\\n\\tfont-size: 9px;\\n\\tpadding-left: 10px;\\n}\\n\\n\\nbody\\n:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }\\n:lang(he) { direction: rtl; }\\n --></style>\\n</head><body id=ERR_DNS_FAIL>\\n<div id=\\\"titles\\\">\\n<h1>ERROR</h1>\\n<h2>The requested URL could not be retrieved</h2>\\n</div>\\n<hr>\\n\\n<div id=\\\"content\\\">\\n<p>The following error was encountered while trying to retrieve the URL: <a href=\\\"https://http/1.1/*\\\">https://http/1.1/*</a></p>\\n\\n<blockquote id=\\\"error\\\">\\n<p><b>Unable to determine IP address from host name <q>http/1.1</q></b></p>\\n</blockquote>\\n\\n<p>The DNS server returned:</p>\\n<blockquote id=\\\"data\\\">\\n<pre>Name Error: The domain name does not exist.</pre>\\n</blockquote>\\n\\n<p>This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.</p>\\n\\n<p>Your cache administrator is <a href=\\\"mailto:REDACTED">noc@REDACTED</a>.</p>\\n<br>\\n</div>\\n\\n<hr>\\n<div id=\\\"footer\\\">\\n<p>Generated Fri, 30 May 2025 07:39:05 GMT by REDACTED (squid/3.5.27)</p>\\n<!-- ERR_DNS_FAIL **-->\\n</div>\\n</body></html>\\n\""

As a workaround / as verification that it is proxy related:
Setting .sock as a no proxy domain results in buildctl functioning like normal.

# export NO_PROXY=".sock"
# export no_proxy=".sock"

Version information

moby/buildkit@sha256:bd26cba1017fc236480bc4ecc0da799a6ad550d481c50bafe5fb468bd50c83a5

BuildKit: github.com/moby/buildkit ab80544 ab80544b39204300712c4415a0f8722ceee033c3

According to our CI pipelines this change was introduced sometime after:

BuildKit: github.com/moby/buildkit 7a94b80 7a94b8034f2a897c8450a2c7642f91d11f104bf9

Metadata

Metadata

Assignees

No one assigned

    Labels

    status/triage

    Type

    Bug

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions