Cannot initiate the connection to archive.ubuntu.com:80

[quiet-ranger]

I am behind a corporate firewall and I have already followed the instructions on this page:
https://github.com/docker/kitematic/wiki/Common-Proxy-Issues-&-Fixes

Thanks to that I am able to access the docker hub. However, "docker build" is failing at the point the container is instructed to install new software. Here is the relevant extract from the console:

Step 2 : RUN apt-get -y update && apt-get install -y fortunes
 ---> Running in 807d07e2e626
Err http://archive.ubuntu.com trusty InRelease

Err http://archive.ubuntu.com trusty-updates InRelease

Err http://archive.ubuntu.com trusty-security InRelease

Err http://archive.ubuntu.com trusty Release.gpg
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]

Thank you in advance. Now the mandatory info:

$ docker version
Client:
Version: 1.10.1
API version: 1.22
Go version: go1.5.3
Git commit: 9e83765
Built: Thu Feb 11 19:14:21 2016
OS/Arch: windows/amd64

Server:
Version: 1.10.1
API version: 1.22
Go version: go1.5.3
Git commit: 9e83765
Built: Thu Feb 11 20:39:58 2016
OS/Arch: linux/amd64

$ docker info
Containers: 6
Running: 0
Paused: 0
Stopped: 6
Images: 2
Server Version: 1.10.1
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 24
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: host bridge null
Kernel Version: 4.1.17-boot2docker
Operating System: Boot2Docker 1.10.1 (TCL 6.4.1); master : b03e158 - Thu Feb 11 22:34:01 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 996.2 MiB
Name: default
ID: OGZY:HQCY:WTZS:PRYZ:HGDH:2LMR:26A4:DVXN:SI3L:WUWR:FHJ6:TIMB
Debug mode (server): true
File Descriptors: 10
Goroutines: 22
System Time: 2016-02-17T11:30:39.087794072Z
EventsListeners: 0
Init SHA1:
Init Path: /usr/local/bin/docker
Docker Root Dir: /mnt/sda1/var/lib/docker
Http Proxy: http://proxy1.audatex.es:80
Https Proxy: http://proxy1.audatex.es:80
Labels:
provider=virtualbox

$ uname -a
MINGW64_NT-6.1 AXES-1056 2.4.0(0.292/5/3) 2016-01-07 19:39 x86_64 Msys

[mavenugo]

As per the logs archive.ubuntu.com:80 (2001:67c:1360:8c01::18), the ubuntu server is resolving to an IPV6 address and it seems it is not reachable. Can you pls check your configurations and confirm the ipv6 behavior ?
ping @sanimej

[quiet-ranger]

I would check if I knew exactly what to. Which files should I look into or what commands would help me here?

[HackToday]

I think you need check your

ping archive.ubuntu.com

and also what's your host ifconfig related configuration.

[vponcelo]

I have the same problem I explain in this post, and ping archive.ubuntu.com works but docker run ubuntu ping archive.ubuntu.com returns this:

ping: unknown host archive.ubuntu.com

From the post I linked, it seems is a problem of the host DNS when you don't specify explicitly non-local DNS such as those from Google, for example for security or institutional reasons. It should be solved if you update your host DNS with sudo vi /etc/resolvconf/resolv.conf.d/base
Then adding the DNS you want like those from Google with:

nameserver 8.8.8.8
nameserver 8.8.4.4

And finally update resolvconf with sudo resolvconf -u

However, you may not be allowed to do it for security reasons of your instition, like me. In this case I didn't reach a solution. Please, if you find an alternative way to solve this that could work for me share it here. Thank you.

[sanimej]

@vponcelo What are the nameservers listed in your hosts's /etc/resolv.conf ?

In the other linked issue you said you are able to ping 8.8.8.8 from your host. Can you try dig @8.8.8.8 archive.ubuntu.com from your host ? The problem could be that your org's security policy might allow DNS queries only to their internal DNS servers and block anything going to external servers.

Can you also send your docker info output ?

[vponcelo]

Thanks for your answer. @sanimej exactly, I also think this is the problem. The nameservers listed in my host are internal and I'm not allowed to put external ones like those from Google. I guess it should be an alternative solution to reach specific DNS as exceptions or something like that (but I have no clue how).

The output of docker info is:

Containers: 56
 Running: 0
 Paused: 0
 Stopped: 56
Images: 18
Server Version: 1.10.3
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 247
 Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
 Volume: local nvidia-docker
 Network: host bridge null
Kernel Version: 3.19.0-51-generic
Operating System: Ubuntu 14.04.4 LTS
OSType: linux
Architecture: x86_64
WARNING: No swap limit support

Also, the output of dig 8.8.8.8 archive.ubuntu.com is:

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> 8.8.8.8 archive.ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6862
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;8.8.8.8.                       IN      A

;; ANSWER SECTION:
8.8.8.8.                0       IN      A       8.8.8.8

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Apr 02 20:30:27 CEST 2016
;; MSG SIZE  rcvd: 41

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21631
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;archive.ubuntu.com.            IN      A

;; ANSWER SECTION:
archive.ubuntu.com.     47      IN      A       91.189.88.152
archive.ubuntu.com.     47      IN      A       91.189.88.153
archive.ubuntu.com.     47      IN      A       91.189.91.13archive.ubuntu.com.     47      IN      A       91.189.91.14archive.ubuntu.com.     47      IN      A       91.189.91.15archive.ubuntu.com.     47      IN      A       91.189.92.200
archive.ubuntu.com.     47      IN      A       91.189.92.201
archive.ubuntu.com.     47      IN      A       91.189.88.149

;; AUTHORITY SECTION:
ubuntu.com.             2933    IN      NS      ns4.p27.dynect.net.
ubuntu.com.             2933    IN      NS      ns1.p27.dynect.net.
ubuntu.com.             2933    IN      NS      ns3.p27.dynect.net.
ubuntu.com.             2933    IN      NS      ns2.p27.dynect.net.

;; ADDITIONAL SECTION:
ns1.p27.dynect.net.     15690   IN      A       208.78.70.27ns2.p27.dynect.net.     15690   IN      A       204.13.250.27
ns3.p27.dynect.net.     15690   IN      A       208.78.71.27ns4.p27.dynect.net.     15690   IN      A       204.13.251.27

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Apr 02 20:30:27 CEST 2016
;; MSG SIZE  rcvd: 325

Best,

[vishal-yadav]

I also faced the same issue but only while building image from Dockerfile. I was able to apt install packages in interactive mode from container. Any suggestion?

Building image from Dockerfile:

Step 3 : RUN export http_proxy="<proxy>:8080" && export https_proxy="<proxy>:8080"
 ---> Using cache
 ---> 8de7838764f7
Step 4 : RUN apt-get update && apt-get install -y ruby ruby-dev
 ---> Running in 84e180e0375f
Err http://archive.ubuntu.com trusty InRelease
Err http://archive.ubuntu.com trusty-updates InRelease
Err http://archive.ubuntu.com trusty-security InRelease
Err http://archive.ubuntu.com trusty Release.gpg
Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1560:8001::14). - connect (101: Network is unreachable) [IP: 2001:67c:1560:8001::14 80]
...
Reading package lists...
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease

From container:

root@a7cdd3e3aff6:/# export http_proxy="<proxy>:8080"
root@a7cdd3e3aff6:/# export https_proxy="<proxy>:8080"
root@a7cdd3e3aff6:/# apt-get update
Ign http://archive.ubuntu.com trusty InRelease
Get:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:2 http://archive.ubuntu.com trusty-security InRelease [65.9 kB]
...
Fetched 3613 kB in 8s (427 kB/s)
Reading package lists... Done

root@a7cdd3e3aff6:/# apt-get install -y ruby ruby-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libruby1.9.1 libyaml-0-2 ruby1.9.1 ruby1.9.1-dev
...
Setting up ruby (1:1.9.3.4) ...
Setting up libruby1.9.1 (1.9.3.484-2ubuntu1.2) ...
Setting up ruby1.9.1-dev (1.9.3.484-2ubuntu1.2) ...
Setting up ruby-dev (1:1.9.3.4) ...
Setting up ruby1.9.1 (1.9.3.484-2ubuntu1.2) ...
Processing triggers for libc-bin (2.19-0ubuntu6.9) ...

Dockerfile:

FROM vishalyadav/ubuntu14.04:latest
MAINTAINER Vishal Yadav <vishal.yadav@zzz.com>
RUN export http_proxy="<proxy>:8080" && export https_proxy="<proxy>:8080"
RUN apt-get update && apt-get install -y --force-yes ruby ruby-dev

[thaJeztah]

@vishal-yadav each step in a Dockerfile is executed in a new container. When running RUN export foo=bar, that variable is only present during that step, but no longer there in the next step (container)

For docker build, you can use --build-arg, which sets environment variables in the container during build only, so they do not remain in the image after build. And there's no need to change your Dockerfile for http_proxy variables, as they are supported by default

For example

docker build --build-arg http_proxy=<proxy>:8080 .......

If the http_proxy environment variable is set on your host, you can even omit the =<proxy>:8080

[vishnu-kumar]

in Dockerfile i tried below and it worked.

RUN http_proxy='http://proxy:port/' https_proxy='http://proxy:port/' apt-get -y update && http_proxy=''http://proxy:port/' https_proxy=''http://proxy:port/' apt-get install -y fortunes

[thaJeztah]

There's no need to add it to your Dockerfile; *_proxy variables are supported as --build-arg by default, so this should work without modifying your Dockerfile;

docker build --build-arg http_proxy='http://proxy:port/' --build-arg https_proxy='http://proxy:port/' ..

[thaJeztah]

Note that this is being worked on as part of #30588, and #26318 (which are temporarily closed, but will be reopened after DockerCon)

[Pizzabakerz]

i think you should force the connection to ipv4
check out this it might help
https://support.purevpn.com/how-to-disable-ipv6-linuxubuntu

[avi6gupta]

In my case ,my institution was using ipv4 but Ubuntu was trying ipv6 also, so just changing the method from Automatic to Ignore in ipv6 settings worked.

[thaJeztah]

#30588 was continued in docker/cli#93, and added the ability to configure default proxies for containers in the CLI configuration file; looking at the discussion above, this looks like a configuration issue, and I don't think there's a bug at hand here, so I'll close this issue (feel free to continue the conversation though)