之前只写了空 daemon.json,但 dockerd 仍会继承环境里的 HTTPS_PROXY=socks5://192.168.1.119:1080,导致拉 daocloud 镜像源时被 socks 代理拒绝。 三处同时置空: 1) systemd drop-in:覆盖 dockerd 启动环境变量 2) /etc/docker/daemon.json:显式声明 proxies 全空 3) /root/.docker/config.json:清空 client 端代理 装完 docker 后强制重启 daemon 让新配置生效。 应用容器内部 socks5 配置完全不动。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
yuming
@@ -18,14 +18,51 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: 安装 Docker CLI
|
- name: 安装 Docker CLI
|
||||||
run: |
|
run: |
|
||||||
# 先写干净的 daemon.json,让 Docker 启动时就读到无代理配置
|
# === 彻底清零 Docker 代理,避免 daemon 拉 daocloud 时走 socks5 被 reset ===
|
||||||
|
# 局域网 socks5 代理(192.168.1.119:1080)只供应用容器内部使用,
|
||||||
|
# 这里把 daemon 自己的代理一律置空,让它直连国内 docker mirror。
|
||||||
|
# 1) systemd drop-in:dockerd 启动时强制覆盖环境变量为空
|
||||||
|
mkdir -p /etc/systemd/system/docker.service.d
|
||||||
|
cat > /etc/systemd/system/docker.service.d/no-proxy.conf <<'EOF'
|
||||||
|
[Service]
|
||||||
|
Environment="HTTP_PROXY="
|
||||||
|
Environment="HTTPS_PROXY="
|
||||||
|
Environment="NO_PROXY=*"
|
||||||
|
EOF
|
||||||
|
# 2) daemon.json 显式声明空 proxies(双保险,覆盖任何外部继承)
|
||||||
mkdir -p /etc/docker
|
mkdir -p /etc/docker
|
||||||
echo '{}' > /etc/docker/daemon.json
|
cat > /etc/docker/daemon.json <<'EOF'
|
||||||
|
{
|
||||||
|
"proxies": {
|
||||||
|
"http-proxy": "",
|
||||||
|
"https-proxy": "",
|
||||||
|
"no-proxy": "*"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
# 3) docker 客户端配置:影响 docker build/buildx 自身走的代理
|
||||||
|
mkdir -p /root/.docker
|
||||||
|
cat > /root/.docker/config.json <<'EOF'
|
||||||
|
{
|
||||||
|
"proxies": {
|
||||||
|
"default": {
|
||||||
|
"httpProxy": "",
|
||||||
|
"httpsProxy": "",
|
||||||
|
"noProxy": "*"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
# 替换 Debian 源为清华镜像,避免国内连 deb.debian.org 超时
|
# 替换 Debian 源为清华镜像,避免国内连 deb.debian.org 超时
|
||||||
sed -i 's|deb.debian.org|mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
|
sed -i 's|deb.debian.org|mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
|
||||||
sed -i 's|security.debian.org|mirrors.tuna.tsinghua.edu.cn/debian-security|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
|
sed -i 's|security.debian.org|mirrors.tuna.tsinghua.edu.cn/debian-security|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
|
||||||
apt-get update -qq
|
apt-get update -qq
|
||||||
apt-get install -y -qq docker.io
|
apt-get install -y -qq docker.io
|
||||||
|
# 装完之后让 daemon 重新读上面三处配置;不同启动方式都试一遍
|
||||||
|
systemctl daemon-reload 2>/dev/null || true
|
||||||
|
systemctl restart docker 2>/dev/null || service docker restart 2>/dev/null || true
|
||||||
|
# 给 daemon 一点时间就绪,否则紧接着 docker build 会连不上 socket
|
||||||
|
sleep 3
|
||||||
|
|
||||||
- name: 拉取代码
|
- name: 拉取代码
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|||||||
Reference in New Issue
Block a user