I am using Gluetun, a VPN client with a build-in HTTP proxy as a docker container and my goal is to route all external network traffic through this HTTP proxy on my Pi4 OMV. But I am fighting with the configuration. At first, I tried to use the web interface to set up the proxy, but it fails because in /etc/apt/apt.conf.d/99openmediavault-proxy the web interface creates this:
But it should be like this:
This is causing issues because of TLS handshake issues. If I change this to the 2nd source code with HTTP also for HTTPS and FTP, it works. I tried to change the content manually and after that running omv-salt deploy run, but after the next restart it is gone.
My 2nd approach was to use /etc/profile.d/proxy.sh and to add this:
#export http_proxy=http://IP:PORT
#export https_proxy=http://IP:PORT
#export ftp_proxy=http://IP:PORT
#export HTTP_PROXY=$http_proxy
#export HTTPS_PROXY=$https_proxy
#export FTP_PROXY=$ftp_proxy
This works in general, but I get trouble with my docker container Watchtower, which checks my containers for newer commits and updates it regularly. Watchtower logs look like this:
time="2021-10-15T07:48:06Z" level=warning msg="Could not do a head request for \"sha256:9167b324e914d60000a13f7c2ac5ac6be60c2594b0b683a0305e63235a755374\", falling back to regular pull." container=/watchtower image="sha256:9167b324e914d60000a13f7c2ac5ac6be60c2594b0b683a0305e63235a755374",
time="2021-10-15T07:48:06Z" level=warning msg="Reason: registry responded to head request with \"401 Unauthorized\", auth: \"Bearer realm=\\\"https://auth.docker.io/token\\\",service=\\\"registry.docker.io\\\",scope=\\\"repository:library/sha256:pull\\\",error=\\\"insufficient_scope\\\"\"" container=/watchtower image="sha256:9167b324e914d60000a13f7c2ac5ac6be60c2594b0b683a0305e63235a755374",
time="2021-10-15T07:48:09Z" level=info msg="Unable to update container \"/watchtower\": Error response from daemon: pull access denied for sha256, repository does not exist or may require 'docker login': denied: requested access to the resource is denied. Proceeding to next.",
time="2021-10-15T07:48:10Z" level=warning msg="Could not do a head request for \"sha256:45914747c39bc0000ccf8b251b375dbcdbe9acd73acb8e5631cb874c628da50b\", falling back to regular pull." container=/gluetun image="sha256:45914747c39bc0000ccf8b251b375dbcdbe9acd73acb8e5631cb874c628da50b",
time="2021-10-15T07:48:10Z" level=warning msg="Reason: registry responded to head request with \"401 Unauthorized\", auth: \"Bearer realm=\\\"https://auth.docker.io/token\\\",service=\\\"registry.docker.io\\\",scope=\\\"repository:library/sha256:pull\\\",error=\\\"insufficient_scope\\\"\"" container=/gluetun image="sha256:45914747c39bc0000ccf8b251b375dbcdbe9acd73acb8e5631cb874c628da50b",
time="2021-10-15T07:48:12Z" level=info msg="Unable to update container \"/gluetun\": Error response from daemon: pull access denied for sha256, repository does not exist or may require 'docker login': denied: requested access to the resource is denied. Proceeding to next."
I have another Pi4 with Raspbian, Gluetun and Watchtower, setting up the profile.d/proxy.sh like above and it is running without issues. Therefore I think that based on OMV I have to do the configuration in a different way and I hope someone can help me to find this way