Proxy for podman in podman setup

Has anyone here been able to get their rootless podman-in-podman runners working with a proxy (squid)? More specifically, to pull container images from an external container registry?

When I run a pipeline, it gets the error: dial tcp x.x.x.x:y: connect: no route to host when attempting to pull a container image from the internet.

Initially, I thought this was a networking/routing problem, but I see the same error when I remove the proxy environment variables from my rootless user and try a manual podman pull on the host.

To clarify, manually running podman pull works fine when those proxy variables are set. But for some reason, the runner seems to ignore these variables?

What’s really confusing is that the runner pipeline output is returning the value of $http_proxy. For example, here is my .gitlab-ci.yml file.

  image: $http_proxy

and it’s showing this output

Pulling docker image ...

I am lost.

Environment Setup

http_proxy, https_proxy, HTTP_PROXY, HTTPS_PROXY have been configured for…

  • the rootless user’s .bashrc and .bash_profile
  • runner containers’ env variables
  • config.toml
  • .gitlab-ci.yml

same error messae for me using an internal registry.
I can use this registry using command line.
Pulling images works for me using proper HTTP and HTTPS proxy vars

It’s good to know someone else is getting this problem. I’ll see if I can submit a gitlab issue later today about this.

My colleagues found the solution. You need to do the following.

  1. Login as your rootless podman user.
  2. systemctl --user edit podman
  3. Add these settings and save.

The approach you’ve mentioned involves configuring the HTTP_PROXY and HTTPS_PROXY environment variables for the systemd user service associated with your rootless Podman user. This should ensure that the proxy settings are applied when the Podman runner is trying to pull container images from external registries.