Skip to content

Instantly share code, notes, and snippets.

@sfc-gh-eraigosa

sfc-gh-eraigosa/Docker Engine behind proxies.md

Last active May 12, 2020 19:22
Show Gist options
  • Save sfc-gh-eraigosa/1d806c9eb668ffaa2f64fa8692967359 to your computer and use it in GitHub Desktop.
Save sfc-gh-eraigosa/1d806c9eb668ffaa2f64fa8692967359 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Docker Engine behind proxies.md

The Docker Engine is a highly configurable software product, and can sometimes be complicated. These tips are put together to help users setup docker to work inside a networked proxy.

Topics

Docker Toolbox Users

Docker Toolbox is now the legacy offering from Docker for platforms that are not supported by Docker for Windows and Docker for Mac.

Docker Toolbox is the most common method for installing docker on Mac and Windows systems. You can find instructions for download and install on the docker website. When using the docker engine under toolbox, Docker will install a small virtual machine (boot2docker) using VirtualBox, that is used to run the Docker Host Engine.

Configure your proxies manually

You can use a proxy close to use, for example: yourproxy.net:8080.

  1. Open a command prompt and connect to the default virtual machine using docker-machine.

    $ docker-machine ssh default

  2. Edit the /var/lib/boot2docker/profile file to add the registry, become root with sudo -i command.

    # Setup proxy
export HTTP_PROXY=http://yourproxy.net:8080
export HTTPS_PROXY=https://yourproxy.net:8080
export no_proxy="/var/run/docker.sock,localaddress,localhost,yourdomain.net,127.0.0.1,10.0.0.0/16,172.0.0.0/16,192.168.0.0/168"
export DOCKER_TLS=no

  3. Restart the docker service:

    $ sudo service docker restart

Configure proxies with docker-machine

On windows host running docker toolbox, it's possible to use docker-machine to automatically configure your boot2docker image with proper proxy settings. Here are some quick steps on how to use docker-machine to perform this action.

  1. Open a cygwin shell prompt or equivalent bash shell prompt on your windows system. If you do not have one yet, you can also use the GitHub Enterprise Desktop to get a mintty shell prompt with these capabilities from here: https://desktop.github.com/ Run these commands in your prompt:

    export HTTP_PROXY=http://yourproxy.net:8080
export HTTPS_PROXY=https://yourproxy.net:8080
export NO_PROXY=/var/run/docker.sock,localaddress,localhost,yourdomain.net,127.0.0.1,10.0.0.0/16,172.0.0.0/16,192.168.0.0/168
export http_proxy=http://yourproxy.net:8080
export https_proxy=https://yourproxy.net:8080
export no_proxy=/var/run/docker.sock,localaddress,localhost,yourdomain.net,127.0.0.1,10.0.0.0/16,172.0.0.0/16,192.168.0.0/168

  2. In the same shell prompt, you can now remove the pre-existing default machine that was setup in VirtualBox. Note, this will delete all containers from your virtual machine.

    docker-machine rm default

  3. Recreate the default machine, but this time we can specify all the proxy options:

    docker-machine create -d virtualbox \
 --engine-env HTTP_PROXY="$HTTP_PROXY" \
 --engine-env HTTPS_PROXY="$HTTPS_PROXY" \
 --engine-env NO_PROXY="$NO_PROXY" \
 --engine-env http_proxy="$https_proxy" \
 --engine-env https_proxy="$https_proxy" \
 --engine-env no_proxy="$no_proxy" \
 default

    Optionally include these options to adjust the Virtual machine resources.

    --virtualbox-cpu-count 4  \
--virtualbox-memory 4096  \
--virtualbox-disk-size 90000 \
--virtualbox-no-vtx-check \

Docker engine on Linux INIT V5

  • Edit /etc/default/docker

    # Setup proxy
export http_proxy="http://yourproxy.net:8080/"
export https_proxy="https://yourproxy.net:8080/"
export no_proxy="/var/run/docker.sock,localaddress,localhost,yourdomain.net,127.0.0.1,10.0.0.0/16,172.0.0.0/16,192.168.0.0/16"

  • Restart docker: sudo service docker restart

Docker engine on Linux running new Systemd services

Run the following commands:

sudo mkdir /etc/systemd/system/docker.service.d
sudo /bin/bash -c 'cat <<EOF > /etc/systemd/system/docker.service.d/proxy.conf
[Service]
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment="HTTP_PROXY=http://yourproxy.net:8080" \
"HTTPS_PROXY=https://yourproxy.net:8080" \
"NO_PROXY=/var/run/docker.sock,localaddress,localhost,yourdomain.net,127.0.0.1,10.0.0.0/16,172.0.0.0/16,192.168.0.0/168" \
"http_proxy=http://yourproxy.net:8080" \
"https_proxy=https://yourproxy.net:8080" \
"no_proxy=/var/run/docker.sock,localaddress,localhost,yourdomain.net,127.0.0.1,10.0.0.0/16,172.0.0.0/16,192.168.0.0/168"
EOF'
sudo systemctl daemon-reload
sudo systemctl restart docker

Docker for Windows

Docker for Windows is the current offering from Docker to run Docker on Windows. Docker for Windows requires Windows 10 Professional or Enterprise and Hyper-V.

Docker for Windows creates a Hyper-V VM that runs MobyLinux. Your Docker containers run in the Hyper-V VM.

Installation

Before installation, ensure Hyper-V is enabled in your BIOS and you have enabled Hyper-V in Windows Features.

At the end of installation, Docker may ask to make changes to your BIOS - say no. There are some conflicts with Bitlocker and your TPM/BIOS may get corrupted - possibly requiring a re-image. Manually make the Hyper-V changes mentioned above.

You can find Docker for Windows Installation here. This provides best experience on Windows for running Linux based containers.

Proxy Settings

Complete these steps before you attempt to use Docker. If you have not configured the web proxies Docker will be able to download container images.

When is reported Docker as running, you can right click the whale in notifications and select Settings. Choose Proxies, select Use proxy server and enter the URLs for the "local" proxy servers. The following examples show the proxy servers.

http://yourproxy.net:8080
https://yourproxy.net:8080

These will then be passed down to Docker and any containers started. Note: skipping the http(s) prefixes, can cause problems for Ubuntu apt-get.

Enter yourdomain.net in the "Bypass proxy settings for these Hosts & Domains" text field.

Click on the Apply button, Docker (the Hyper-V VM) will restart. This will take some time on the standard issue laptops. Wait for Docker to restart.

If you navigate away for the Networking "tab", your changes will be discarded.

Select the "Docker Daemon" settings tab. Enter the URL for your registry hub ("yourregistry.net") in the "registry-mirrors" field. The text field will run syntax-checks on your changes. The field should now read thus.

  "registry-mirrors": [
    "yourregistry.net"
  ]

Apply your changes by clicking the Apply button. Docker will restart.

You can control the share of memory and CPU assigned to Docker on the Advanced "tab" of the Docker Settings tool.

McAfee Firewall Issues

When sharing a PC drive with Docker (Settings / Shared Drives), you may get a firewall error message (McAfee log - Block NetBIOS TCP incoming). Since we cannot easily affect the McAfee rules, here is a workaround...

Go to Settings / Network and set the Subnet Address to the same as your PC (it is probably the default 10.0.75.0). Example: PC IP is 1.2.3.4, set to 1.2.3.0. Press apply and when Docker has restarted you should be able to share a PC drive with Docker. Note: this solution will cause Docker to be assigned the IP x.x.x.1 which could cause IP conflicts. It is not clear how visible this IP is outside of your machine. Any other suggestions would be appreciated.

Docker Native Windows Containers

See this article on MSDN to install native Docker on Windows server.

Below are instructions to make it work your proxy network.

Setup proxy settings

# Configure HTTP proxy for Invoke-WebRequest
$reg = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-ItemProperty -Path $reg -Name ProxyServer -Value "yourproxy.net:8080"
Set-ItemProperty -Path $reg -Name ProxyEnable -Value 1

### Configure HTTP proxy for Docker so it's able to pull images
[Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://yourproxy.net:8080", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("HTTPS_PROXY", "http://yourproxy.net:8080", [EnvironmentVariableTarget]::Machine)

Install Docker

  1. Enable containers feature with command:

    Install-WindowsFeature containers

  2. Restart computer

    Restart-Computer -Force

  3. Install docker from nuget packages

    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name DockerMsftProvider -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force

# For persistent use, will apply even after a reboot.
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\Docker", [EnvironmentVariableTarget]::Machine)

Restart-Computer -Force

  4. Install Base Container

    docker pull microsoft/nanoserver
docker pull microsoft/windowsservercore

Run a Native windows container

# And finally run windows command prompt in a container
docker run --rm windowsservercore cmd

Reference

Docker for Mac

You can find Docker for Mac installation here. This provides best experience on Mac OS for running Linux based containers.

Contributions welcome

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment