Using Docker Behind a Proxy

With a default installation, Docker assumes the host it is running host on has general access to the internet. This, however, might not be the case in large corporate environments, as most of internet traffic will be routed through a proxy in such networks.

Consequently, If you are using Docker in your office you might not be able to pull images from the Docker image registry or install/update packages on your running containers.

While dealing with the proxy configuration, you would need to change the settings related to:

  • The Docker daemon, to be able to pull images from Docker public registries (Docker Store or Docker Hub).
  • The Docker containers, to be able to install or updates packages within these containers while they are running.

The following post will show you how to configure your Docker host to be able to perform common Docker operation tasks, even if you’re behind a corporate proxy.

The steps above have been performed on a CentOS 7 system, but the same should apply, irrespective of which distribution you are using.

Configuring Proxy for Docker Daemon


Create a systemd drop-in directory for the docker service.

Inside this folder, create a file called http-proxy.conf that adds the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables.

Add the following lines

Where

user is the user used to run Docker commands.

password is your the Docker user password.

– proxy.domain.com is the user proxy’s IP or FQDN.

8080 is your proxy’s port number. Change it accordingly to reflect your environment.

After this is done, flush changes and restart Docker service.

Verify that the configuration has been loaded.

You should now able able pull images from Docker public registries without any issue.

If after these changes are done, you’re still not able to get images and encounter a proxyconnect error like the one below:

Try to add temporary google DNS to your resolver file and you should be fine to go

Configuring Proxy for Docker Containers


Having a configured proxy for the Docker daemon does not necessary mean that your containers will be able to download packages from Internet. You still have to configure them to pass through the proxy.

Edit the file ~/.docker/config.json in the home directory of the user which starts containers. If this file is not there, create it.

Add the following instructions and change them accordingly to reflect your environment.

You can optionally:

  • Add httpsProxy or ftpProxy necessary if you are using an HTTPS or FTP proxy server.
  • Exclude hosts or ranges from going through the proxy server by setting a noProxy key to one or more comma-separated IP addresses or hosts. Note that the wildcard character is also supported, as shown in the example.
Find this post interesting. Share it!

Leave a Comment

Your email address will not be published. Required fields are marked *