When it comes to Docker and proxies, you will mostly not need them for running things locally or to just test something. However, we at Cron spend a lot of time managing production environments at corporations where everything is behind a proxy. Here in this post, I will share some basics and few tips on how to set up Docker daemons, build images and finally run Docker containers behind a proxy that doesn’t use authentication.
Pulling images
To be able to pull public images you need to set proxy settings to Docker configuration file. Also, keep in mind that if you are using a private registry you need to add the no_proxy
variable. Otherwise, pull/push to private Docker registry will not be possible. Setting up those settings depends on the OS and Docker version you are using. Here are some examples of running Docker version 1.9.0 and above:
For RedHat/CentOS version 6:
1 2 3 4 5 6 7 |
cat <<EOF | sudo tee -a /etc/sysconfig/docker export http_proxy="http://myproxy.example.com:8080" export https_proxy="https://myproxy.example.com:8080" export no_proxy=<REGISTRY_IP> EOF sudo service docker restart |
For RedHat/CentOS version 7, remove export:
1 2 3 4 5 6 7 8 9 |
cat <<EOF | sudo tee -a /etc/sysconfig/docker http_proxy="http://myproxy.example.com:8080" https_proxy="https://myproxy.example.com:8080" no_proxy=<REGISTRY_IP> EOF sudo sed -i '/\[Service\]/a EnvironmentFile=/etc/sysconfig/docker' /usr/lib/systemd/system/docker.service sudo systemctl daemon-reload sudo service docker restart |
For Ubuntu 14.04:
1 2 3 4 5 6 7 |
cat <<EOF | sudo tee -a /etc/default/docker export http_proxy="http://myproxy.example.com:8080" export https_proxy="https://myproxy.example.com:8080" export no_proxy=<REGISTRY_IP> EOF sudo restart docker |
For most operating systems above example will do the job.
Building images
Building Docker images behind a corporate proxy was a challenge since there wasn’t a way to set build-time variables while building the images. Sure, you could hardcode your proxy settings to Dockerfile, but what if you are using different proxies for different environments, or you don’t need a proxy if building images locally?
Docker, with version 1.9.0 introduced --build-arg
option for build-time variables which solves this problem. Building Ubuntu based image is quite simple now:
1 2 3 4 |
sudo docker build -t Cron/ubuntu \ --build-arg http_proxy="http://myproxy.example.com:8080" \ --build-arg https_proxy="https://myproxy.example.com:8080" \ . |
Even if you have an HTTP proxy only, for Ubuntu to be able to update and install packages via apt-get
, you need to set https_proxy
variable also. It could point to the same HTTP proxy server, though.
For RedHat based images you may need to set proxy settings in /etc/yum.conf
as additional step. You could put something like this in your Dockerfile:
1 2 |
RUN \ echo -e "proxy=$http_proxy\nproxy=$https_proxy" >> /etc/yum.conf |
Running containers
Eventually, you will need to run Docker containers behind a proxy. Now, it depends on whether your containers are using some external service outside of your network or not. If not, you don’t need to set proxies at all.
Each Docker container will run just one process, in most cases. How to pick up http_proxy
and https_proxy
variables to that process depends on what process you need to run. In this case test.sh
script will start just one Java process. This Java process also connects to Postgres deployed locally for which we need to skip the proxy server. This is just a part of test.sh
run script:
1 2 3 |
if [[ ! -z "$http_proxy" ]] || [[ ! -z "$https_proxy" ]]; then export JAVA_OPTS="-Djava.net.useSystemProxies=true $JAVA_OPTS -Dhttp.noProxyHosts=${POSTGRES_IP}" fi |
Then we need to set environment variables with docker run
command:
1 2 3 4 |
sudo docker run -e "http_proxy=http://myproxy.example.com:8080" \ -e "https_proxy=https://myproxy.example.com:8080" \ -e "POSTGRES_IP=192.168.100.101" \ -d Cron\ubuntu test.sh |
As noted at the beginning, those are just a few examples and basic settings to get started with Docker and proxies. Questions and comments are always welcome.
Alen Komljen
Latest posts by Alen Komljen (see all)
- Kubernetes upgrade – kubeadm - May 16, 2017
- Reprovision on terraform apply - May 6, 2017
- ELK stack on Kubernetes - May 4, 2017