Getting Docker to work with a proxy server

I was recently configuring Docker on a machine that didn’t have direct access to the Internet and had to use proxy for outbound connectivity, and it turned out to be a non-trivial task. All of this info is scattered around the Internet, I’m just bringing it all together. Here’s the steps to get everything working:

  1. Proxy for the command line
  2. Proxy for apt
  3. Proxy for Docker daemon
  4. Proxy for Docker build and Docker Compose

This article has been written for Ubuntu Linux and might need tweaking for other distros.

Proxy for the command line

  • http_proxy, HTTP_PROXY — proxy server for HTTP Traffic
  • https_proxy, HTTPS_PROXY — proxy server for HTTPS traffic
  • ftp_proxy, FTP_PROXY — proxy server for FTP traffic
  • no_proxy, NO_PROXY — comma separated patterns for IP addresses or domain names that shouldn’t use the proxy. It is a good idea to add at least localhost and 127.0.0.1 to noproxy list.

Set these once for the active session, add them to ~/.bash_profile or ~/.bashrc for persistent settings for current user, or add them to /etc/environment for persistent settings for all users. It turns out that different tools use different versions of these variables (lowercase vs uppercase), so it’s best so set both versions (see https://wiki.archlinux.org/index.php/Proxy_server#Environment_variables for more info).

Proxy for apt

Acquire::http::Proxy "http://proxy.server:port";
Acquire::https::Proxy "http://proxy.server:port";

More info: https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-set-the-proxy-for-apt-for-ubuntu-18-04/

Proxy for Docker daemon

Create directory /etc/systemd/system/docker.service.d for Docker proxy settings config file. Then create /etc/systemd/system/docker.service.d/http-proxy.conf with the following contents (replace proxy.server and port):

[Service]
Environment="HTTP_PROXY=http://proxy.server:port"
Environment="HTTPS_PROXY=http://proxy.server:port"
Environment="NO_PROXY=localhost,127.0.0.1"

Apply settings and restart Docker:

sudo systemctl daemon-reload
sudo systemctl restart docker

(Check the settings using systemctl show --property=Environment docker).

More info: https://docs.docker.com/config/daemon/systemd/#httphttps-proxy

Proxy for Docker build and Docker Compose

For the user that will be building images, create ~/.docker/config.json with the following contents (replace proxy.server and port):

{
"proxies":
{
"default":
{
"httpProxy": "http://proxy.server:port",
"httpsProxy": "http://proxy.server:port",
"noProxy": "localhost,127.0.0.1"
}
}
}

More info: https://docs.docker.com/network/proxy/

Random rumblings about #InfoSec. The opinions expressed here are my own and not necessarily those of my employer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store