Getting Docker to work with a proxy server

Airman
2 min readMay 23, 2019

--

I was recently configuring Docker on a machine that didn’t have direct access to the Internet and had to use proxy for outbound connectivity, and it turned out to be a non-trivial task. All of this info is scattered around the Internet, I’m just bringing it all together. Here’s the steps to get everything working:

  1. Proxy for the command line
  2. Proxy for apt
  3. Proxy for Docker daemon
  4. Proxy for Docker build and Docker Compose

This article has been written for Ubuntu Linux and might need tweaking for other distros.

Proxy for the command line

This part is as easy as setting the following environment variables (https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/):

  • http_proxy, HTTP_PROXY — proxy server for HTTP Traffic
  • https_proxy, HTTPS_PROXY — proxy server for HTTPS traffic
  • ftp_proxy, FTP_PROXY — proxy server for FTP traffic
  • no_proxy, NO_PROXY — comma separated patterns for IP addresses or domain names that shouldn’t use the proxy. It is a good idea to add at least localhost and 127.0.0.1 to noproxy list.

Set these once for the active session, add them to ~/.bash_profile or ~/.bashrc for persistent settings for current user, or add them to /etc/environment for persistent settings for all users. It turns out that different tools use different versions of these variables (lowercase vs uppercase), so it’s best so set both versions (see https://wiki.archlinux.org/index.php/Proxy_server#Environment_variables for more info).

Proxy for apt

Create a new apt configuration file under /etc/apt/apt.conf.d, the name of the new configuration file doesn’t matter much, it’s a good idea to pick something obvious like 50proxy (alternatively, you can edit /etc/apt.conf directly). Add the following lines to the new configuration file (replace proxy.server and port with appropriate values):

Acquire::http::Proxy "http://proxy.server:port";
Acquire::https::Proxy "http://proxy.server:port";

More info: https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-set-the-proxy-for-apt-for-ubuntu-18-04/

Proxy for Docker daemon

When using Docker, actions like pulling images are performed by the Docker daemon and do not use your shell’s environment variables. To configure proxy settings for the Docker daemon:

Create directory /etc/systemd/system/docker.service.d for Docker proxy settings config file. Then create /etc/systemd/system/docker.service.d/http-proxy.conf with the following contents (replace proxy.server and port):

[Service]
Environment="HTTP_PROXY=http://proxy.server:port"
Environment="HTTPS_PROXY=http://proxy.server:port"
Environment="NO_PROXY=localhost,127.0.0.1"

Apply settings and restart Docker:

sudo systemctl daemon-reload
sudo systemctl restart docker

(Check the settings using systemctl show --property=Environment docker).

More info: https://docs.docker.com/config/daemon/systemd/#httphttps-proxy

Proxy for Docker build and Docker Compose

If you’re building Docker images with docker build or docker-compose, you will want to configure proxy settings for the build process. Despite the fact that Docker daemon has the correct proxy settings, during the build process commands that update the image being built (i.e. apk update, apt-get update etc.) will fail without this step.

For the user that will be building images, create ~/.docker/config.json with the following contents (replace proxy.server and port):

{
"proxies":
{
"default":
{
"httpProxy": "http://proxy.server:port",
"httpsProxy": "http://proxy.server:port",
"noProxy": "localhost,127.0.0.1"
}
}
}

More info: https://docs.docker.com/network/proxy/

--

--

Airman

Random rumblings about #InfoSec. The opinions expressed here are my own and not necessarily those of my employer.