Getting Docker to work with a proxy server

  1. Proxy for the command line
  2. Proxy for apt
  3. Proxy for Docker daemon
  4. Proxy for Docker build and Docker Compose

Proxy for the command line

This part is as easy as setting the following environment variables (https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/):

  • http_proxy, HTTP_PROXY — proxy server for HTTP Traffic
  • https_proxy, HTTPS_PROXY — proxy server for HTTPS traffic
  • ftp_proxy, FTP_PROXY — proxy server for FTP traffic
  • no_proxy, NO_PROXY — comma separated patterns for IP addresses or domain names that shouldn’t use the proxy. It is a good idea to add at least localhost and 127.0.0.1 to noproxy list.

Proxy for apt

Create a new apt configuration file under /etc/apt/apt.conf.d, the name of the new configuration file doesn’t matter much, it’s a good idea to pick something obvious like 50proxy (alternatively, you can edit /etc/apt.conf directly). Add the following lines to the new configuration file (replace proxy.server and port with appropriate values):

Acquire::http::Proxy "http://proxy.server:port";
Acquire::https::Proxy "http://proxy.server:port";

Proxy for Docker daemon

When using Docker, actions like pulling images are performed by the Docker daemon and do not use your shell’s environment variables. To configure proxy settings for the Docker daemon:

[Service]
Environment="HTTP_PROXY=http://proxy.server:port"
Environment="HTTPS_PROXY=http://proxy.server:port"
Environment="NO_PROXY=localhost,127.0.0.1"
sudo systemctl daemon-reload
sudo systemctl restart docker

Proxy for Docker build and Docker Compose

If you’re building Docker images with docker build or docker-compose, you will want to configure proxy settings for the build process. Despite the fact that Docker daemon has the correct proxy settings, during the build process commands that update the image being built (i.e. apk update, apt-get update etc.) will fail without this step.

{
"proxies":
{
"default":
{
"httpProxy": "http://proxy.server:port",
"httpsProxy": "http://proxy.server:port",
"noProxy": "localhost,127.0.0.1"
}
}
}

--

--

Random rumblings about #InfoSec. The opinions expressed here are my own and not necessarily those of my employer.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Airman

Airman

Random rumblings about #InfoSec. The opinions expressed here are my own and not necessarily those of my employer.