Of Stack

Docker network proxy setup details

  • 2020-06-07 05:40:53
  • OfStack

background

In some laboratory environments, the server does not have the right to directly connect to the external network and needs to pass the network proxy. We usually configure the network agent directly in configuration files such as /etc/environment, /etc/profile, which works for most operations. However, the docker command does not use these agents.

For example, when docker pull needs to download the image from the external network, the following error will occur: 


 $ docker pull hello-world

Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
docker: Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/hello-world/images. You may want to check your internet connection or if you are behind a proxy..
See 'docker run --help'.

ps: This paper passed the test under Ubuntu16.04.

Solution 1:

Stop the docker service and start docker daemon manually by listening for all network interfaces on port 2375. 


 $ systemctl stop docker.service
$ nohup docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &

Solution 2:

Edit configuration file, Ubuntu /etc/default/docker, CentOS /etc/sysconfig/docker. However, by modifying these two files to configure daemon is already discouraged. Use of this method is discouraged. 


 HTTP_PROXY="http://[proxy-addr]:[proxy-port]/"
HTTPS_PROXY="https://[proxy-addr]:[proxy-port]/"
export HTTP_PROXY HTTPS_PROXY

Solution 3:

This method is persistent and will take effect 1 after modification. This method overrides the default ES52en.service file.

1. Create a built-in systemd directory for the docker service 


 $ mkdir -p /etc/systemd/system/docker.service.d

2. Create/etc systemd/system/docker service. d/http - proxy. conf file, and add HTTP_PROXY environment variables. Where [ES74en-ES75en] and [ES76en-ES77en] are respectively changed to the actual agent address and port: 


 [Service]
Environment="HTTP_PROXY=http://[proxy-addr]:[proxy-port]/" "HTTPS_PROXY=https://[proxy-addr]:[proxy-port]/"

3. If there is an internal Docker registries that does not require proxy access, then hey need to specify the NO_PROXY environment variable: 


 [Service]
Environment="HTTP_PROXY=http://[proxy-addr]:[proxy-port]/" "HTTPS_PROXY=https://[proxy-addr]:[proxy-port]/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"

4. Update configuration: 


 $ systemctl daemon-reload

5. Restart Docker service: 


 $ systemctl restart docker
Related articles: