We will provide proxy settings to both Docker Engine and Docker Client so that they can connect to the internet when direct access to the internet is not allowed while using Docker. When we use Docker in corporate networks or private clouds, we may typically have to connect to the internet via a proxy server. In these cases, we need to use a proxy.
In this tutorial, we'll learn how to troubleshoot problems we may encounter when configuring a proxy with Docker.
2. What Is a Proxy
The proxy server controls and routes traffic between the requesting user and websites. Proxying aims to protect users and maintain network security and privacy policies. Without a proxy, the user sends a request directly to the destination server and receives a response:
When we use a proxy, our request first goes to the proxy server, and then the proxy accesses the target server. As shown in the image below, the proxy is located between the client and the target server, and every request from the client comes to the proxy first, and then, the proxy provides access to the target server:
3. Configure Docker Proxy
In Docker 17.07 and higher, we can configure the Docker client to pass proxy information to containers automatically. In Docker 17.06 and earlier, we can set the Docker client proxy settings via environment variables.
Let's add the following JSON example to the ~/.docker/config.json file and complete our proxy settings. Using the * character as a wildcard for hosts and using CIDR notation for IP addresses is supported:
When we save the changes, each Docker container will be created with the environment variables specified in the config.json file, and our proxy settings will be valid.
4. Proxy Server Settings
We should use the HTTP_PROXY, HTTPS_PROXY, FTP_PROXY, and NO_PROXY environment variables to configure proxy services for the Docker daemon. Let's look at these variables in detail:
- HTTP_PROXY is a type of proxy that acts as an intermediary server between a client and a web server. With an HTTP proxy server, the request does not go to the website; it goes to the proxy in plain text. The proxy analyzes this and then sends a new request to the website by (optionally) changing our IP address using the data supplied with the request. The website receives it and sends a response to the proxy. The proxy then forwards the response to us.
- HTTPS_PROXY is more secure and more anonymous than HTTP proxies. The HTTPS protocol does not transfer data in plain text format. The SSL layer encrypts the data so that it's never seen by third parties.
- FTP_PROXY manages active and passive FTP sessions. It also protects the FTP server and restricts FTP protocol commands between client and server.
- NO_PROXY setting is used to specify addresses for which the proxy should not be used.
5. Manually Configure the Proxy Settings
In Docker 17.07 and earlier, we must set our proxy settings with the –env flag:
docker run [docker_image] --env FTP_PROXY="ftp://<ip-address>:<port>"
docker run [docker_image] --env HTTP_PROXY="http://<ip-address>:<port>"
docker run [docker_image] --env HTTPS_PROXY="https://<ip-address>:<port>"
docker run [docker_image] --env NO_PROXY="*.<domain>,127.0.0.0/8"
Or, we have to add them to our Dockerfile:
With these operations, we can now perform our Docker proxy operations.
In this tutorial, we've learned what a proxy is and how to set it up in different versions of Docker.
res – REST with Spring (eBook) (everywhere)