Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I make all my docker containers use my proxy?

Tags:

docker

proxy

I am running docker on Debian Jessie which is behind a corporate proxy. To be able to download docker images, I need to add the following to my /etc/defaults/docker

http_proxy="http://localhost:3128/"

I can confirm that this works.

However, in order to be able to access the interwebz from within my container, I need to start all sessions with --net host and then setup these env variables:

export http_proxy=http://localhost:3128/
export https_proxy=https://localhost:3128/
export ftp_proxy=${http_proxy}

Ideally, I would like for the container to not need the host network, and not to know about the proxy (i.e. all outbound calls to port 20, 80, 443 in the container go via the host's proxy port). Is that possible?

Failing that, is it possible to have a site setup, which will ensure that these env variables are set locally but never exported as part of an image? I know I can pass these things with --env http_proxy=... etc, but that's clunky. I want it to work for all users on the system without having to use aliases.

(Disclaimer: I asked this on https://superuser.com/posts/890196 but the home for docker questions is a little ambiguous at the moment).

like image 522
fommil Avatar asked Mar 16 '15 13:03

fommil


People also ask

How do I proxy a Docker container?

Copy the Docker container's Nginx config file to your local file system. Add proxy_pass entries that point to your backend origin servers. Copy the config file back into the Nginx Docker container. Reload the Nginx configuration and test the setup.

Does Docker use a proxy?

In Docker 17.07 and higher, you can configure the Docker client to pass proxy information to containers automatically. In Docker 17.06 and earlier versions, you must set the appropriate environment variables within the container.

What is a proxy server Docker?

docker-proxify is a docker-within-docker container that eases development when operating behind a restrictive firewall that requires a proxy server for outbound internet connectivity, by making the use of the proxy server transparent to the applications running inside the container.


1 Answers

See Proxy all the Containers:

Host server runs a container running a proxy (squid, in this case) that can do transparent proxying. That container has some iptables rules that NAT traffic into the proxy server - this means that container needs to run in privileged mode.

Host server also contains (and here's the magic) ip route table entries that re-route all traffic from any container but the proxy that was destined for port 80, through the proxy container.

That last bit essentially means that for port 80 traffic, the route from container to the rest of the world goes through the proxy container - giving it the chance to NAT and transparent proxy.

https://github.com/silarsis/docker-proxy

like image 56
laktak Avatar answered Sep 22 '22 15:09

laktak