Menu
As mentioned in the official docker docs here, proxy setting for docker can be assigned here /etc/systemd/system/docker.service.d/https-proxy.conf, like:
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"
But, the docker's downloading relates a lot of url redirecting. So I hardly name them one by one in the setting here.
So my question is that is there any methods to achieve wildcard, such as *.docker.io.
Thanks, Cross
378
I understand that this is a question from some years ago, but I guess this is still a common question for developers and I don't feel it's properly answered.
Regarding the approved answer from @Kaneg, effectively a leading . will do the trick in the majority of the cases... But not always.
Due to that, I'm writing this answer in case more people ends up in this question in a future.
First of all, we have to keep in mind that the famous NO_PROXY is an environment variable that the majority of Web Clients accept at the time of using a Web proxy server, but there is no standard about how it has to be defined or how each client should handle these.
When we set up those in Docker as environment variables, we're just forcing all the containers that will be created in the future to use those environment variables and they will be used for Docker as well (for example to download images from the official registry). Anyway, the real deal depends on what do we have inside of those containers, since that's where the requirements will get strict.
In order to simplify this to the maximum, I've taken this table from the GitLab blog (thank you, Stan Hu):
| curl | wget | Ruby | Python | Go | |
|---|---|---|---|---|---|
no_proxy |
Yes | Yes | Yes | Yes | Yes |
NO_PROXY |
Yes | No | Yes | Yes | Yes |
| Case precedence | lowercase | lowercase only | lowercase | lowercase | lowercase |
| Matches suffixes? | Yes | Yes | Yes | Yes | Yes |
Strips leading .? |
Yes | No | Yes | Yes | No |
* maches all hosts? |
Yes | No | No | Yes | Yes |
| Supports regexes? | No | No | No | No | No |
| Supports CIDR blocks? | No | No | Yes | No | Yes |
| Detects loopbacks IPs? | No | No | No | No | Yes |
| Reference | link | link | link | link | link |
That if we just follow the logic of setting a leading . in the NO_PROXY, first of all this one won't be understood by tools like wget, so they will pass through the Proxy anyway; and in the case that we would set the leading . as no_proxy still curl will always strip the leading . meanwhile wget won't strip it and will perform an exact string match against the hostname.
Suffixes are ALWAYS matched, so the best solution is to set docker.io as it will include whatever.docker.io. Try to avoid using a leading dot (.) if top-level domains need to be matched in every case.
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
