I am trying to use docker behind corporate firewall.
I would like to force docker to use system Proxy, but this option is not available. How can I make docker to system Proxy.
Asked
Active
Viewed 5,939 times
3
Amanda Debler
- 178
- 7
clockworks
- 3,755
- 5
- 37
- 46
-
with a less knowledge on docker, are you using any command line interface ? then i have a solution – venkata krishnan Oct 06 '17 at 06:16
-
Yes, I use powershell on Windows. – clockworks Oct 06 '17 at 06:18
3 Answers
5
I've written a blog post about using the weird DummyDesperatePoitras virtual switch as an anchor for CNTLM, and that resolves some of the problems I mentioned here (having to change the proxy address for Docker every time your IP changes, among other things):
http://mandie.net/2017/12/10/docker-for-windows-behind-a-corporate-web-proxy-tips-and-tricks/
As of November 2017, this feature was still not implemented in Docker for Windows: https://github.com/docker/for-win/issues/589
The best solution I've found is CNTLM, but I'm not delighted with it, because:
1) CNTLM has not been updated in 5 years
2) You have to set the proxy IP in the Docker GUI, making it rather automation-resistant. The Docker for Windows GUI reads the proxy settings from the MobyLinux VM, not from the Windows registry, a config file or Windows environment variables. Setting HTTP_PROXY and HTTPS_PROXY in Windows has absolutely no effect on Docker. I've not found any way of setting the proxy value programmatically; the MobyLinux VM doesn't accept ssh connections. If anyone ever finds a way to do this from a command line or script, I'd love to know.
3) Setting the proxy IP to 127.0.0.1 won't work, because that will get the virtual machine that Docker is really running on to try its own interface, not the one on the host PC running CNTLM. I have also tried the DockerNAT interface IP, 10.0.75.1, with no success.
4) This means that the proxy IP needs to be the current IP address of your active external network interface. If you move around buildings a lot, you need to check this every time you want to use Docker.
- Set CNTLM to listen on 0.0.0.0 3128, not just 3128 or 127.0.0.1 3128. This will save you the trouble of updating this IP address every time your PC gets a new IP address. Just having the port number will keep traffic from the VM running Docker from being "heard".
- Calculate the NTLMv2 hash and store that in the config file instead of your username and password. This will be different for every PC and user account, so don't share your unredacted config file with another PC unless you want to get locked out. You will need to update this stored hash when you next change your Windows password.
- Restart the cntlm Windows service after any changes to its config file.
- Run ipconfig in cmd.exe or PowerShell to find your current IP address. If you're using corporate VPN, use the IP address of the WiFi or Ethernet adapter, not the VPN.
- Type http://ipfromipconfig:3128/ into the "Web Server (HTTP)" box. Make sure the checkbox "Use same for both" is checked.
Amanda Debler
- 178
- 7
3
Using CNTLM automates working behind proxy. It allows us to specify everywhere IP address without any credentials, so security is better and whenever we change password we only have to do it in one place, we can also specify URLs that should not be proxied.
Since 18.03 Docker version, there is available special DNS name: host.docker.internal. That allows to connect to the host machine from Docker containers. Now, when we setup our CNTLM proxy in cntlm.ini to make it listen on 0.0.0.0:3128:
Listen 0.0.0.0:3128
Then we can specify in Docker settings proxy using host.docker.internal:3128 address, which will be translated to appropriate and current local address of our machine.
baawhee
- 43
- 4
-
This answer works in 2020. I believe the accepted answer is no longer viable based on a comment by the author on her own post here: https://stackoverflow.com/questions/46669115/docker-on-windows-with-a-proxy/47788248 – EnE_ Aug 26 '20 at 23:26
-
Bearing in Mind Im an in an NATLMv2 environment. -> This answer was helping , but I had to point CNTLM to another Port ( 0.0.0.0:53128 ) because the CNTLM service would otherwise not start. After that i also added the proxy settings in the Docker GUI with http://myusername:mypassword@docker.for.win.localhost:53128 Also a Password containing Special Charachters like # , ! , ? will cause sometimes mayor headaches due to URL encoding. – Dominik Sand Sep 17 '20 at 12:44
-1
you can set up two environment variables http_proxy and https_proxy
http_proxy with value http://username:password@proxyIp:proxyport
for example, in my case it was http://venkat_krish:password@something.ad.somthing.com:80
you can use the same for https proxy
Note:
If you have any special characters apart from _ & . in the username or password you have to encode the url. follow this link for url encoding https://grox.net/utils/encoding.html
For example if your password is abc@123, then it will be written as abc%40123
venkata krishnan
- 1,961
- 1
- 13
- 20
-
Is it enough to add environment variables, should I do any configuration on docker? – clockworks Oct 06 '17 at 06:26
-
if you set environment variables it will provide internet access via command prompt behind the proxy. so no need for any addtional setup in docker . i used the same for node package manager(npm) which works fine for me. – venkata krishnan Oct 06 '17 at 06:31
-
I have added HTTP_PROXY and HTTPS_PROXY as environment variables, but same error occured. – clockworks Oct 06 '17 at 06:38
-
can you check wheather u can read them in your power shell ? like echo command echo %http_proxy% – venkata krishnan Oct 06 '17 at 06:49
-
https://www.zerrouki.com/working-behind-a-proxy/ did you try this link? – venkata krishnan Oct 06 '17 at 06:53
-
https://gallery.technet.microsoft.com/scriptcenter/PowerShell-function-Get-cba2abf5 this one would help you i guess – venkata krishnan Oct 06 '17 at 06:54
-
zerrouki.com/working-behind-a-proxy I have followed this tutorial but nothing changed. For other tutorial, Set-InternetProxt is nor recognized as a valid cmdlet. – clockworks Oct 06 '17 at 07:04