Skip to content
This repository has been archived by the owner on Sep 26, 2021. It is now read-only.

how to set proxy in docker toolbox? #102

Closed
ozbillwang opened this issue Aug 17, 2015 · 71 comments
Closed

how to set proxy in docker toolbox? #102

ozbillwang opened this issue Aug 17, 2015 · 71 comments
Labels

Comments

@ozbillwang
Copy link

I can boot2docker ssh to set proxy, but i don't know how to set proxy in toolbox to pull the image.

Anyone gives hints?

@ozbillwang
Copy link
Author

The best is the docker machine's document. I fix this issue with this:

https://github.com/docker/machine/blob/8f82b762749bb8dcf52c6dd0774b927510c5e885/docs/reference/create.md

docker-machine create -d virtualbox \
    --engine-env HTTP_PROXY=http://example.com:8080 \
    --engine-env HTTPS_PROXY=https://example.com:8080 \
    --engine-env NO_PROXY=example2.com \
    default

@mchiang0610
Copy link
Contributor

@SydOps Thanks for willing to help with the solution as well. cc/ @nathanleclaire from the machine team.

@nathanleclaire
Copy link
Contributor

So @SydOps does the --engine-env flag cover your use case completely?

@ozbillwang
Copy link
Author

@nathanleclaire

Mostly. I have to create two docker machines (one is call default with proxy setting, the other is called as normal which I used at home)

So depend on where I am, I need switch docker-machine env to default or normal to use docker toolbox.

I didn't have chance to test with swarm, but if you'd like provide the full command how Toolbox creates the default environment, then I can prepare the same.

@ozbillwang
Copy link
Author

Second, docker-machine has the subcommmand ssh as boot2docker. And I can add below lines into /var/lib/boot2docker/profile as I did in boot2docker.

export "HTTP_PROXY=http://proxy:3128"
export "HTTPS_PROXY=https://proxy:3128"

It may fix this issue. Will be back to confirm soon.

@ozbillwang
Copy link
Author

I did the test, add above proxy setting into /var/lib/boot2docker/profile in normal machine, but after restart the machine, the setting is gone. So I can't connect to internet to pull the images.

Do the same in default (proxy enable when create), remove the proxy setting from above profile file, after restart the docker machine, the proxy is added automatically.

So I have to create the machine with proxy setting from beginning if I need docker machine works behind proxy, the old way to do within profile in boot2docker is useless in docker machine.

IT is a solution, but it is bad solution, I have to maintain two machines and download duplicate images in each docker machine

@jmorganca
Copy link
Contributor

Merging with #78

@nsteinmetz
Copy link

Hi,

I have the same issue on my Windows PC ; moreover, my proxy requires credentials which are not permanent. So even if I hack the start.sh script for creating the default machine, I'll need to be able to update credentials every 56 days.

Is there a way to update those env settings ?

Thanks,
Nicolas

@LongLiveCHIEF
Copy link

@nsteinmetz I just set a variable in my ~/.bashrc, and then set all the different proxies to that variable:

export MyProxy="http://user:urlencodedpassword@proxyhost:port"
export http_proxy=$MyProxy
export https_proxy=$MyProxy

From within the start.sh script for docker, you just refer to the $MyProxy env var that you have now created, instead of hardcoding the proxy value.

You could also create a script that just changes the MyProxy value whenever your password changes, and then put that script on your path.

@nsteinmetz
Copy link

@LongLiveCHIEF: I'm not sure to understand ; you mean the .bashrc of the "Docker Terminal" in Windows ? I added the export http_proxy stuff in the start.sh script but seems it did not work even if you see it in the output of the "env" command in the terminal.

Maybe because I added my password as plain text and not as url encoded (but it worked this way on some other linux box)

Edit:

  • I created a .bashrc file and did a source on it
  • With default machine, it did not work even if env is well populated.
http_proxy=http://login:plainpassword@proxy.corp.com:8000
https_proxy=http://login:plainpassword@proxy.corp.com:8000
no_proxy=localhost,192.168.99.1/16

So for me, the only working solution is the one of @SydOps mentionned above:

docker-machine create -d virtualbox \
    --engine-env HTTP_PROXY=http://example.com:8080 \
    --engine-env HTTPS_PROXY=https://example.com:8080 \
    --engine-env NO_PROXY=example2.com \
    default

@chadswen
Copy link

chadswen commented Sep 2, 2015

If you're getting "Proxy Authentication" errors when your proxy doesn't require credentials, try adding a trailing slash to your proxy variables, as in:

docker-machine create -d virtualbox \
    --engine-env HTTP_PROXY=http://example.com:8080/ \
    --engine-env HTTPS_PROXY=https://example.com:8080/ \
    default

It seems that transport.go or some other aspect of proxy variable parsing can be picky about the proxy URL schema. This format is used in the Docker Engine example, but it's not used in the docker-machine create example.

@arun-deva
Copy link

I had the same issue - I downloaded Docker Toolbox today (Sep 23, 2015) so this is not fixed. My toolbox install succeeded but I was not able to run even the hello-world example because docker-machine did not have the proxy settings, so I would get a network timeout.

The only thing that worked for me was the suggestion above of using --engine-env (thank you so much @SydOps and others).

  1. Add the --engine-env args to the docker-machine create command in the toolbox start script (on OS X, this is at /Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh)
  2. "docker-machine rm default" to remove the docker-machine already created the first time I had run the Quickstart Terminal
  3. Close my shell and re-run the Docker Quickstart Terminal. This time it created the default docker-machine with the proxy settings and I was able to run the example as well as some other container images

Other things I tried that did NOT work for my situation:

  1. Editing the /var/lib/boot2docker/profile to add my proxy env vars - these did not work and kept getting erased periodically (I think with docker-machine restarts, but not entirely certain)
  2. Simply adding the env var declarations to the top of start.sh and restarting the docker-machine

@nathanleclaire
Copy link
Contributor

@desagar Any suggestion on how we might be able to do this automatically for you on first Toolbox installation / Machine create? Specifically, it would be hard for us to detect a proxy or VPN automatically, so I'm wondering if we might be able to prompt for the right values, etc.

@arun-deva
Copy link

@nathanleclaire I agree that asking for this information during Toolbox installation would be very helpful, although it would be nice to also have some way to modify this on a previously created docker-machine, either by editing a file or invoking some docker-machine command.

@nsteinmetz
Copy link

Another nice way would be to rely on / inherit from the system properties to avoid an extra declaration.

@arun-deva
Copy link

Agree about the system properties, but an option to edit during Toolbox install would be still be good. In my system property settings I don't specify the proxies and the no_proxy explicitly but use an auto config URL, so there would be nothing to inherit

@ozbillwang
Copy link
Author

I just find another way which only need one docker machine to work behind proxy and without proxy.

The key file is: .docker/machine/machines/default/config.json, in it, there is a parameter named Env

So I have two: config.json.proxy and config.json.default,

if I need start behind proxy, I run:

cp config.json.proxy config.json
docker-machine start default
eval $(docker-machine env default)

If I need start without proxy, I run:

cp config.json.default config.json
docker-machine start default
eval $(docker-machine env default)

You can script it with less typing.

Let me know if this works.

@nsteinmetz
Copy link

Seems it does not work on W7 with Docker Toolbox 1.8.2c ; As I installed/uninstalled many times docker-toolbox, maybe my PC is a little bit messy too.

@ozbillwang
Copy link
Author

@nsteinmetz

Thanks for the updating, i did the test in Mac only.

@LongLiveCHIEF
Copy link

I know this may not be what everyone wants to hear... but I've found a better way for dealing with my problems on this matter.

After installing docker toolbox, I went and installed Vagrant, and then ran vagrant install plugin vagrant-proxyconf

instead of using docker-machine, I use a vagrant VM to run my docker daemon, and it winds up working better for me anyways, because I can use the same host OS there, that I will be using downstream for deployments.

I have a sample of how I set things up here: https://github.com/HackerHappyHour/docker-toolbox-vagrant

@mskadu
Copy link

mskadu commented Oct 7, 2015

@H3Chief Thanks for your instructions. While I install Vagrant, you seemed to have missed adding the Docker sample Vagrantfile to your root on the GIT repo.

PS: Appreciate your effort in putting together the HOW-TO.

@nsteinmetz
Copy link

@SydOps could you please remind where the Env section should be located in the nested config.json part and its syntax ?

Got it:

{
    [...]
    "HostOptions": {
        [...]
        "EngineOptions": {
            [...]
            "Env": [
                "HTTP_PROXY=http:\\login:password@proxy.corp.com:port\\", 
                "HTTPS_PROXY=http:\\login:password@proxy.corp.com:port\\", 
                "NO_PROXY=192.168.99.1\\24,127.0.0.1"
            ],
            [...]
        } 
    [...]
    }
    [...]
}

So unless I made a typo in the syntax, seems it does not work on my W7 PC with Docker 1.8.3 behind a proxy :-/

@nsteinmetz
Copy link

@H3Chief , I agree with @mskadu the vagrant sample file you are mentionning is not in your github repo. Could you please share it ?

@ozbillwang
Copy link
Author

@nsteinmetz

You did the right, but I test in Mac.

To all and Docker developer,

I still prefer the old boot2docker way and update the profile file /var/lib/boot2docker/profile directly to get the proxy setting and others works easily.

@vberruchon
Copy link

vberruchon commented May 4, 2016

Hi, where could I find details about using the ~/.docker/machine/machines/myvmname/config.json file.
I modifiying this file to add an "insecure" private registry but it does nothing even if I do stop with docker-machine, modify the file and start again the boot2docker VM.

How should be used this file?
Is it only used at the creation of the VM? Or at each start? Or is there another command that could help?
Thank you for your help
(I did test with Toolbox 1.11.1 on Windows)

Edit: I finally did open a specific issue about the config.json file usage : #491

@nathan-zhu
Copy link

nathan-zhu commented Jun 28, 2016

hi, i define new proxy on docker 1.11.2 in mac
on /var/lib/boot2docker/profile

export http_proxy=192.168.13.148:7070
export https_proxy=192.168.13.148:7070
export ALL_PROXY=$http_proxy
export NO_PROXY=192.168.99.100

but get below error during docker pull elasticsearch

Using default tag: latest
Pulling repository docker.io/library/elasticsearch
Error while pulling image: Get https://index.docker.io/v1/repositories/library/elasticsearch/images: http: error connecting to proxy http://192.168.13.148:7070: dial tcp 192.168.13.148:7070: getsockopt: connection refused

where is my setting wrong? please help thanks

@ozbillwang
Copy link
Author

ozbillwang commented Jun 28, 2016

@nathan-zhu

can you login the docker machine (default machine is named default), and telnet the port, if it can reach?

docker-machine ssh default

telnet 192.168.13.148 7070

@nathan-zhu
Copy link

nathan-zhu commented Jun 28, 2016

@SydOps i test it get result like below:

docker@default:~$ telnet 192.168.13.148 7070
telnet: can't connect to remote host (192.168.13.148): Connection refused

but ping ip working

@ozbillwang
Copy link
Author

@nathan-zhu

The problem is mostly related to firewall setting in your environment and suitable to discuss at https://forums.docker.com, more than here. Please raise ticket to docker forum.

@nagarajasr
Copy link

in my case, restarting the docker daemon with the proxy set in the environment resolved the issue:

docker-machine ssh
$ sudo su -
# export http_proxy=http://myproxy:port
# export https_proxy=http://myproxy:port
# /etc/init.d/docker restart
# exit
$ docker pull ...

@ozbillwang
Copy link
Author

@nagarajasr

Which version? If it is latest, seems the problem has been fixed

@nathan-zhu
Copy link

i use 1.11.2 toolbox. it's for me still not working , how to setting proxy for docker still confused me. each time resettings and restart docker is too complicated. any ideas?

@ozbillwang
Copy link
Author

ozbillwang commented Jul 7, 2016

@nathan-zhu

If you are mac or windows user, apply for native docker for mac or windows, I needn't care of the proxy setting now. And it get updated frequently.

https://docs.docker.com/docker-for-mac/

https://docs.docker.com/docker-for-windows/

@animedbz16
Copy link

@SydOps But what about for those of us who don't have Windows 10, which seems to be the only Windows version supported by Native Docker. At least within our corporate environment, we just moved to Win 7 a couple years ago, so I don't think we'll be upgrading to Windows 10 in the near future. I guess our only option is to wait until Windows 7 became supported or struggle with the toolbox or I guess just run docker within our own VM.

@nagarajasr
Copy link

@SydOps i'm using docker-machine on Windows 7.
Docker version 1.10.3, build 20f81dd
also, the steps i suggested earlier only seems to work when switching from non-proxy setting to proxy setting, but not the reverse way. i.e., if i want to switch back to not using a proxy, then even after un-setting the environment variables and restarting docker daemon, it still continues to use the proxy and fails to pull images

@tjlee
Copy link

tjlee commented Aug 26, 2016

So what's the way for docker toolbox on windows 7 to use --registry-mirror ?

@nathanleclaire
Copy link
Contributor

nathanleclaire commented Aug 26, 2016

@tjlee if you create machine yourself using docker-machine create you can add --engine-opt registry-mirror=blah, or you could docker-machine ssh in and edit the /var/lib/boot2docker/profile + sudo /etc/init.d/docker restart to add the option yourself

@ozbillwang
Copy link
Author

ozbillwang commented Aug 27, 2016

@nagarajasr

Before native docker, I create two docker-machines, one with proxy setting and one with non-proxy. So I have to duplicate the tasks to pull image or run container, if I need test the same stuff.

@kujiy
Copy link

kujiy commented Sep 12, 2016

We need to set no_proxy to the docker-machine client.

docker-machine ssh default
$ sudo su -
# export http_proxy=http://myproxy:port
# export https_proxy=http://myproxy:port
# /etc/init.d/docker restart
# exit
eval $(docker-machine env default)
export NO_PROXY=$NO_PROXY,$(docker-machine ip default)       # <-- Don't forget this
docker search alpine

@nathanleclaire
Copy link
Contributor

@kujiy You can use docker-machine env --no-proxy to do this automatically and also I think that the Toolbox quickstart does it automatically now.

@kujiy
Copy link

kujiy commented Sep 15, 2016

@nathanleclaire It does not work automatically on my machine(latest toolbox on windows 8.1) but thanks!

@nathanleclaire
Copy link
Contributor

@nathanleclaire It does not work automatically on my machine(latest toolbox on windows 8.1) but thanks!

Make sure you're using the latest available version. If not I'd be curious why it's not working.

@leandrolombardo
Copy link

leandrolombardo commented Nov 3, 2016

Hi!,
Just tested the following steps on Win7 with Docker-toolbox and it works ! Wow!

Split from windows command directory to linux with the following command:

$ docker-machine ssh default
Now the command line start with "docker@default:~$"

Write sudo ..... as the following line
docker@default:~$ sudo vi /var/lib/boot2docker/profile

Write "i" to pass in insert mode and return button.
Add the two http export settings with username and password :
export "HTTP_PROXY=http://username:password@proxy.something.it:port"
export "HTTPS_PROXY=http://username:password@proxy.something.it:port"

Digit esc ": wq!" to save the new line and verify if everithing is ok with the cat command
docker@default:~$ cat /var/lib/boot2docker/profile

Restart the daemon
docker@default:~$ sudo /etc/init.d/docker restart

Now i have restarted the Docker toolbox and the "Docker pull image_name" work fine!

Thanks a lot to everybody!

@ozbillwang
Copy link
Author

@leandrolombardo

recommend to use CNTLM to manage the proxy username and password.

@nbulusanjr
Copy link

nbulusanjr commented Jan 15, 2017

If you are using windows go to docker toolbox folder edit start.sh and start.cmd
Add this line after line 82

export HTTP_PROXY=http://YOURPROXYSERVER
export HTTPS_PROXY=http://YOURPROXYSERVER

@animedbz16
Copy link

animedbz16 commented Jan 15, 2017 via email

@jcollum-cambia
Copy link

@nbulusanjr I think that line # may have changed. Right now that line is in the middle of an ASCII graphic. Might be better to put it after this:

export PATH="/c/Program Files/Docker Toolbox:$PATH"

However that didn't fix the issue that I'm having ("wsarecv: An existing connection was forcibly closed by the remote host.")

@phreakadelle
Copy link

phreakadelle commented Nov 17, 2017

@nbulusanjr : Adding the EXPORT calls after Line 82 fixed the issue for me. Thanks!

@jrobinss
Copy link

jrobinss commented Dec 22, 2017

On Windows7, using toolbox behind a corp proxy.
Tested everything, nothing was working. I was probably right next to the solution.
I couldn't get the docker commands to take the env vars into account. I ended up deleting the machine and recreating it with the env vars.

Here's how to do, very simple and for beginners like me:

  1. declare, in windows env vars, HTTP_PROXY as described above
    not in some terminal, CLI or VM, no, just in Windows env vars. To find it one of the ways is to type "var" in the windows start/search, it's one of the results. Note that this works because start.sh of docker tools looks into env vars to initialize its own env vars.
  2. in windows cmd prompt, go to Docker Toolbox dir, and run docker-machine.exe rm default
    explanation: launching docker tools terminal in fact creates a VM. Here we are removing that VM, because it didn't really take into account the env vars.
    Fun fact: before doing this, I had set up the vars in several ways, and when I launched docker terminal, env | grep PROXY did return the proper env vars. I had also tested curl on some internet site, that worked with the vars and not without. But the vars didn't change anything for docker pull.
  3. relaunch docker quickstart terminal (from windows menu)
    transparently creates a new VM. This time the proxy vars are taken into account by docker.

All of this is probably somewhere on this and other pages, but it wasn't clear to me where to launch commands: in docker quickstart terminal, in some VM, in Windows cmd... so here I'm writing it down step by step.

I realize that I'm falling into the same issue as was reported here in 08/2015, two years ago. Means using 2 different machines for docker tools, depending on whether I'm behind a proxy or not. But hey it's better than nothing.

@Jansk3r
Copy link

Jansk3r commented Feb 6, 2018

@ozbillwang
Thank you very much for your work to have this up for me...you just help achieve something that will help me go further in my learning. Thank you again!

@mithun3
Copy link

mithun3 commented Feb 9, 2018

@ozbillwang
Thanks for your very detailed explanation, helped me resolve my proxy issue on WIN7.

@lgathy
Copy link

lgathy commented Feb 16, 2018

Anybody still having this issue on Windows with Docker Toolbox and command line tools, this is what worked for me: use Kitematic, set proxy for it as described here: https://github.com/docker/kitematic/wiki/Common-Proxy-Issues-&-Fixes after that start the Docker CLI from Kitematic. All proxy settings are inherited inside that shall, so command line tools will work, even if you have a proxy that requires authentication.

@svalchinov
Copy link

@lgathy That page is golden! Thanks for linking it managed to fix it in all environments!

@SaiPravesh
Copy link

Hi all, I am facing the same problem mentioned above and have read and tried each comment - this page covers almost all the solutions found in the internet. Can anyone help, heres all that I did:

I'm on windows 7 behind a corporate proxy that needs authentication.

  1. I set HTTP_PROXY, HTTPS_PROXY env variable system wide and launched docker toolbox which downloaded and created VM (so it was able to use the proxy). The VM is running but it could not connect to it and timed out.

  2. Even if I create a new docker-machine, its the same issue, it gets created but cannot connect to it.

  3. Updated /var/lib/boot2docker/profile and restarted docker within docker-machine, no use.

Error:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": dial tcp 192.168.99.100:2376: i/o timeout

If I disconnect from VPN, it works immediately.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests