how to set proxy in docker toolbox?

[ozbillwang]

I can boot2docker ssh to set proxy, but i don't know how to set proxy in toolbox to pull the image.

Anyone gives hints?

[ozbillwang]

The best is the docker machine's document. I fix this issue with this:

https://github.com/docker/machine/blob/8f82b762749bb8dcf52c6dd0774b927510c5e885/docs/reference/create.md

docker-machine create -d virtualbox \
    --engine-env HTTP_PROXY=http://example.com:8080 \
    --engine-env HTTPS_PROXY=https://example.com:8080 \
    --engine-env NO_PROXY=example2.com \
    default

[mchiang0610]

@SydOps Thanks for willing to help with the solution as well. cc/ @nathanleclaire from the machine team.

[nathanleclaire]

So @SydOps does the --engine-env flag cover your use case completely?

[ozbillwang]

@nathanleclaire

Mostly. I have to create two docker machines (one is call default with proxy setting, the other is called as normal which I used at home)

So depend on where I am, I need switch docker-machine env to default or normal to use docker toolbox.

I didn't have chance to test with swarm, but if you'd like provide the full command how Toolbox creates the default environment, then I can prepare the same.

[ozbillwang]

Second, docker-machine has the subcommmand ssh as boot2docker. And I can add below lines into /var/lib/boot2docker/profile as I did in boot2docker.

export "HTTP_PROXY=http://proxy:3128"
export "HTTPS_PROXY=https://proxy:3128"

It may fix this issue. Will be back to confirm soon.

[ozbillwang]

I did the test, add above proxy setting into /var/lib/boot2docker/profile in normal machine, but after restart the machine, the setting is gone. So I can't connect to internet to pull the images.

Do the same in default (proxy enable when create), remove the proxy setting from above profile file, after restart the docker machine, the proxy is added automatically.

So I have to create the machine with proxy setting from beginning if I need docker machine works behind proxy, the old way to do within profile in boot2docker is useless in docker machine.

IT is a solution, but it is bad solution, I have to maintain two machines and download duplicate images in each docker machine

[jmorganca]

Merging with #78

[nsteinmetz]

Hi,

I have the same issue on my Windows PC ; moreover, my proxy requires credentials which are not permanent. So even if I hack the start.sh script for creating the default machine, I'll need to be able to update credentials every 56 days.

Is there a way to update those env settings ?

Thanks,
Nicolas

[LongLiveCHIEF]

@nsteinmetz I just set a variable in my ~/.bashrc, and then set all the different proxies to that variable:

export MyProxy="http://user:urlencodedpassword@proxyhost:port"
export http_proxy=$MyProxy
export https_proxy=$MyProxy

From within the start.sh script for docker, you just refer to the $MyProxy env var that you have now created, instead of hardcoding the proxy value.

You could also create a script that just changes the MyProxy value whenever your password changes, and then put that script on your path.

[nsteinmetz]

@LongLiveCHIEF: I'm not sure to understand ; you mean the .bashrc of the "Docker Terminal" in Windows ? I added the export http_proxy stuff in the start.sh script but seems it did not work even if you see it in the output of the "env" command in the terminal.

Maybe because I added my password as plain text and not as url encoded (but it worked this way on some other linux box)

Edit:

• I created a .bashrc file and did a source on it
• With default machine, it did not work even if env is well populated.

http_proxy=http://login:plainpassword@proxy.corp.com:8000
https_proxy=http://login:plainpassword@proxy.corp.com:8000
no_proxy=localhost,192.168.99.1/16

So for me, the only working solution is the one of @SydOps mentionned above:

docker-machine create -d virtualbox \
    --engine-env HTTP_PROXY=http://example.com:8080 \
    --engine-env HTTPS_PROXY=https://example.com:8080 \
    --engine-env NO_PROXY=example2.com \
    default

[chadswen]

If you're getting "Proxy Authentication" errors when your proxy doesn't require credentials, try adding a trailing slash to your proxy variables, as in:

docker-machine create -d virtualbox \
    --engine-env HTTP_PROXY=http://example.com:8080/ \
    --engine-env HTTPS_PROXY=https://example.com:8080/ \
    default

It seems that transport.go or some other aspect of proxy variable parsing can be picky about the proxy URL schema. This format is used in the Docker Engine example, but it's not used in the docker-machine create example.

[arun-deva]

I had the same issue - I downloaded Docker Toolbox today (Sep 23, 2015) so this is not fixed. My toolbox install succeeded but I was not able to run even the hello-world example because docker-machine did not have the proxy settings, so I would get a network timeout.

The only thing that worked for me was the suggestion above of using --engine-env (thank you so much @SydOps and others).

1. Add the --engine-env args to the docker-machine create command in the toolbox start script (on OS X, this is at /Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh)
2. "docker-machine rm default" to remove the docker-machine already created the first time I had run the Quickstart Terminal
3. Close my shell and re-run the Docker Quickstart Terminal. This time it created the default docker-machine with the proxy settings and I was able to run the example as well as some other container images

Other things I tried that did NOT work for my situation:

1. Editing the /var/lib/boot2docker/profile to add my proxy env vars - these did not work and kept getting erased periodically (I think with docker-machine restarts, but not entirely certain)
2. Simply adding the env var declarations to the top of start.sh and restarting the docker-machine

[nathanleclaire]

@desagar Any suggestion on how we might be able to do this automatically for you on first Toolbox installation / Machine create? Specifically, it would be hard for us to detect a proxy or VPN automatically, so I'm wondering if we might be able to prompt for the right values, etc.

[arun-deva]

@nathanleclaire I agree that asking for this information during Toolbox installation would be very helpful, although it would be nice to also have some way to modify this on a previously created docker-machine, either by editing a file or invoking some docker-machine command.

[nsteinmetz]

Another nice way would be to rely on / inherit from the system properties to avoid an extra declaration.

[arun-deva]

Agree about the system properties, but an option to edit during Toolbox install would be still be good. In my system property settings I don't specify the proxies and the no_proxy explicitly but use an auto config URL, so there would be nothing to inherit

[ozbillwang]

I just find another way which only need one docker machine to work behind proxy and without proxy.

The key file is: .docker/machine/machines/default/config.json, in it, there is a parameter named Env

So I have two: config.json.proxy and config.json.default,

if I need start behind proxy, I run:

cp config.json.proxy config.json
docker-machine start default
eval $(docker-machine env default)

If I need start without proxy, I run:

cp config.json.default config.json
docker-machine start default
eval $(docker-machine env default)

You can script it with less typing.

Let me know if this works.

[nsteinmetz]

Seems it does not work on W7 with Docker Toolbox 1.8.2c ; As I installed/uninstalled many times docker-toolbox, maybe my PC is a little bit messy too.

[ozbillwang]

@nsteinmetz

Thanks for the updating, i did the test in Mac only.

[LongLiveCHIEF]

I know this may not be what everyone wants to hear... but I've found a better way for dealing with my problems on this matter.

After installing docker toolbox, I went and installed Vagrant, and then ran vagrant install plugin vagrant-proxyconf

instead of using docker-machine, I use a vagrant VM to run my docker daemon, and it winds up working better for me anyways, because I can use the same host OS there, that I will be using downstream for deployments.

I have a sample of how I set things up here: https://github.com/HackerHappyHour/docker-toolbox-vagrant

[mskadu]

@H3Chief Thanks for your instructions. While I install Vagrant, you seemed to have missed adding the Docker sample Vagrantfile to your root on the GIT repo.

PS: Appreciate your effort in putting together the HOW-TO.

[nsteinmetz]

@SydOps could you please remind where the Env section should be located in the nested config.json part and its syntax ?

Got it:

{
    [...]
    "HostOptions": {
        [...]
        "EngineOptions": {
            [...]
            "Env": [
                "HTTP_PROXY=http:\\login:password@proxy.corp.com:port\\", 
                "HTTPS_PROXY=http:\\login:password@proxy.corp.com:port\\", 
                "NO_PROXY=192.168.99.1\\24,127.0.0.1"
            ],
            [...]
        } 
    [...]
    }
    [...]
}

So unless I made a typo in the syntax, seems it does not work on my W7 PC with Docker 1.8.3 behind a proxy :-/

[nsteinmetz]

@H3Chief , I agree with @mskadu the vagrant sample file you are mentionning is not in your github repo. Could you please share it ?

[ozbillwang]

@nsteinmetz

You did the right, but I test in Mac.

To all and Docker developer,

I still prefer the old boot2docker way and update the profile file /var/lib/boot2docker/profile directly to get the proxy setting and others works easily.

[vberruchon]

Hi, where could I find details about using the ~/.docker/machine/machines/myvmname/config.json file.
I modifiying this file to add an "insecure" private registry but it does nothing even if I do stop with docker-machine, modify the file and start again the boot2docker VM.

How should be used this file?
Is it only used at the creation of the VM? Or at each start? Or is there another command that could help?
Thank you for your help
(I did test with Toolbox 1.11.1 on Windows)

Edit: I finally did open a specific issue about the config.json file usage : #491

[nathan-zhu]

hi, i define new proxy on docker 1.11.2 in mac
on /var/lib/boot2docker/profile

export http_proxy=192.168.13.148:7070
export https_proxy=192.168.13.148:7070
export ALL_PROXY=$http_proxy
export NO_PROXY=192.168.99.100

but get below error during docker pull elasticsearch

Using default tag: latest
Pulling repository docker.io/library/elasticsearch
Error while pulling image: Get https://index.docker.io/v1/repositories/library/elasticsearch/images: http: error connecting to proxy http://192.168.13.148:7070: dial tcp 192.168.13.148:7070: getsockopt: connection refused

where is my setting wrong? please help thanks

[ozbillwang]

@nathan-zhu

can you login the docker machine (default machine is named default), and telnet the port, if it can reach?

docker-machine ssh default

telnet 192.168.13.148 7070

[nathan-zhu]

@SydOps i test it get result like below：

docker@default:~$ telnet 192.168.13.148 7070
telnet: can't connect to remote host (192.168.13.148): Connection refused

but ping ip working

[ozbillwang]

@nathan-zhu

The problem is mostly related to firewall setting in your environment and suitable to discuss at https://forums.docker.com, more than here. Please raise ticket to docker forum.

[nagarajasr]

in my case, restarting the docker daemon with the proxy set in the environment resolved the issue:

docker-machine ssh
$ sudo su -
# export http_proxy=http://myproxy:port
# export https_proxy=http://myproxy:port
# /etc/init.d/docker restart
# exit
$ docker pull ...

[ozbillwang]

@nagarajasr

Which version? If it is latest, seems the problem has been fixed

[nathan-zhu]

i use 1.11.2 toolbox. it's for me still not working , how to setting proxy for docker still confused me. each time resettings and restart docker is too complicated. any ideas?

[ozbillwang]

@nathan-zhu

If you are mac or windows user, apply for native docker for mac or windows, I needn't care of the proxy setting now. And it get updated frequently.

https://docs.docker.com/docker-for-mac/

https://docs.docker.com/docker-for-windows/

[animedbz16]

@SydOps But what about for those of us who don't have Windows 10, which seems to be the only Windows version supported by Native Docker. At least within our corporate environment, we just moved to Win 7 a couple years ago, so I don't think we'll be upgrading to Windows 10 in the near future. I guess our only option is to wait until Windows 7 became supported or struggle with the toolbox or I guess just run docker within our own VM.

[nagarajasr]

@SydOps i'm using docker-machine on Windows 7.
Docker version 1.10.3, build 20f81dd
also, the steps i suggested earlier only seems to work when switching from non-proxy setting to proxy setting, but not the reverse way. i.e., if i want to switch back to not using a proxy, then even after un-setting the environment variables and restarting docker daemon, it still continues to use the proxy and fails to pull images

[tjlee]

So what's the way for docker toolbox on windows 7 to use --registry-mirror ?

[nathanleclaire]

@tjlee if you create machine yourself using docker-machine create you can add --engine-opt registry-mirror=blah, or you could docker-machine ssh in and edit the /var/lib/boot2docker/profile + sudo /etc/init.d/docker restart to add the option yourself

[ozbillwang]

@nagarajasr

Before native docker, I create two docker-machines, one with proxy setting and one with non-proxy. So I have to duplicate the tasks to pull image or run container, if I need test the same stuff.

[kujiy]

We need to set no_proxy to the docker-machine client.

docker-machine ssh default
$ sudo su -
# export http_proxy=http://myproxy:port
# export https_proxy=http://myproxy:port
# /etc/init.d/docker restart
# exit
eval $(docker-machine env default)
export NO_PROXY=$NO_PROXY,$(docker-machine ip default)       # <-- Don't forget this
docker search alpine

[nathanleclaire]

@kujiy You can use docker-machine env --no-proxy to do this automatically and also I think that the Toolbox quickstart does it automatically now.

[kujiy]

@nathanleclaire It does not work automatically on my machine(latest toolbox on windows 8.1) but thanks!

[nathanleclaire]

@nathanleclaire It does not work automatically on my machine(latest toolbox on windows 8.1) but thanks!

Make sure you're using the latest available version. If not I'd be curious why it's not working.

[leandrolombardo]

Hi!,
Just tested the following steps on Win7 with Docker-toolbox and it works ! Wow!

Split from windows command directory to linux with the following command:

$ docker-machine ssh default
Now the command line start with "docker@default:~$"

Write sudo ..... as the following line
docker@default:~$ sudo vi /var/lib/boot2docker/profile

Write "i" to pass in insert mode and return button.
Add the two http export settings with username and password :
export "HTTP_PROXY=http://username:password@proxy.something.it:port"
export "HTTPS_PROXY=http://username:password@proxy.something.it:port"

Digit esc ": wq!" to save the new line and verify if everithing is ok with the cat command
docker@default:~$ cat /var/lib/boot2docker/profile

Restart the daemon
docker@default:~$ sudo /etc/init.d/docker restart

Now i have restarted the Docker toolbox and the "Docker pull image_name" work fine!

Thanks a lot to everybody!

[ozbillwang]

@leandrolombardo

recommend to use CNTLM to manage the proxy username and password.

[nbulusanjr]

If you are using windows go to docker toolbox folder edit start.sh and start.cmd
Add this line after line 82

export HTTP_PROXY=http://YOURPROXYSERVER
export HTTPS_PROXY=http://YOURPROXYSERVER

[animedbz16]

Whiles this may allow for the proxy to function, now imagine that your proxy credentials are tied to Active Directory/LDAD which will change every 30 or 90 days. It won't be advisable to store user credentials within a configuration file such as this but rather supported by natively using the OS proxy which is already configured via Kerberos, NTLM or some other means, or at the very basic once Docker is executed on the system if the user indicates that a proxy is present it could prompt the user for proxy credentials so that they are stored within memory rather than hard coded into a file

…

On Sat, Jan 14, 2017 at 11:42 PM nbulusanjr ***@***.***> wrote: If you are using windows go to docker toolbox edit start.sh Add this line after line 82 export HTTP_PROXY=http://YOURPROXYSERVER export HTTPS_PROXY=http://YOURPROXYSERVER — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#102 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACsR6E-n6Cxxephsx0BgjgD9s_xJziYuks5rSaPDgaJpZM4FshFj> .

[jcollum-cambia]

@nbulusanjr I think that line # may have changed. Right now that line is in the middle of an ASCII graphic. Might be better to put it after this:

export PATH="/c/Program Files/Docker Toolbox:$PATH"

However that didn't fix the issue that I'm having ("wsarecv: An existing connection was forcibly closed by the remote host.")

[phreakadelle]

@nbulusanjr : Adding the EXPORT calls after Line 82 fixed the issue for me. Thanks!

[jrobinss]

On Windows7, using toolbox behind a corp proxy.
Tested everything, nothing was working. I was probably right next to the solution.
I couldn't get the docker commands to take the env vars into account. I ended up deleting the machine and recreating it with the env vars.

Here's how to do, very simple and for beginners like me:

1. declare, in windows env vars, HTTP_PROXY as described above
   not in some terminal, CLI or VM, no, just in Windows env vars. To find it one of the ways is to type "var" in the windows start/search, it's one of the results. Note that this works because start.sh of docker tools looks into env vars to initialize its own env vars.
2. in windows cmd prompt, go to Docker Toolbox dir, and run docker-machine.exe rm default
   explanation: launching docker tools terminal in fact creates a VM. Here we are removing that VM, because it didn't really take into account the env vars.
   Fun fact: before doing this, I had set up the vars in several ways, and when I launched docker terminal, env | grep PROXY did return the proper env vars. I had also tested curl on some internet site, that worked with the vars and not without. But the vars didn't change anything for docker pull.
3. relaunch docker quickstart terminal (from windows menu)
   transparently creates a new VM. This time the proxy vars are taken into account by docker.

All of this is probably somewhere on this and other pages, but it wasn't clear to me where to launch commands: in docker quickstart terminal, in some VM, in Windows cmd... so here I'm writing it down step by step.

I realize that I'm falling into the same issue as was reported here in 08/2015, two years ago. Means using 2 different machines for docker tools, depending on whether I'm behind a proxy or not. But hey it's better than nothing.

[Jansk3r]

@ozbillwang
Thank you very much for your work to have this up for me...you just help achieve something that will help me go further in my learning. Thank you again!

[mithun3]

@ozbillwang
Thanks for your very detailed explanation, helped me resolve my proxy issue on WIN7.

[lgathy]

Anybody still having this issue on Windows with Docker Toolbox and command line tools, this is what worked for me: use Kitematic, set proxy for it as described here: https://github.com/docker/kitematic/wiki/Common-Proxy-Issues-&-Fixes after that start the Docker CLI from Kitematic. All proxy settings are inherited inside that shall, so command line tools will work, even if you have a proxy that requires authentication.

[svalchinov]

@lgathy That page is golden! Thanks for linking it managed to fix it in all environments!

[SaiPravesh]

Hi all, I am facing the same problem mentioned above and have read and tried each comment - this page covers almost all the solutions found in the internet. Can anyone help, heres all that I did:

I'm on windows 7 behind a corporate proxy that needs authentication.

1. I set HTTP_PROXY, HTTPS_PROXY env variable system wide and launched docker toolbox which downloaded and created VM (so it was able to use the proxy). The VM is running but it could not connect to it and timed out.

2. Even if I create a new docker-machine, its the same issue, it gets created but cannot connect to it.

3. Updated /var/lib/boot2docker/profile and restarted docker within docker-machine, no use.

Error:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": dial tcp 192.168.99.100:2376: i/o timeout

If I disconnect from VPN, it works immediately.