From a051eb2df65578f2b7bc3c19081e92d38192e953 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 24 Apr 2024 10:54:12 +0100 Subject: [PATCH 1/4] ENGDOCS-2073 --- content/desktop/settings/windows.md | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/content/desktop/settings/windows.md b/content/desktop/settings/windows.md index e5d54e20f498..2b4f0acf619f 100644 --- a/content/desktop/settings/windows.md +++ b/content/desktop/settings/windows.md @@ -199,11 +199,7 @@ HTTP/HTTPS proxies can be used when: If the host uses a HTTP/HTTPS proxy configuration (static or via Proxy Auto-Configuration), Docker Desktop reads this configuration and automatically uses these settings for signing into Docker, for pulling and pushing images, and for -container Internet access. If the proxy requires authorization then Docker Desktop dynamically asks -the developer for a username and password. All passwords are stored securely in the OS credential store. -Note that only the `Basic` proxy authentication method is supported so we recommend using an `https://` -URL for your HTTP/HTTPS proxies to protect passwords while in transit on the network. Docker Desktop -supports TLS 1.3 when communicating with proxies. +container Internet access. To set a different proxy for Docker Desktop, turn on **Manual proxy configuration** and enter a single upstream proxy URL of the form `http://proxy:port` or `https://proxy:port`. @@ -216,6 +212,27 @@ The HTTPS proxy settings used for scanning images are set using the `HTTPS_PROXY If you are running Windows containers in Docker, you can allow the Windows Docker daemon to use Docker Desktop's internal proxy, with the **Use proxy for Windows Docker daemon** setting. This is useful when a corporate proxy that requires authentication is manually configured or set at the system level. If you are an admin for your organization and have a Docker Business subscription, you can control this setting with [Settings management](../hardened-desktop/settings-management/configure.md) using the `windowsDockerdPort` parameter. +#### Proxy authentication + +If the proxy requires authorization then Docker Desktop dynamically asks +the developer for a username and password. All passwords are stored securely in the OS credential store. + +Docker Desktop supports Basic, Kerberos and NTLM proxy authentication methods. + +##### Basic authentication + +If your proxy uses Basic authentication, Docker Desktop dynamically prompts developers for a username and password. + +It's recommended that you use an `https:// URL` for HTTP/HTTPS proxies to protect passwords during network transit. Docker Desktop also supports TLS 1.3 for communication with proxies. + +##### Kerberos and NTLM authentication + +{{< introduced desktop 4.30 "../release-notes.md" >}} + +Kerberos and NTLM proxy authentication are available for Pro, Team, and Business subscribers. No additional configuration is needed beyond specifying the proxy IP address and port. + +You can enjoy a seamless experience without being interrupted by prompts for proxy credentials, reducing the risk of account lockouts due to incorrect sign in attempts. + ### Network > **Note** From 772ae81d07e7253b3cb688c6935b559b0640ad25 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 24 Apr 2024 10:58:19 +0100 Subject: [PATCH 2/4] ENGDOCS-2073 --- content/desktop/settings/windows.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/desktop/settings/windows.md b/content/desktop/settings/windows.md index 2b4f0acf619f..66a6da4f46a8 100644 --- a/content/desktop/settings/windows.md +++ b/content/desktop/settings/windows.md @@ -227,9 +227,7 @@ It's recommended that you use an `https:// URL` for HTTP/HTTPS proxies to protec ##### Kerberos and NTLM authentication -{{< introduced desktop 4.30 "../release-notes.md" >}} - -Kerberos and NTLM proxy authentication are available for Pro, Team, and Business subscribers. No additional configuration is needed beyond specifying the proxy IP address and port. +Kerberos and NTLM proxy authentication are available for Pro, Team, and Business subscribers with Docker Desktop version 4.30 and later. No additional configuration is needed beyond specifying the proxy IP address and port. You can enjoy a seamless experience without being interrupted by prompts for proxy credentials, reducing the risk of account lockouts due to incorrect sign in attempts. From 468c44aae5bfbd993fb5e6f45f9bab6deeac8e61 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Thu, 25 Apr 2024 09:51:28 +0100 Subject: [PATCH 3/4] review fixes --- content/desktop/settings/windows.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/content/desktop/settings/windows.md b/content/desktop/settings/windows.md index 66a6da4f46a8..1765573b3446 100644 --- a/content/desktop/settings/windows.md +++ b/content/desktop/settings/windows.md @@ -214,22 +214,19 @@ This is useful when a corporate proxy that requires authentication is manually c #### Proxy authentication -If the proxy requires authorization then Docker Desktop dynamically asks -the developer for a username and password. All passwords are stored securely in the OS credential store. - Docker Desktop supports Basic, Kerberos and NTLM proxy authentication methods. ##### Basic authentication -If your proxy uses Basic authentication, Docker Desktop dynamically prompts developers for a username and password. +If your proxy uses Basic authentication, Docker Desktop prompts developers for a username and password and caches the credentials. All passwords are stored securely in the OS credential store. It will request re-authentication if that cache is removed. -It's recommended that you use an `https:// URL` for HTTP/HTTPS proxies to protect passwords during network transit. Docker Desktop also supports TLS 1.3 for communication with proxies. +It's recommended that you use an `https://` URL for HTTP/HTTPS proxies to protect passwords during network transit. Docker Desktop also supports TLS 1.3 for communication with proxies. ##### Kerberos and NTLM authentication Kerberos and NTLM proxy authentication are available for Pro, Team, and Business subscribers with Docker Desktop version 4.30 and later. No additional configuration is needed beyond specifying the proxy IP address and port. -You can enjoy a seamless experience without being interrupted by prompts for proxy credentials, reducing the risk of account lockouts due to incorrect sign in attempts. +Developers are no longer interrupted by prompts for proxy credentials as authentication is centralized. This also reduces the risk of account lockouts due to incorrect sign in attempts. ### Network From a04dbfb46cf16574916464dd8a4ece7a672a2aef Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Wed, 1 May 2024 08:38:07 +0100 Subject: [PATCH 4/4] Update content/desktop/settings/windows.md --- content/desktop/settings/windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/desktop/settings/windows.md b/content/desktop/settings/windows.md index 1765573b3446..0a3930f12b1f 100644 --- a/content/desktop/settings/windows.md +++ b/content/desktop/settings/windows.md @@ -224,7 +224,7 @@ It's recommended that you use an `https://` URL for HTTP/HTTPS proxies to protec ##### Kerberos and NTLM authentication -Kerberos and NTLM proxy authentication are available for Pro, Team, and Business subscribers with Docker Desktop version 4.30 and later. No additional configuration is needed beyond specifying the proxy IP address and port. +Kerberos and NTLM proxy authentication are available for Business subscribers with Docker Desktop version 4.30 and later. No additional configuration is needed beyond specifying the proxy IP address and port. Developers are no longer interrupted by prompts for proxy credentials as authentication is centralized. This also reduces the risk of account lockouts due to incorrect sign in attempts.