From 63fca652f8116eada29cf565f43d8fc0d1f49663 Mon Sep 17 00:00:00 2001 From: Luciano Ciccariello Date: Tue, 7 Oct 2025 20:59:06 +0100 Subject: [PATCH 1/2] admin: add proxy for config profiles --- .../security/enforce-sign-in/methods.md | 17 ++++++++++++++++- .../settings-management/_index.md | 1 + 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/content/manuals/enterprise/security/enforce-sign-in/methods.md b/content/manuals/enterprise/security/enforce-sign-in/methods.md index dcbe2ecd7ab1..0b4107812545 100644 --- a/content/manuals/enterprise/security/enforce-sign-in/methods.md +++ b/content/manuals/enterprise/security/enforce-sign-in/methods.md @@ -77,7 +77,18 @@ Deploy the registry key across your organization using Group Policy: {{< summary-bar feature_name="Config profiles" >}} -Configuration profiles provide the most secure enforcement method for macOS because they're protected by Apple's System Integrity Protection. +Configuration profiles provide the most secure enforcement method for macOS, as they're protected by Apple's System Integrity Protection. + +The payload is a dictionary of key-values. Docker Desktop supports the following keys: + +* `allowedOrgs` sets a list of organizations in one single string, where each organization is separated by a semi-colon. +* `overrideProxyHTTP`: sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. +* `overrideProxyHTTPS`: sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests. +* `overrideProxyExclude` bypasses proxy settings for the specified hosts and domains. Uses a comma-separated list. +* `overrideProxyPAC` sets the file path where the PAC file is located. It has precedence over the remote PAC file on the selected proxy. +* `overrideProxyEmbeddedPAC` sets the content of a in-memory PAC file. It has precedence over `overrideProxyPAC`. + +Overriding at least one of the proxy settings via Configuration profiles will automatically lock the settings as they're managed by macOS. 1. Create a file named `docker.mobileconfig` with this content: ```xml @@ -104,6 +115,10 @@ Configuration profiles provide the most secure enforcement method for macOS beca Your Company Name allowedOrgs first_org;second_org + overrideProxyHTTP + http://company.proxy:80 + overrideProxyHTTPS + https://company.proxy:443 PayloadType diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md index 1cb4713741be..8d8e91b00379 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md @@ -55,6 +55,7 @@ When multiple policies exist, Docker Desktop applies them in this order: 1. User-specific policies: Highest priority 1. Organization default policy: Applied when no user-specific policy exists 1. Local `admin-settings.json` file: Lowest priority, overridden by Admin Console policies +1. [Configuration Profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only): super-set of Admin Console policies ## Set up Settings Management From e41a80d9c177f785e9f44eb195c644bc83a1a294 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 8 Oct 2025 09:42:49 +0100 Subject: [PATCH 2/2] edits and version addition --- .../security/enforce-sign-in/methods.md | 19 +++++++++++-------- .../settings-management/_index.md | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/content/manuals/enterprise/security/enforce-sign-in/methods.md b/content/manuals/enterprise/security/enforce-sign-in/methods.md index 0b4107812545..d365f93a3804 100644 --- a/content/manuals/enterprise/security/enforce-sign-in/methods.md +++ b/content/manuals/enterprise/security/enforce-sign-in/methods.md @@ -81,14 +81,17 @@ Configuration profiles provide the most secure enforcement method for macOS, as The payload is a dictionary of key-values. Docker Desktop supports the following keys: -* `allowedOrgs` sets a list of organizations in one single string, where each organization is separated by a semi-colon. -* `overrideProxyHTTP`: sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. -* `overrideProxyHTTPS`: sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests. -* `overrideProxyExclude` bypasses proxy settings for the specified hosts and domains. Uses a comma-separated list. -* `overrideProxyPAC` sets the file path where the PAC file is located. It has precedence over the remote PAC file on the selected proxy. -* `overrideProxyEmbeddedPAC` sets the content of a in-memory PAC file. It has precedence over `overrideProxyPAC`. - -Overriding at least one of the proxy settings via Configuration profiles will automatically lock the settings as they're managed by macOS. +- `allowedOrgs`: Sets a list of organizations in one single string, where each organization is separated by a semi-colon. + +In Docker Desktop version 4.48 and later, the following keys are also supported: + +- `overrideProxyHTTP`: Sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. +- `overrideProxyHTTPS`: Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests. +- `overrideProxyExclude`: Bypasses proxy settings for the specified hosts and domains. Uses a comma-separated list. +- `overrideProxyPAC`: Sets the file path where the PAC file is located. It has precedence over the remote PAC file on the selected proxy. +- `overrideProxyEmbeddedPAC`: Sets the content of an in-memory PAC file. It has precedence over `overrideProxyPAC`. + +Overriding at least one of the proxy settings via Configuration profiles will automatically lock the settings as they're managed by macOS. 1. Create a file named `docker.mobileconfig` with this content: ```xml diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md index 8d8e91b00379..4e84ac34a392 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md @@ -55,7 +55,7 @@ When multiple policies exist, Docker Desktop applies them in this order: 1. User-specific policies: Highest priority 1. Organization default policy: Applied when no user-specific policy exists 1. Local `admin-settings.json` file: Lowest priority, overridden by Admin Console policies -1. [Configuration Profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only): super-set of Admin Console policies +1. [Configuration profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only): Super-set of Docker Admin Console policies. Available with Docker Desktop version 4.48 and later. ## Set up Settings Management