diff --git a/content/manuals/desktop/setup/install/mac-install.md b/content/manuals/desktop/setup/install/mac-install.md index 59462de570e5..2894a0319843 100644 --- a/content/manuals/desktop/setup/install/mac-install.md +++ b/content/manuals/desktop/setup/install/mac-install.md @@ -141,6 +141,14 @@ The `install` command accepts the following flags: - `--override-proxy-http=`: Sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. It requires `--proxy-http-mode` to be `manual`. - `--override-proxy-https=`: Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests, requires `--proxy-http-mode` to be `manual` - `--override-proxy-exclude=`: Bypasses proxy settings for the hosts and domains. It's a comma-separated list. +- `--override-proxy-pac=`: Sets the PAC file URL. This setting takes effect only when using `manual` proxy mode. +- `--override-proxy-embedded-pac=`: Specifies an embedded PAC (Proxy Auto-Config) script. This setting takes effect only when using `manual` proxy mode and has precedence over the `--override-proxy-pac` flag. + +###### Example of specifying PAC file / PAC script + +```console + $ sudo /Applications/Docker.app/Contents/MacOS/install --user testuser --proxy-http-mode="manual" --override-proxy-pac="http://localhost:8080/myproxy.pac" --override-proxy-embedded-pac="function FindProxyForURL(url, host) { return \"DIRECT\"; }" +``` > [!TIP] > diff --git a/content/manuals/desktop/setup/install/windows-install.md b/content/manuals/desktop/setup/install/windows-install.md index 87c90070cd78..74a20d82712b 100644 --- a/content/manuals/desktop/setup/install/windows-install.md +++ b/content/manuals/desktop/setup/install/windows-install.md @@ -285,6 +285,14 @@ The `install` command accepts the following flags: - `--override-proxy-https=`: Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests, requires `--proxy-http-mode` to be `manual` - `--override-proxy-exclude=`: Bypasses proxy settings for the hosts and domains. Uses a comma-separated list. - `--proxy-enable-kerberosntlm`: Enables Kerberos and NTLM proxy authentication. If you are enabling this, ensure your proxy server is properly configured for Kerberos/NTLM authentication. Available with Docker Desktop 4.32 and later. +- `--override-proxy-pac=`: Sets the PAC file URL. This setting takes effect only when using `manual` proxy mode. +- `--override-proxy-embedded-pac=`: Specifies an embedded PAC (Proxy Auto-Config) script. This setting takes effect only when using `manual` proxy mode and has precedence over the `--override-proxy-pac` flag. + +###### Example of specifying PAC file / PAC script + +```console + "Docker Desktop Installer.exe" install --proxy-http-mode="manual" --override-proxy-pac="http://localhost:8080/myproxy.pac" --override-proxy-embedded-pac="function FindProxyForURL(url, host) { return \"DIRECT\"; }" +``` ##### Data root and disk location diff --git a/content/manuals/enterprise/enterprise-deployment/msi-install-and-configure.md b/content/manuals/enterprise/enterprise-deployment/msi-install-and-configure.md index f36d85ee4abc..0b1659f80c88 100644 --- a/content/manuals/enterprise/enterprise-deployment/msi-install-and-configure.md +++ b/content/manuals/enterprise/enterprise-deployment/msi-install-and-configure.md @@ -110,6 +110,20 @@ msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart ADMINSETTINGS= msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart ALLOWEDORG="your-organization" ALWAYSRUNSERVICE=1 ``` +#### Install interactively specifying a PAC file + +```powershell +PowerShell + msiexec --% /i "DockerDesktop.msi" /L*V ".\msi.log" PROXYHTTPMODE="manual" OVERRIDEPROXYPAC="http://localhost:8080/myproxy.pac" +``` + +#### Install interactively specifying a PAC script + +```powershell +PowerShell + msiexec --% /i "DockerDesktop.msi" /L*V ".\msi.log" PROXYHTTPMODE="manual" OVERRIDEPROXYEMBEDDEDPAC="function FindProxyForURL(url,host) {return ""DIRECT"" ;; }" +``` + #### Install with the passive display option You can use the `/passive` display option instead of `/quiet` when you want to perform a non-interactive installation but show a progress dialog. @@ -202,6 +216,8 @@ msiexec /x "DockerDesktop.msi" /quiet | `OVERRIDEPROXYHTTP` | Sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. | None | | `OVERRIDEPROXYHTTPS` | Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests. | None | | `OVERRIDEPROXYEXCLUDE` | Bypasses proxy settings for the hosts and domains. Uses a comma-separated list. | None | +| `OVERRIDEPROXYPAC` | Sets the PAC file URL. This setting takes effect only when using `manual` proxy mode. | None | +| `OVERRIDEPROXYEMBEDDEDPAC` | Specifies an embedded PAC (Proxy Auto-Config) script. This setting takes effect only when using `manual` proxy mode and has precedence over the `OVERRIDEPROXYPAC` flag.| None | | `HYPERVDEFAULTDATAROOT` | Specifies the default location for the Hyper-V VM disk. | None | | `WINDOWSCONTAINERSDEFAULTDATAROOT` | Specifies the default location for Windows containers. | None | | `WSLDEFAULTDATAROOT` | Specifies the default location for the WSL distribution disk. | None | diff --git a/content/manuals/enterprise/security/enforce-sign-in/methods.md b/content/manuals/enterprise/security/enforce-sign-in/methods.md index dcbe2ecd7ab1..d365f93a3804 100644 --- a/content/manuals/enterprise/security/enforce-sign-in/methods.md +++ b/content/manuals/enterprise/security/enforce-sign-in/methods.md @@ -77,7 +77,21 @@ Deploy the registry key across your organization using Group Policy: {{< summary-bar feature_name="Config profiles" >}} -Configuration profiles provide the most secure enforcement method for macOS because they're protected by Apple's System Integrity Protection. +Configuration profiles provide the most secure enforcement method for macOS, as they're protected by Apple's System Integrity Protection. + +The payload is a dictionary of key-values. Docker Desktop supports the following keys: + +- `allowedOrgs`: Sets a list of organizations in one single string, where each organization is separated by a semi-colon. + +In Docker Desktop version 4.48 and later, the following keys are also supported: + +- `overrideProxyHTTP`: Sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. +- `overrideProxyHTTPS`: Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests. +- `overrideProxyExclude`: Bypasses proxy settings for the specified hosts and domains. Uses a comma-separated list. +- `overrideProxyPAC`: Sets the file path where the PAC file is located. It has precedence over the remote PAC file on the selected proxy. +- `overrideProxyEmbeddedPAC`: Sets the content of an in-memory PAC file. It has precedence over `overrideProxyPAC`. + +Overriding at least one of the proxy settings via Configuration profiles will automatically lock the settings as they're managed by macOS. 1. Create a file named `docker.mobileconfig` with this content: ```xml @@ -104,6 +118,10 @@ Configuration profiles provide the most secure enforcement method for macOS beca Your Company Name allowedOrgs first_org;second_org + overrideProxyHTTP + http://company.proxy:80 + overrideProxyHTTPS + https://company.proxy:443 PayloadType diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md index 1cb4713741be..4e84ac34a392 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md @@ -55,6 +55,7 @@ When multiple policies exist, Docker Desktop applies them in this order: 1. User-specific policies: Highest priority 1. Organization default policy: Applied when no user-specific policy exists 1. Local `admin-settings.json` file: Lowest priority, overridden by Admin Console policies +1. [Configuration profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only): Super-set of Docker Admin Console policies. Available with Docker Desktop version 4.48 and later. ## Set up Settings Management