How to work with Docker behind a corporate proxy

In networking, a proxy [1] is a server that acts as intermediary for request from clients. The proxy functions on behalf of the client requesting a service masking the true origin. This intermediation function provides additional benefits such load balancing, privacy or security, besides a centralized point of control which makes them specially appealing for companies’ private networks accessing the Internet. This access is usually granted by login with the corporate credentials unless the proxy is a Transparent Proxy [1].

Although Docker, according to its documentation [3], can be configured to work with proxies, it can be tricky to configure it properly for both build images and run containers.

Configuring Docker Daemon

The first step is to configure the Docker Daemon to use HTTP(S) proxy by following this guide [4].

1. Create a systemd drop-in directory for the docker service:

    sudo mkdir -p /etc/systemd/system/docker.service.d
   

2. Create the file http-proxy.conf on that directory and add the proxy environment:

    [Service]
    Environment="HTTP_PROXY=http://proxy.example.com:80"
    Environment="HTTPS_PROXY=https://proxy.example.com:443"
    Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
   

3. Flush changes and restart Docker

    sudo systemctl daemon-reload
    sudo systemctl restart docker
   

With the above changes the Docker daemon will be able to download images from Docker Hub thorough the corporate proxy, but you’ll still have problems to run your images (when those images need to access the Internet) or getting Docker to build them with resources fetch from the Internet (Maven Central, NPM, etc.), so follow the next section to achieve it.

Setting environment variables

The first step is to set the following environment variables:

export HTTP_PROXY="http://<host>:<port>"
export HTTPS_PROXY="http://<host>:<port>"
export NO_PROXY="localhost,127.0.0.1"

If you work with Java within your Docker images you should define the following ones as well:

export MAVEN_OPTS="-Dhttps.proxyHost=<host> \
            -Dhttps.proxyPort=<port> \
            -Dhttp.proxyHost=<host> \
            -Dhttp.proxyPort=<port>"
export JAVA_OPTS="-Dhttps.proxyHost=<host> \
            -Dhttps.proxyPort=<port> \
            -Dhttp.proxyHost=<host> \
            -Dhttp.proxyPort=<port>"

Building your images behind your corporate proxy

By setting the above environment variables you will be able to run containers based on those images, but if you need to build new images, you need to pass them to Docker as building arguments (build-args). The following example assumes that we are building an image based on Java that needs to pass the proxies for Maven to build:

docker build --build-arg http_proxy=$HTTP_PROXY
            --build-arg https_proxy=$HTTPS_PROXY
            --build-arg no_proxy=$NO_PROXY
            --build-arg "MAVEN_OPTS=$MAVEN_OPTS"
            -t <service> .