docker - 設置HTTP/HTTPS 代理

一、設置代理緣由

因公司安全限制，全部外網需配置代理後纔可上網，可是由於宿主機上設置過代理，並未太過多注意此問題，以後run時報以下錯誤：

# docker run hello-world

Unable to find image 'hello-world:latest' locally

docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).

See 'docker run --help'.

在網上搜索過一番以後，發現：若是在docker 宿主機上設置了代理（HTTP、HTTPS）以後，在docker daemon 啓動的時候，也要相應的告知 daemon，使用代理來訪問internet!!

二、解決方案

儘管docker daemon 的配置能夠兩種方式來實現：

2.1經過daemon.json文件來修改

2.2經過覆蓋docker.service來實現

 

可是對於代理的配置，目前爲止（docker 17.06）咱們只能使用第二個方案。 具體的步驟以下：

 

建立docker.service目錄

mkdir -p /etc/systemd/system/docker.service.d

建立HTTP&HTTPS代理文件

# cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment=HTTP_PROXY=xxx.xxx.xxx.xxx:8080 NO_PROXY=localhost,127.0.0.1

 

[root@localhost ~]# cat /etc/systemd/system/docker.service.d/https-proxy.conf
[Service]
Environment=HTTPS_PROXY=xxx.xxx.xxx.xxx:8080 NO_PROXY=localhost,127.0.0.1

解析：

主要是兩點內容：

①  HTTPS_PROXY 將它的值對應到您所但願設置的代理服務地址和端口（例如: HTTPS_PROXY=https://proxy.example.com:443），我這裏爲了保護隱私，就用xxx代替.

②  NO_PROXY 意味着某些狀況下咱們不須要使用HTTPS代理來訪問，通常這就配置私有倉庫的路徑（例如：NO_PROXY=localhost,127.0.0.1,mydocker-registry.com:5000）

 

三、完成修改後保存/刷新

# systemctl daemon-reload

# systemctl restart docker

 

四、查看修改結果

# docker run hello-world

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
d1725b59e92d: Pull complete 
Digest: sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

五、從新登陸docker hub

docker login -u xxx -p xxx

login Suceeded

 

能夠看到已經成功解決問題！

 

參考自官方文檔：https://docs.docker.com/engine/admin/systemd/