Use docker in proxy environment on ubuntu 20.04.1

Use docker in proxy environment on ubuntu 20.04.1

Install docker.

If you don't have docker installed, follow the steps in the article below to install docker https://qiita.com/m-tmatma/items/06eb40514306e09142c4

Prepare a proxy

Prepare a proxy as in the following article. https://qiita.com/m-tmatma/items/7b5ce812c85f30546209

This article assumes that the proxy IP is 192.168.11.61 and the port number is 3128.

Emulate an environment that can only be accessed via a proxy

Emulate an environment that can only be accessed via a proxy. As a result, it is possible to detect when the setting is incorrect.

Prohibit HTTP and HTTPS

sudo iptables -A OUTPUT -j REJECT -p tcp --dport 80
sudo iptables -A OUTPUT -j REJECT -p tcp --dport 443

Prohibit Git, SSH (this is not required, but just in case)

sudo iptables -A OUTPUT -j REJECT -p tcp --dport 9418
sudo iptables -A OUTPUT -j REJECT -p tcp --dport 22

apt

Set proxy settings for apt

I thought that apt can be used inside the docker container, but since the environment settings set in ~ / .docker / config.json are valid, no settings are required for use inside the container. Not required even in the host environment if http_proxy`` https_proxy is set in the environment variable.

sudo nano /etc/apt/apt.conf

Save with the following contents.

Acquire::http::Proxy "http://192.168.11.61:3128";
Acquire::https::Proxy "http://192.168.11.61:3128";

Set the proxy variables as follows.

test@test-vmware:~$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://192.168.11.61:3128";
Acquire::https::Proxy "http://192.168.11.61:3128";

Update apt

sudo apt update -y
sudo apt upgrade -y

installing docker

Installation

Install docker by referring to https://qiita.com/m-tmatma/items/06eb40514306e09142c4.

sudo apt install -y docker.io docker-compose

Add current user to docker group (optional if you sudo every time you start docker)

This step is only needed if you want to run the docker command without sudo.

It's convenient to run docker without sudo, so add the current user to the docker group. Reboot to reflect.

sudo usermod -aG docker $USER
sudo reboot

If you restart here, re-execute [iptables procedure](#emulate an environment that can only be accessed via a proxy).

Set proxy in dockerd with environment variable.

Proxy settings

Execute the following command.

sudo systemctl edit docker

If you do not specify an excluded IP

Enter the following contents in the editor started by sudo systemctl edit docker, save and exit.

[Service]
Environment="HTTP_PROXY=http://192.168.11.61:3128"
Environment="HTTPS_PROXY=http://192.168.11.61:3128"

When specifying an excluded IP

In the editor started by sudo systemctl edit docker, specify NO_PROXY additionally. Enter the following contents, save and exit.

[Service]
Environment="HTTP_PROXY=http://192.168.11.61:3128"
Environment="HTTPS_PROXY=http://192.168.11.61:3128"
Environment="NO_PROXY=localhost,127.0.0.1"

Check settings

Saved in /etc/systemd/system/docker.service.d/override.conf. The following is an example when the excluded IP is not specified.

$ cat /etc/systemd/system/docker.service.d/override.conf 
[Service]
Environment="HTTP_PROXY=http://192.168.11.61:3128" "HTTPS_PROXY=http://192.168.11.61:3128"

Reflect proxy settings

Reflect the settings.

sudo systemctl daemon-reload

Check proxy settings

Check the settings.

sudo systemctl show docker --property Environment

Restart docker

Restart docker.

sudo systemctl restart docker

Execute the following to check that it is reflected in HTTP Proxy and HTTPS Proxy.

docker info

reference http://docs.docker.jp/engine/articles/systemd.html#http https://docs.docker.com/config/daemon/systemd/

Docker settings for each user

Create a folder to save the configuration file.

mkdir -p ~/.docker

Edit ~ / .docker / config.json.

nano  ~/.docker/config.json

If you do not specify an excluded IP

Enter the following contents in ~ / .docker / config.json and save.

{
  "proxies": {
    "default": {
      "httpProxy": "http://192.168.11.61:3128",
      "httpsProxy": "http://192.168.11.61:3128"
    }
  }
}

When specifying an excluded IP

To specify the exclusion condition for the proxy, specify it with noProxy in ~ / .docker / config.json.

{
  "proxies": {
    "default": {
      "httpProxy": "http://192.168.11.61:3128",
      "httpsProxy": "http://192.168.11.61:3128",
      "noProxy": "localhost,127.0.0.1"
    }
  }
}

reference https://docs.docker.com/network/proxy/ https://docs.docker.com/network/proxy/#configure-the-docker-client

Check docker pull

You can do docker pull as follows.

$ docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
df20fa9351a1: Pull complete 
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

As a precaution, direct access to http and https is prohibited even if you check with iptables.

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere             tcp dpt:https reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             tcp dpt:http reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             tcp dpt:git reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh reject-with icmp-port-unreachable

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

Recommended Posts

Use docker in proxy environment on ubuntu 20.04.1
Configuration script for using docker in proxy environment on ubuntu 20.04.1
[Docker] Use environment variables in Nginx conf
Try putting Docker in ubuntu on WSL
Use Flutter on Ubuntu
Use mkdir on ubuntu
Use cpplapack on ubuntu
Just install Laravel8 on docker in PHP8 environment
Install Docker on Ubuntu Server 20.04
Oracle Java 8 on Docker Ubuntu
Install MAV Proxy on Ubuntu 18.04
Command memo to install xeyes in ubuntu docker environment
Beginners use ubuntu in windows to prepare rails environment
Use Java Web Start in an OpenJDK environment on Windows
Install docker and docker-compose on ubuntu in the shortest process
Use Docker Compose on Windows 10 Home
How to use Bio-Formats on Ubuntu 20.04
Use Docker on your M1 Mac
Install laravel/Dusk in docker environment (laravel6)
Build a XAMPP environment on Ubuntu
Rails on Docker environment construction procedure
Preparing to use electron-react-boilerplate on Ubuntu 20.4
Use completion in Eclipse on mac
Use Docker CE (official) on CentOS 8
Build Unity development environment on docker
Check MySQL logs in Docker environment
Alert slack with alert manager in Docker environment
WSL2 + Ubuntu 20.04 Install Vivado in LTS environment
Run NordVPN on Docker (Windows) Ubuntu container
Scraping with puppeteer in Nuxt on Docker.
Environment construction with Docker (Ubuntu20.04) + Laravel + nginx
Edit Mysql with commands in Docker environment
How to use Docker in VSCode DevContainer
[Ruby] Building a Ruby development environment on Ubuntu
Use selenium (Firefox) in Ruby in WSL environment
Use cljstyle with Spacemacs on Ubuntu on WSL2
Microservices 101-I tried putting Docker on Ubuntu-
Build Redmine code reading environment on Docker
Show Better Errors in Rails + Docker environment
Use selenium (Chrome) in Ruby in WSL environment
Build Cakephp environment from docker installation Ubuntu
How to use environment variables in RubyOnRails
Build an environment with Docker on AWS
Try the Docker environment on AWS ECS
Until you run apache on ubuntu on docker
Build an Ultra96v2 development environment on Docker 1
Understand in 5 minutes !! How to use Docker
Run Ubuntu + ROS with Docker on Mac
[Environment construction] Rails + MySQL + Docker (Beginners can also use it in 30 minutes!)
Put Zabbix in Ubuntu with Docker and monitor Docker on the same host
Note: nginx.conf settings for CORS in Exment on Lightsail + Docker (nginx) environment
Try running ScalarDB on WSL Ubuntu (Environment Construction)
Liberty on Docker
Self-hosting with Docker of AuteMuteUs in Windows environment
Publish MySQL externally and log in on Ubuntu
Protobuf and gRPC C ++ environment construction on Ubuntu 18.04
(Basic authentication) environment variables in rails and Docker
[Java] Build Java development environment on Ubuntu & check execution
Building OpenPose (Pytorch_Realtime_Multi-Person_Pose_Estimation) environment on Docker: training part
WSL2 + transparent proxy improves Docker under proxy environment (slightly)
Docker in LXD