Docker Desktop for Windows proxy settings

Docker proxy Windows10

What is this?

Learn about proxy settings in Docker for Windows

Docker proxy configuration is required in two places. One is the configuration of docker daemon. The other is to configure the docker container. Both require configuration.

Configuring the Docker Daemon

The setting of the proxy referenced by the daemon running Docker Pull or Docker Build.

It's listed in the official Get start with Docker for windows proxy . For a specific example, "Use Docker for Windows in a Proxy environment" is easy to understand, so please see there.

Configuring the Docker Container

The proxy setting used by the OS running on the docker container launched by docker run. The RUN statement in the Dockerfile also uses this setting. There are two ways to do it. More details are given in the official Configure Docker to use a proxy server , but only for linux.

Also, old articles often show how to write in ENV in a Dockerfile, but let's not do it because it's a deprecated method. The reasons why it is better to stop will be described later.

`config.json` to add proxy to the docker client configuration

The docker command execution environment changes in cmd or powershell and WSL2.

`cmd`or `powershell` Settings for

For cmd or powershell, config.json refers to %USERPROFILE%\\.docker\\config.json. I think that the default state is as follows.

%USERPROFILE%\\.docker\\config.json

{
 "credsStore":"desktop",
 "stackOrchestrator":"swarm"
}

Add the proxy configuration to this as shown below.

%USERPROFILE%\\.docker\\config.json

{
 "credsStore":"desktop",
 "stackOrchestrator":"swarm",
 "proxies":
 {
   "default":
   {
     "httpProxy": "http://127.0.0.1:3001",
     "httpsProxy": "http://127.0.0.1:3001",
     "noProxy": "*.test.example.com,.example2.com"
   }
 }
}

For WSL2

As with Linux, fix${HOME}/.docker/config.json. I think that the default state is as follows.

${HOME}/.docker/config.json

{
  "credsStore": "desktop.exe"
}

Add the proxy configuration to this as shown below.

${HOME}/.docker/config.json

{
 "credsStore": "desktop.exe",
 "proxies":
 {
   "default":
   {
     "httpProxy": "http://127.0.0.1:3001",
     "httpsProxy": "http://127.0.0.1:3001",
     "noProxy": "*.test.example.com,.example2.com"
   }
 }
}

Docker container given as an argument at startup

Docker run--env HTTP_PROXY="http://127.0.0.1:3001", 、-- specified by env.

Don't write ENV in your Dockerfile

If you're using it personally and sharing a docker image with others, don't specify it in ENV right away.

Not portable

When used in an outlying environment, it will not work with the Dockerfile as it is. You need to rewrite the ENV line. Alternatively, you can give ENV the value via ARG, or add your own arguments to the Dockerfile side. If you want to start image as is, you will need the above settings . Burying it in the ENV is useless.

Insecure

If you check the docker image information in docker inspect, you will see all the ENV values. For example, the following example is an inspected version of what was created in the Dockerfile.

Dockerfile

FROM gliderlabs/alpine
ENV http_proxy hogehoge.jp:8080

Here are excerpts from the relevant parts that you can see in inspection.

            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "http_proxy=hogehoge.jp:8080"
            ],

The value specified for ENV is completely visible. If it is a proxy that requires user authentication, the ID and pass will be leaked. docker build --build-arg http_proxy=... It is dangerous to set up an authentication proxy in the story.