1. Overview
1.概述
We will provide proxy settings to both Docker Engine and Docker Client so that they can connect to the internet when direct access to the internet is not allowed while using Docker. When we use Docker in corporate networks or private clouds, we may typically have to connect to the internet via a proxy server. In these cases, we need to use a proxy.
我们将为Docker引擎和Docker客户端提供代理设置,以便它们在使用Docker时不允许直接访问互联网时可以连接到互联网。当我们在企业网络或私有云中使用Docker时,我们通常可能需要通过代理服务器连接到互联网。在这些情况下,我们需要使用代理。
In this tutorial, we’ll learn how to troubleshoot problems we may encounter when configuring a proxy with Docker.
在本教程中,我们将学习如何解决用Docker配置代理时可能遇到的问题。
2. What Is a Proxy
2.什么是代理
The proxy server controls and routes traffic between the requesting user and websites. Proxying aims to protect users and maintain network security and privacy policies. Without a proxy, the user sends a request directly to the destination server and receives a response:
代理服务器控制和路由请求用户和网站之间的流量。代理的目的是保护用户,维护网络安全和隐私政策。如果没有代理,用户直接向目标服务器发送请求并收到响应。
When we use a proxy, our request first goes to the proxy server, and then the proxy accesses the target server. As shown in the image below, the proxy is located between the client and the target server, and every request from the client comes to the proxy first, and then, the proxy provides access to the target server:
当我们使用代理时,我们的请求先到代理服务器,然后代理访问目标服务器。如下图所示,代理位于客户端和目标服务器之间,客户端的每个请求都先到代理,然后,代理提供对目标服务器的访问。
3. Configure Docker Proxy
3.配置Docker代理
In Docker 17.07 and higher, we can configure the Docker client to pass proxy information to containers automatically. In Docker 17.06 and earlier, we can set the Docker client proxy settings via environment variables.
在Docker 17.07及更高版本中,我们可以配置Docker客户端来自动传递代理信息给容器。在Docker 17.06及更早版本中,我们可以通过环境变量来设置Docker客户端的代理设置。
Let’s add the following JSON example to the ~/.docker/config.json file and complete our proxy settings. Using the * character as a wildcard for hosts and using CIDR notation for IP addresses is supported:
让我们在~/.docker/config.json文件中添加以下JSON示例,完成我们的代理设置。支持使用*字符作为主机的通配符和使用CIDR符号作为IP地址。
{
"proxies":
{
"default":
{
"httpProxy": "http://<ip-address>:<port>",
"httpsProxy": "https://<ip-address>:<port>",
"noProxy": "*.<domain>,127.0.0.0/8"
}
}
}
When we save the changes, each Docker container will be created with the environment variables specified in the config.json file, and our proxy settings will be valid.
当我们保存更改时,每个Docker容器将被创建,并带有config.json文件中指定的环境变量,而且我们的代理设置将有效。
4. Proxy Server Settings
4.代理服务器设置
We should use the HTTP_PROXY, HTTPS_PROXY, FTP_PROXY, and NO_PROXY environment variables to configure proxy services for the Docker daemon. Let’s look at these variables in detail:
我们应该使用HTTP_PROXY、HTTPS_PROXY、FTP_PROXY和NO_PROXY环境变量来为Docker守护程序配置代理服务。让我们来详细了解一下这些变量。
- HTTP_PROXY is a type of proxy that acts as an intermediary server between a client and a web server. With an HTTP proxy server, the request does not go to the website; it goes to the proxy in plain text. The proxy analyzes this and then sends a new request to the website by (optionally) changing our IP address using the data supplied with the request. The website receives it and sends a response to the proxy. The proxy then forwards the response to us.
- HTTPS_PROXY is more secure and more anonymous than HTTP proxies. The HTTPS protocol does not transfer data in plain text format. The SSL layer encrypts the data so that it’s never seen by third parties.
- FTP_PROXY manages active and passive FTP sessions. It also protects the FTP server and restricts FTP protocol commands between client and server.
- NO_PROXY setting is used to specify addresses for which the proxy should not be used.
5. Manually Configure the Proxy Settings
5.手动配置代理设置
In Docker 17.07 and earlier, we must set our proxy settings with the –env flag:
在Docker 17.07和更早的版本中,我们必须用-env标志设置我们的代理设置。
docker run [docker_image] --env FTP_PROXY="ftp://<ip-address>:<port>"docker run [docker_image] --env HTTP_PROXY="http://<ip-address>:<port>"docker run [docker_image] --env HTTPS_PROXY="https://<ip-address>:<port>"docker run [docker_image] --env NO_PROXY="*.<domain>,127.0.0.0/8"Or, we have to add them to our Dockerfile:
或者,我们必须将它们添加到我们的Dockerfile。
ENV FTP_PROXY="ftp://<ip-address>:<port>"ENV HTTP_PROXY="http://<ip-address>:<port>"ENV HTTPS_PROXY="https://<ip-address>:<port>"ENV NO_PROXY="*.<domain>,127.0.0.0/8"With these operations, we can now perform our Docker proxy operations.
通过这些操作,我们现在可以执行我们的Docker代理操作。
6. Conclusion
6.结论
In this tutorial, we’ve learned what a proxy is and how to set it up in different versions of Docker.
在本教程中,我们已经了解了什么是代理,以及如何在不同版本的Docker中设置它。