Setup docker toolbox behind proxy on Windows

Question

As per my corporate policies, we are using windows 7, with privileged access (subset of admin rights) on the machine.

I have installed docker toolbox however when its time to pull images from Docker hub of companies Artifactory i was getting issues because of HTTPS and proxy.

Answer 1

I finally figured this out on how properly to set-up docker toolbox on windows 7 behind corporate proxy with HTTPS certs.

Following are the steps

1. Install Docker Toolbox
2. After installation, go to C:/Users/<user>/.docker/machine/machines/default and open config.json. If you do not have that folder, then please open "Docker Quickstart Terminal" from your desktop to create a virtual box docker-machine for yourself.
3. Add the following lines under

{
    "HostOptions": {
        ...
        "EngineOptions": {
            ...
            "Env": [
                "HTTP_PROXY=http://<username>:<pwd>@<host>:<port>",
                "HTTPS_PROXY=http://<username>:<pwd>@<host>:<port>",
                "NO_PROXY=<docker-machine ip>"
            ],
        }
    }
 }

Please note the http in HTTPS_PROXY.

4. After the above step, you need to install the company certs

5. Get the set of corporate root certificates, which should be installed in your corporate-configured browser. In Chrome, you can go to Settings, click Show advanced settings, and scroll down to HTTPS/SSL, where you can choose Manage Certificates. My organization has put them in Trusted Root Cerftification Authorities and named them after the organization. Export each (I have two), one at a time, making sure to choose DER format.

6. Once you have them saved to a known location, you will want to convert them to PEM format. The easiest way I found to do this was to run the openssl.exe[1] command from within the Docker Quickstart Terminal.

openssl x509 -inform der -in certificate.cer -out certificate.pem

7. Once you have the .pem files, you will want to copy them to a location to which your Docker machine has access. I made a directory in c:\Users\my.username\certs and copied them there.

8. This step may not be strictly necessary, but it's what I did, and it works. You will want to copy those certificates into your boot2docker partition, which is persistent. I am connecting to my default machine, which IS something you will need to do for Step 5.

MINGW64:$ docker-machine ssh default

docker@default:~$ sudo -s

root@default:/home/docker# mkdir /var/lib/boot2docker/certs

root@default:/home/docker# cp /c/Users/my.username/certs/*.pem /var/lib/boot2docker/certs/

Now it's time to write a bootlocal.sh script, which will copy the certificates to the proper location each time the system starts.[2] If you haven't already, open an SSH connection to the machine, per Step 4.

touch /var/lib/boot2docker/bootlocal.sh && chmod +x /var/lib/boot2docker/bootlocal.sh

vi /var/lib/boot2docker/bootlocal.sh

Insert the following and save the file:

#!/bin/sh

mkdir -p /etc/docker/certs.d && cp certs/certificate.pem /etc/docker/certs.d

Restart the machine, either by using the reboot command from within the machine, or by using the docker-machine command from the Docker terminal:

docker-machine restart default

Now you should be able to run 'hello-world' and others. I hope this helps.

Ref: Docker on Windows (Boot2Docker) - certificate signed by unknown authority error

Answer 2

I solved this problem by adding a trailing backslash ("/") to the end of the proxy URL in the proxy settings in the config.json file.

Answer 3

I recently faced same problem and was able to fix the problem with below steps. As suggested in the official docker documentation

1. First, stop and delete the default docker-machine if it is already created

       docker-machine stop default
       docker-machine rm default
   

   where 'default' is the default name of docker-machine.

   2. After deletion create docker-machine with the proxy setting:

      docker-machine create -d virtualbox --engine-env HTTP_PROXY=http://example.com:8080 --engine-env HTTPS_PROXY=https://example.com:8080 --engine-env NO_PROXY=example2.com default

Reference: https://docs.docker.com/v17.12/machine/reference/create/#specifying-docker-swarm-options-for-the-created-machine

This solution absolutely works fine for me.