Reputation: 317
Using a proxy like squid on linux host with docker containers and bridged network
TLDR
Does anyone have a clue how I have to configure squid, or docker, or ..., so that my docker containers can access internet through my (squid) proxy AND containers on the same network can access each other by their hostnames?
Long question
Following scenario:
- There is a corporate proxy
- On my linux host, I installed squid, which is configured to ask the parent (corporate) proxy (like explained here https://wiki.squid-cache.org/Features/CacheHierarchy#How_do_I_configure_Squid_forward_all_requests_to_another_proxy.3F)
- I want to use docker-compose to start 2 services, which both should be able to access internet through the (squid) proxy and access each others http endpoints via hostname
My docker-compose.yml:
version: '3'
services:
my-backend-service:
image: "backend-service:latest"
networks:
- back-tier
my-frontend-service:
image: "frontend-service:latest"
environment:
- backend.hostname: my-backend-service
networks:
- back-tier
networks:
back-tier:
When the services do not need to access the internet, e.g. APIs, this setup would be ok, as the frontend service can access the backend service by the hostname.
But the backend service needs to access public APIs on the internet and therefor it has to use the proxy.
To fix this, I created following file on my host linux ~/.docker/config.json:
{
"proxies":
{
"default":
{
"httpProxy": "http://MY_HOSTNAME:3128",
"httpsProxy": "http://MY_HOSTNAME:3128"
}
}
}
Side note: I have to use the hostname of my host machine (MY_HOSTNAME), as localhost or 127.0.0.1 are not working. The docker container will not find anything running on localhost on port 3128.
Ok, now my backend service can access APIs in the internet. But my frontend-service can no longer access the backend service by its hostname 'my-backend-service'!
When I start curl http://my-backend-service:8080 on my-frontend-service, I will get an answer from squid saying something about that it is unable to determine IP address from host name...
Question Does anyone have a clue how I have to configure squid, or docker, or ..., so that my docker containers can access internet through my (squid) proxy AND containers on the same network can access each other by their hostnames?
Upvotes: 2
Views: 4555
Answers (1)
Reputation: 9463
When the services do not need to access the internet, e.g. APIs, this setup would be ok, as the frontend service can access the backend service by the hostname. But the backend service needs to access public APIs on the internet and therefor it has to use the proxy.
This should be fairly easy to accomplish. You claim your backend service needs to access the internet. So set the proxy configuration inside that container. The frontend shall only access the backend, so ensure this one has no proxy configuration.
Your problem is that you configured the variables on the host system and it seems to be active inside both containers. If you want to continue with one global setup, you could also leave the proxy settings on the host but need to configure an exception for local services. Do that using the http_proxy, https_proxy and no_proxy variables as described in https://www.xmodulo.com/how-to-configure-http-proxy-exceptions.html.
Upvotes: 0
Related Questions
- Docker container, how to use host proxy
- How to configure docker container proxy?
- Using proxy on docker-compose in server
- Use Docker to create a proxy server
- How to make docker container connect everything through proxy
- Have a docker container use a proxy inside another docker container with docker-compose
- Use docker container as network gateway
- Use proxy inside a Docker container
- Docker through proxy
- How to send all network traffic from Docker container through a proxy?