Applies To
- Zenoss 5.0.x
- Control Center 1.0.x
Summary
This KB describes how to configure docker to work with a proxy system. This is for installations that have an SSL proxy in the path of the Zenoss Control Center Master host and the public Docker repository.
Procedures
The following procedures describe how to configure your system, depending on whether you have a proxy system or a system that includes ssl intercepting proxies.
Proxy System
To configure docker to work with a proxy system:
Add the HTTPS_PROXY / HTTP_PROXY environment variable to the docker sysconfig file.
Note that if you use init.d or the services tool, you must add the export statement. Alternatively, add both variants in the sysconfig file of docker. For example:
- Edit the file /etc/sysconfig/docker
- Include these statements, replacing red-colored items enclosed in < > with values for your system:
HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy- port>"
HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy- port>"
export HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy- port>"
export HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy- port>" - Save and exit the file.
SSL Intercepting Proxy
To configure docker to work with ssl intercepting proxies you must add the proxy root certificate to the systems trust store:
For example, in CentOS:
- Copy the proxy root certificate file to /etc/pki/ca-trust/source/anchors/
- Update the ca trust store.
- Restart the docker service.
Note: If your proxy uses NTLM authentication - it's necessary to use intermediate proxies like cntlm. The blog devops-insight.com has a post that explains this topic in detail.
Comments