Follow

How to Configure Docker to Use An SSL Proxy

Applies To

  • Zenoss 5.0.x
  • Control Center 1.0.x

Summary

This KB describes how to configure docker to work with a proxy system. This is for installations that have an SSL proxy in the path of the Zenoss Control Center Master host and the public Docker repository.

Procedures

The following procedures describe how to configure your system, depending on whether you have a proxy system or a system that includes ssl intercepting proxies.

Proxy System

To configure docker to work with a proxy system:

Add the HTTPS_PROXY / HTTP_PROXY environment variable to the docker sysconfig file.
Note that if you use init.d or the services tool, you must add the export statement. Alternatively, add both variants in the sysconfig file of docker. For example:

  1. Edit the file /etc/sysconfig/docker
  2. Include these statements, replacing red-colored items enclosed in < > with values for your system:

    HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
    HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
    export HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
    export HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
  3. Save and exit the file.

SSL Intercepting Proxy

To configure docker to work with ssl intercepting proxies you must add the proxy root certificate to the systems trust store:

For example, in CentOS:

  1. Copy the proxy root certificate file to /etc/pki/ca-trust/source/anchors/
  2. Update the ca trust store.
  3. Restart the docker service.

Note: If your proxy uses NTLM authentication - it's necessary to use intermediate proxies like cntlm. The blog devops-insight.com has a post that explains this topic in detail.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk