Working with Docker under Windows becomes easier and easier. I am often ask by co-workers how to run Docker behind a firewall, this blog gives a little recipe, how to set up the whole Windows/Docker/Firewall environment.
- Install Virtual Box
- Download Docker Machine to manage your docker hosts
- You find the Windows versions (32 and 64 bit) at above link
- Rename the exe to docker-machine.exe
- I would recommend putting the machine in a dedicated docker directory and update your PATH env variable
- Install the Docker Windows client
- You find it at https://get.docker.com/builds/Windows/x86_64/docker-latest.exe for 64 bit
- Or https://get.docker.com/builds/Windows/i386/docker-latest.exe for 32 bit
- Rename it to docker.exe and put it in the directory where you put the machine
- Create a Docker host named ‘dev’ with docker machine
docker-machine create --driver virtualbox dev
- Connect the Docker client with the docker vm
- Saving the environment to a .bat file:
docker-machine env -shell cmd dev > docker-env.bat
- You will get something like
SET DOCKER_TLS_VERIFY=1
SET DOCKER_HOST=tcp://192.168.99.2:2376
SET DOCKER_CERT_PATH=C:\Users\toedter_k\.docker\machine\machines\dev
SET DOCKER_MACHINE_NAME=dev
REM Run this command to configure your shell:
REM FOR /f “tokens=*” %i IN (‘docker-machine env -shell cmd dev’) DO %i - Run the bat file (or, like docker-machine tells you, you could run the code in the last line without the REM 🙂 )
- Check if the client is working:
- Run
docker ps
in a Windows cmd
- Run
- Saving the environment to a .bat file:
- Prepare the proxy settings
- SSH into the docker dev host:
docker-machine ssh dev
- Add the following lines to /var/lib/boot2docker/profile (this file is read-only, use sudo)
export HTTP_PROXY=http://<proxy>:<port>
export HTTPS_PROXY=http://<proxy>:<port> - Exit the ssh session and restart the docker machine:
docker-machine restart dev
- SSH into the docker dev host:
Now you should be able to use Docker on Windows behind a firewall. To test it, open a Windows cmd and run
docker run busybox echo hello world
After docker has downloaded the busybox image you should see
hello world
That’s it 🙂
Now you can easily use all Eclipse or IntelliJ IDEA plugins that require a local Docker installation.
nice description – works without problems! Thanks!
You don’t need to remove “export” and substitute with “set”. All you need to do is telling to docker-machine the correct format it must generate for the shell type you’re using. For Windows command line, just use docker-machine env –shell cmd dev.
Thx Renato, I did not know that and have updated the post.
Beginning of Step4
docker-machine is missing its hyphen 🙂
Thx Pippy, fixed 🙂
What would be the alterations, if the proxy requires a user-name/ password?
thanks
Jeevan
also having this problem… when proxy requires authentication, doesn’t seem to work. (Even when using the standard username/password syntax that works for apps such as wget.)
Does docker not support authenticated proxies?
hi,
does anyone get “‘/var/lib/boot2docker/profile’ is read only”?
yes, it is. Use sudo, e.g. sudo vi /var/lib/boot2docker/profile
Hi Hai Ha,
You need to run dev instance from the oracle vm virtualbox ,manager , when you run from there you are logged in as root and when you log in from Docker quick terminal you are logged in as docker and docker doesnt let you edit the profile file.
Once you edit profile you can chamod 777 …/profile to let it be edited by any one.
Hi Kai,
I did change the proxy in profile and also exported it as an environment variable from cmd line and still i get the error while pulling image : get https://index.docker.io/v1/repositories/library/busybox/images: Bad Request
Any pointers how to overcome that.
Thanks
Raha
how can i run an executable from docker ? e.g. a python script which i have already wrote in eclipse ? ( I am asking because i have installed some libraries with docker and i can not use them from eclipse so i want to do the reverse job )
i use windows ! thank you 🙂
Finally, a real solution after many tries. Thanks for posting this!
I have this issue x509: certificate signed by unknown authority
Many many thanks for this post!
Tried to follow this instruction but it requires too much insider know how, wish you could write it more detailed instead of assuming people know everything already