Docker on Windows behind a Firewall

16

Working with Docker under Windows becomes easier and easier. I am often ask by co-workers how to run Docker behind a firewall, this blog gives a little recipe, how to set up the whole Windows/Docker/Firewall environment.

  1. Install Virtual Box
  2. Download Docker Machine to manage your docker hosts
    • You find the Windows versions (32 and 64 bit) at above link
    • Rename the exe to docker-machine.exe
    • I would recommend putting the machine in a dedicated docker directory and update your PATH env variable
  3. Install the Docker Windows client
  4. Create a Docker host named ‘dev’ with docker machine
    • docker-machine create --driver virtualbox dev
  5. Connect the Docker client with the docker vm
    • Saving the environment to a .bat file: docker-machine env -shell cmd dev > docker-env.bat
    • You will get something like
      SET DOCKER_TLS_VERIFY=1
      SET DOCKER_HOST=tcp://192.168.99.2:2376
      SET DOCKER_CERT_PATH=C:\Users\toedter_k\.docker\machine\machines\dev
      SET DOCKER_MACHINE_NAME=dev
      REM Run this command to configure your shell:
      REM FOR /f “tokens=*” %i IN (‘docker-machine env -shell cmd dev’) DO %i
    • Run the bat file (or, like docker-machine tells you, you could run the code in the last line without the REM 🙂 )
    • Check if the client is working:
      • Run docker ps in a Windows cmd
  6. Prepare the proxy settings
    • SSH into the docker dev host: docker-machine ssh dev
    • Add the following lines to /var/lib/boot2docker/profile (this file is read-only, use sudo)
      export HTTP_PROXY=http://<proxy>:<port>
      export HTTPS_PROXY=http://<proxy>:<port>
    • Exit the ssh session and restart the docker machine: docker-machine restart dev

Now you should be able to use Docker on Windows behind a firewall. To test it, open a Windows cmd and run
docker run busybox echo hello world

After docker has downloaded the busybox image you should see

hello world

That’s it 🙂
Now you can easily use all Eclipse or IntelliJ IDEA plugins that require a local Docker installation.

16 Comments

  1. andreas
    andreas08-25-2015

    nice description – works without problems! Thanks!

  2. Renato
    Renato11-24-2015

    You don’t need to remove “export” and substitute with “set”. All you need to do is telling to docker-machine the correct format it must generate for the shell type you’re using. For Windows command line, just use docker-machine env –shell cmd dev.

    • Kai Tödter
      Kai Tödter11-24-2015

      Thx Renato, I did not know that and have updated the post.

  3. Pippy
    Pippy01-05-2016

    Beginning of Step4
    docker-machine is missing its hyphen 🙂

    • Kai Tödter
      Kai Tödter01-05-2016

      Thx Pippy, fixed 🙂

  4. Jeevan
    Jeevan01-20-2016

    What would be the alterations, if the proxy requires a user-name/ password?

    thanks
    Jeevan

    • jerb
      jerb08-24-2016

      also having this problem… when proxy requires authentication, doesn’t seem to work. (Even when using the standard username/password syntax that works for apps such as wget.)

      Does docker not support authenticated proxies?

  5. Hai Ha
    Hai Ha02-05-2016

    hi,
    does anyone get “‘/var/lib/boot2docker/profile’ is read only”?

    • Kai Tödter
      Kai Tödter02-05-2016

      yes, it is. Use sudo, e.g. sudo vi /var/lib/boot2docker/profile

    • Rahamat
      Rahamat02-09-2016

      Hi Hai Ha,

      You need to run dev instance from the oracle vm virtualbox ,manager , when you run from there you are logged in as root and when you log in from Docker quick terminal you are logged in as docker and docker doesnt let you edit the profile file.
      Once you edit profile you can chamod 777 …/profile to let it be edited by any one.

  6. Rahamat
    Rahamat02-09-2016

    Hi Kai,
    I did change the proxy in profile and also exported it as an environment variable from cmd line and still i get the error while pulling image : get https://index.docker.io/v1/repositories/library/busybox/images: Bad Request

    Any pointers how to overcome that.

    Thanks
    Raha

  7. Christos
    Christos02-15-2016

    how can i run an executable from docker ? e.g. a python script which i have already wrote in eclipse ? ( I am asking because i have installed some libraries with docker and i can not use them from eclipse so i want to do the reverse job )

    • Christos
      Christos02-15-2016

      i use windows ! thank you 🙂

  8. Jeff Schmitz
    Jeff Schmitz03-08-2016

    Finally, a real solution after many tries. Thanks for posting this!

  9. Tin
    Tin05-06-2016

    I have this issue x509: certificate signed by unknown authority

  10. Emmanuel
    Emmanuel07-13-2016

    Many many thanks for this post!

Leave a Reply