Docker on Windows behind a Firewall

Working with Docker under Windows becomes easier and easier. I am often ask by co-workers how to run Docker behind a firewall, this blog gives a little recipe, how to set up the whole Windows/Docker/Firewall environment.

  1. Install Virtual Box
  2. Download Docker Machine to manage your docker hosts
    • You find the Windows versions (32 and 64 bit) at above link
    • Rename the exe to docker-machine.exe
    • I would recommend putting the machine in a dedicated docker directory and update your PATH env variable
  3. Install the Docker Windows client
  4. Create a Docker host named ‘dev’ with docker machine
    • docker-machine create --driver virtualbox dev
  5. Connect the Docker client with the docker vm
    • Saving the environment to a .bat file: docker-machine env -shell cmd dev > docker-env.bat
    • You will get something like
      SET DOCKER_TLS_VERIFY=1
      SET DOCKER_HOST=tcp://192.168.99.2:2376
      SET DOCKER_CERT_PATH=C:\Users\toedter_k\.docker\machine\machines\dev
      SET DOCKER_MACHINE_NAME=dev
      REM Run this command to configure your shell:
      REM FOR /f “tokens=*” %i IN (‘docker-machine env -shell cmd dev’) DO %i
    • Run the bat file (or, like docker-machine tells you, you could run the code in the last line without the REM 🙂 )
    • Check if the client is working:
      • Run docker ps in a Windows cmd
  6. Prepare the proxy settings
    • SSH into the docker dev host: docker-machine ssh dev
    • Add the following lines to /var/lib/boot2docker/profile (this file is read-only, use sudo)
      export HTTP_PROXY=http://<proxy>:<port>
      export HTTPS_PROXY=http://<proxy>:<port>
    • Exit the ssh session and restart the docker machine: docker-machine restart dev

Now you should be able to use Docker on Windows behind a firewall. To test it, open a Windows cmd and run
docker run busybox echo hello world

After docker has downloaded the busybox image you should see

hello world

That’s it 🙂
Now you can easily use all Eclipse or IntelliJ IDEA plugins that require a local Docker installation.

This Post Has 17 Comments

  1. andreas

    nice description – works without problems! Thanks!

  2. Renato

    You don’t need to remove “export” and substitute with “set”. All you need to do is telling to docker-machine the correct format it must generate for the shell type you’re using. For Windows command line, just use docker-machine env –shell cmd dev.

    1. Kai Tödter

      Thx Renato, I did not know that and have updated the post.

  3. Pippy

    Beginning of Step4
    docker-machine is missing its hyphen 🙂

    1. Kai Tödter

      Thx Pippy, fixed 🙂

  4. Jeevan

    What would be the alterations, if the proxy requires a user-name/ password?

    thanks
    Jeevan

    1. jerb

      also having this problem… when proxy requires authentication, doesn’t seem to work. (Even when using the standard username/password syntax that works for apps such as wget.)

      Does docker not support authenticated proxies?

  5. Hai Ha

    hi,
    does anyone get “‘/var/lib/boot2docker/profile’ is read only”?

    1. Kai Tödter

      yes, it is. Use sudo, e.g. sudo vi /var/lib/boot2docker/profile

    2. Rahamat

      Hi Hai Ha,

      You need to run dev instance from the oracle vm virtualbox ,manager , when you run from there you are logged in as root and when you log in from Docker quick terminal you are logged in as docker and docker doesnt let you edit the profile file.
      Once you edit profile you can chamod 777 …/profile to let it be edited by any one.

  6. Christos

    how can i run an executable from docker ? e.g. a python script which i have already wrote in eclipse ? ( I am asking because i have installed some libraries with docker and i can not use them from eclipse so i want to do the reverse job )

    1. Christos

      i use windows ! thank you 🙂

  7. Jeff Schmitz

    Finally, a real solution after many tries. Thanks for posting this!

  8. Tin

    I have this issue x509: certificate signed by unknown authority

  9. Emmanuel

    Many many thanks for this post!

  10. CodeMunky

    Tried to follow this instruction but it requires too much insider know how, wish you could write it more detailed instead of assuming people know everything already

Leave a Reply to Jeevan Cancel reply

I accept the Privacy Policy