Name: docker-proxify
Owner: Wellcome Trust Sanger Institute - Human Genetics Informatics
Description: Allows building and running docker container images from behind a corporate proxy
Created: 2014-05-24 15:02:33.0
Updated: 2018-01-12 17:18:50.0
Pushed: 2014-10-18 17:53:24.0
Size: 288
Language: Perl
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Provides a docker container in which outgoing network traffic is transparently proxied over one or more proxy servers. Uses redsocks and supports standard HTTP proxy (http_proxy), HTTP CONNECT (https_proxy), SOCKS4 (socks4_proxy), or SOCKS5 (socks5_proxy) proxies. It is also configured to support running docker within the container so that it can be used to build docker container images from behind a corporate firewall (assuming you have a proxy to traverse it).
I developed this because many of my machines are stuck behind a corporate firewall, and there is not currently any good way to support running or building containers in that environment without baking the proxy information into the Dockerfile (which would break portability of the containers). There is a discussion of this issue on docker repository issue 4962.
By default the docker-proxify container will route port 80 over the specified HTTP proxy and port 443 over the specified CONNECT proxy, both for the container itself and for any other docker containers running inside it (including docker build jobs). This default can be overridden by supplying a port_spec environment variable containing a comma-separated list of port:proxy pairs. For example, the default is: “80:HTTP,443:CONNECT”
One could add a forwarding of port 8000 also over HTTP by setting port_spec to: “80:HTTP,443:CONNECT,8000:HTTP”
Because the docker daemon is run inside the container, you need to run it with the --privileged flag. Proxy settings are passed in as environment variables (http_proxy, https_proxy, socks4_proxy, socks5_proxy).
The entrypoint defaults to an interactive bash shell from which docker can be run:
cker run -i -t --privileged -e http_proxy -e https_proxy jrandall/docker-proxify
ing for docker daemon to start......... ready.
@3014a04166fb:/docker# docker run -i -t ubuntu bash
le to find image 'ubuntu' locally
ing repository ubuntu
8ae4e998: Download complete
c44f4520: Download complete
678ddf48: Download complete
81b80c55: Download complete
9ab7bf6d: Download complete
38d11401: Download complete
36ea3c5a: Download complete
087f3ffe: Download complete
dd3ebc1c: Download complete
0efcfd86: Download complete
bce2c0e1: Download complete
9c9ee91a: Download complete
6665d371: Download complete
e1c13f51: Download complete
4d1f33fb: Download complete
2703becc: Download complete
6bfc66aa: Download complete
405ee8fa: Download complete
c907452c: Download complete
64c4df74: Download complete
ea7ab5b5: Download complete
cbf9dcd3: Download complete
9cb5a02f: Download complete
@3a57fc8ec405:/# apt-get update
http://archive.ubuntu.com trusty InRelease
http://archive.ubuntu.com trusty-updates InRelease
http://archive.ubuntu.com trusty-security InRelease
1 http://archive.ubuntu.com trusty Release.gpg [933 B]
2 http://archive.ubuntu.com trusty-updates Release.gpg [933 B]
3 http://archive.ubuntu.com trusty-security Release.gpg [933 B]
4 http://archive.ubuntu.com trusty Release [58.5 kB]
5 http://archive.ubuntu.com trusty-updates Release [58.5 kB]
6 http://archive.ubuntu.com trusty-security Release [58.5 kB]
7 http://archive.ubuntu.com trusty/main Sources [1064 kB]
8 http://archive.ubuntu.com trusty/restricted Sources [5433 B]
9 http://archive.ubuntu.com trusty/universe Sources [6399 kB]
10 http://archive.ubuntu.com trusty/main amd64 Packages [1350 kB]
11 http://archive.ubuntu.com trusty/restricted amd64 Packages [13.0 kB]
12 http://archive.ubuntu.com trusty/universe amd64 Packages [5859 kB]
13 http://archive.ubuntu.com trusty-updates/main Sources [41.4 kB]
14 http://archive.ubuntu.com trusty-updates/restricted Sources [14 B]
15 http://archive.ubuntu.com trusty-updates/universe Sources [26.6 kB]
16 http://archive.ubuntu.com trusty-updates/main amd64 Packages [98.0 kB]
17 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [14 B]
18 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [67.1 kB]
19 http://archive.ubuntu.com trusty-security/main Sources [15.6 kB]
20 http://archive.ubuntu.com trusty-security/restricted Sources [14 B]
21 http://archive.ubuntu.com trusty-security/universe Sources [4212 B]
22 http://archive.ubuntu.com trusty-security/main amd64 Packages [49.4 kB]
23 http://archive.ubuntu.com trusty-security/restricted amd64 Packages [14 B]
24 http://archive.ubuntu.com trusty-security/universe amd64 Packages [17.7 kB]
hed 15.2 MB in 5s (2706 kB/s)
ing package lists... Done
@3a57fc8ec405:/#
You can also run docker within docker all in one command:
cker run -i -t --privileged -e http_proxy -e https_proxy jrandall/docker-proxify docker run -i -t ubuntu bash
ing for docker daemon to start........................................ ready.
le to find image 'ubuntu' locally
ing repository ubuntu
81b80c55: Download complete
8ae4e998: Download complete
678ddf48: Download complete
9ab7bf6d: Download complete
c44f4520: Download complete
38d11401: Download complete
36ea3c5a: Download complete
087f3ffe: Download complete
dd3ebc1c: Download complete
0efcfd86: Download complete
9c9ee91a: Download complete
4d1f33fb: Download complete
6665d371: Download complete
bce2c0e1: Download complete
e1c13f51: Download complete
ea7ab5b5: Download complete
6bfc66aa: Download complete
2703becc: Download complete
64c4df74: Download complete
9cb5a02f: Download complete
c907452c: Download complete
cbf9dcd3: Download complete
405ee8fa: Download complete
@14119cc449d7:/#
And, of course, you can also perform builds:
cker run -i -t --privileged -e http_proxy -e https_proxy jrandall/docker-proxify
ing for docker daemon to start........................................ ready.
@cfe1d7f50ae7:/docker# docker build -q github.com/dockerfile/ubuntu
ading context 179.7 kB
ading context
0 : FROM ubuntu:14.04
ing repository ubuntu
81b80c55: Download complete
36ea3c5a: Download complete
087f3ffe: Download complete
dd3ebc1c: Download complete
0efcfd86: Download complete
> 99ec81b80c55
1 : RUN sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && apt-get update && apt-get -y upgrade && apt-get install -y build-essential && apt-get install -y software-properties-common && apt-get install -y byobu curl git htop man unzip vim wget
> Running in 962eb069652b
-> 22da5f7ea962
ving intermediate container 962eb069652b
2 : ADD root/.bashrc /root/.bashrc
> 88e1fd9d0b6b
ving intermediate container 3914e9c5dff9
3 : ADD root/.gitconfig /root/.gitconfig
> ab4287ac0538
ving intermediate container 16a46d7b93e3
4 : ADD root/scripts /root/scripts
> 064e5b50317b
ving intermediate container 793dc91e2dee
5 : ENV HOME /root
> Running in c9861ddb3b83
> b0733c094c91
ving intermediate container c9861ddb3b83
6 : WORKDIR /root
> Running in cf95cf89c834
> b359db7cbd41
ving intermediate container cf95cf89c834
7 : CMD ["bash"]
> Running in 7d0ded16cc56
> afcd247466a7
ving intermediate container 7d0ded16cc56
essfully built afcd247466a7
@4ad182e3a976:/docker# docker run -i -t afcd247466a7
ot@5556a3ca0a17:~ ]$
If you are trying to access a proxy server running on localhost (for example, cntlm as a pass-through to an NTLM proxy requiring authentication, or a local squid cache), please note that you will not be able to access a daemon listening on the host from within the container. For example, setting http_proxy = '127.0.0.1:3128' will not allow docker-proxify to access a proxy server running on the container host listening on 3128. To work around this problem, you can either run the proxy server from within docker-proxify or you will need to bind the daemon to an interface with a real IP address. To run a proxy server from within docker-proxify, you'd need to first run docker-proxify and install the proxy server software and any configuration you need, and then commit those changes to a new image from the changes you made to the container, and then run that image in place of 'jrandall/docker-proxify'.