In the previous post we configured Docker to use a proxy by accessing for example the docker hub for searching/pulling containers.
If we are inside of a container and want to install for example additional packages or software by using a provided package manager like apt, we run into the next problem that the container is not able to access the internet, if you need to have a dedicated proxy (which is the case if you are behind a firewall)
We will enhance our previous proxy configuration, so the container can make use of an existing cntm proxy at the host.
Used environment:
- Ubuntu 14.04
- cntlm
- Docker
Docker generates a new virtual network called docker0 for the containers to communicate. If you run
ifconfig
you will recognize it at the output. It will look like the following:
docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2469501 errors:0 dropped:0 overruns:0 frame:0
TX packets:2183978 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3411641564 (3.4 GB) TX bytes:421520538 (421.5 MB)
The important entry we need to know there is the inet addr, which is in this case 172.17.42.1.
The cntlm proxy is mostly configured to listen to localhost:3128 by default.
We need to enhance it to listen also to the provided docker0 net interface, so the containers are able to access it and make use of it. Therefore we need to extend the cntlm configuration under /etc/cntlm.conf with the following entries:
# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format :
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen 3128
Listen 172.17.42.1:3128
Recognize that the ip from the docker0 interface is here used.
After this reatart the cntlm proxy.
sudo service cntlm restart
After this we can configure inside of a container the proxy by using the entry http://172.17.42.1:3128.
As a sample, inside of an ubuntu container you can add in /etc/apt/apt.conf.d/99proxy
Acquire::http::proxy "http://172.17.42.1:3128";
After this,
apt-get update
should be able to run inside of your container by using the cntlm proxy of the host machine.