如何让 Docker 在企业防火墙后面的 Windows 系统上运行? [英] How do I get Docker to run on a Windows system behind a corporate firewall?
问题描述
我正在尝试按照本教程进行 Docker 安装:http://docs.docker.io/en/latest/installation/windows/
I'm trying to get a working Docker installation following this tutorial: http://docs.docker.io/en/latest/installation/windows/
到目前为止,我使用手动下载的存储库运行虚拟机(按照 GitHub 链接并下载为 ZIP 文件,因为git clone"在我的公司代理后面不起作用,即使在使用"git conf --global http.proxy ..." - 尽管我输入了用户名和密码,但它一直要求我进行身份验证 407).
So far, I got the VM running with a manually downloaded repository (followed the GitHub link and downloaded as a ZIP file, because "git clone" didn't work behind my corporate proxy, even after setting up the proxy with "git conf --global http.proxy ..." - it kept asking me for authentification 407, although I entered my user name and password).
现在我处于应该使用docker run busybox echo hello world
"(运行 Docker"部分)的状态.
Now I am in the state in which I should use "docker run busybox echo hello world
" (Section "Running Docker").
当我这样做时,我首先被告知未安装 Docker(如教程底部所示),然后,在我使用 apt-get install docker
获得它后,我get 遇到分段错误或严重错误.转储核心并中止."
When I do this, I first get told that Docker is not installed (as shown at the bottom of the tutorial), and then, after I got it with apt-get install docker
, I get "Segmentation Fault or critical error encountered. Dumping core and aborting."
我现在能做什么?这是因为我没有使用 git clone
还是 Docker 安装有问题?我在某处读到,apt-get install docker
没有安装我想要的 Docker,而是安装了一些 GNOME 工具.我可以指定我的 apt-request 以获得正确的工具吗?
What can I do now? Is this because I didn't use git clone
or is something wrong with the Docker installation? I read somewhere, that apt-get install docker
doesn't install the Docker I want, but some GNOME tool. Can I maybe specify my apt-request to get the right tool?
推荐答案
企业代理背后的Windows Boot2Docker
(背景:2015 年 3 月,Windows 7,在企业代理之后)
Windows Boot2Docker behind corporate proxy
(Context: March 2015, Windows 7, behind corporate proxy)
克隆它并:
- 在
env.bat.template
之后配置..env.bat
, - 在
profile
"文件中添加你想要的别名, - 执行
senv.bat
,然后执行b2d.bat
.
- configure
..env.bat
following theenv.bat.template
, - add the alias you want in the '
profile
' file, - execute
senv.bat
thenb2d.bat
.
然后你就在一个正确定制的 boot2docker
环境中:
You then are in a properly customized boot2docker
environment with:
- 当您键入
docker search/pull
时,ssh 会话能够在公司代理后面访问互联网. - 当 Dockerfile 执行
apt-get update/install
并且您键入docker build
时,它们能够通过公司代理访问互联网.
- an ssh session able to access internet behind corporate proxy when you type
docker search/pull
. - Dockerfiles able to access internet behind corporate proxy when they do an
apt-get update/install
and you type adocker build
.
如果您是工作站的管理员,则可以在 Windows 上运行 boot2docker install.
它目前带有:
If you are admin of your workstation, you can run boot2docker install on your Windows.
It currently comes with:
- Boot2Docker 1.5.0(Docker v1.5.0,Linux v3.18.5)
- Boot2Docker 管理工具 v1.5.0
- VirtualBox v4.3.20-r96997
- msysGit v1.9.5-preview20141217
然后,一旦安装:
- 在您的
%PATH%
中添加 - (一次):
boot2docker init
boot2docker start
boot2docker ssh
- 输入
exit
退出 ssh 会话,boot2docker ssh
返回:您刚刚输入的命令历史被保留. - 如果你想关闭虚拟机,
boot2docker stop
c:path oBoot2Docker For Windows
- add
c:path oBoot2Docker For Windows
in your%PATH%
- (one time):
boot2docker init
boot2docker start
boot2docker ssh
- type
exit
to exit the ssh session, andboot2docker ssh
to go back in: the history of commands you just typed is preserved. - if you want to close the VM,
boot2docker stop
如果您打开 Virtual Box GUI,并输入 DOS cmd 会话 boot2docker start
或 stop代码>.
You actually can see the VM start or stop if you open the Virtual Box GUI, and type in a DOS cmd session boot2docker start
or stop
.
要理解的要点是您将需要管理 2 个主机:
- 您的 Windows 工作站是 Linux Tiny Core 的主机 由 VirtualBox 运行,以便您定义和运行容器
(%HOME%.boot2dockeroot2docker.iso
=>
.%USERPROFILE%VirtualBox VMsoot2docker-vmoot2docker-vm.vmdk
), - 您的 boot2docker Linux Tiny Core 是您将要运行的容器的宿主.
- your Windows workstation is the host to the Linux Tiny Core run by VirtualBox in order for you to define and run containers
(%HOME%.boot2dockeroot2docker.iso
=>
.%USERPROFILE%VirtualBox VMsoot2docker-vmoot2docker-vm.vmdk
), - Your boot2docker Linux Tiny Core is host to your containers that you will run.
就代理而言,这意味着:
- 您的 Windows 主机必须设置了它的
HTTP_PROXY
、HTTPS_PROXY
和NO_PROXY
环境变量(您可能已经有了它们,并且可以使用它们例如通过 Virtual Box 检测 Virtual Box 的新版本) - 您的 Tiny Core Host 必须为:
- docker 服务能够查询/加载图像(例如:
docker search nginx
).
如果没有设置,下一个docker pull
会给你一个dial tcp:lookup index.docker.io: no such host
.
这是在新文件/var/lib/boot2docker/profile
中设置的:它是profile
,而不是.profile
. - docker 帐户(在
/home/docker/.ashrc
中设置),如果您需要执行任何其他命令(docker 除外),则需要互联网接入) - 您将创建的任何 Dockerfile(或下一个
RUN apt-get update
将为您提供一个,例如,Could not resolve 'http.debian.net'
).
这意味着您必须首先添加行ENV http_proxy http://...
,在任何需要互联网访问的RUN
命令之前.
- Your Windows Host must have set its
HTTP_PROXY
,HTTPS_PROXY
andNO_PROXY
environment variable (you probably have them already, and they can be used for instance by the Virtual Box to detect new versions of Virtual Box) - Your Tiny Core Host must have set
http_proxy
,https_proxy
andno_proxy
(note the case, lowercase in the Linux environment) for:- the docker service to be able to query/load images (for example:
docker search nginx
).
If not set, the nextdocker pull
will get you adial tcp: lookup index.docker.io: no such host
.
This is set in a new file/var/lib/boot2docker/profile
: it isprofile
, not.profile
. - the docker account (to be set in
/home/docker/.ashrc
), if you need to execute any other command (other than docker) which would require internet access) - any Dockerfile that you would create (or the next
RUN apt-get update
will get you a, for example,Could not resolve 'http.debian.net'
).
That means you must add the linesENV http_proxy http://...
first, before anyRUN
command requiring internet access.
一个好的
no_proxy
设置是:.company,.sock,localhost,127.0.0.1,::1,192.168.59.103
(使用
.company
"表示您公司的域名,用于内部网站)(with '
.company
' the domain name of your company, for the internal sites)要理解的另一点是 boot2docker 使用 Tiny Core,这是一个...微型 Linux 发行版(.iso 文件只有 26 MB).
并且 Tiny Core 不提供持久性(除了一些技术文件夹):如果您使用所有首选设置和别名修改~/.ashrc
... 下一个boot2docker stop/boot2docker start
将恢复原始 Linux 环境,你的修改消失了.The other point to understand is that boot2docker uses Tiny Core, a... tiny Linux distribution (the .iso file is only 26 MB).
And Tiny Core offers no persistence (except for a few technical folders): if you modify your~/.ashrc
with all your preferred settings and alias... the nextboot2docker stop / boot2docker start
will restore a pristine Linux environment, with your modification gone.您需要确保 VirtualBox 已下载 Oracle_VM_VirtualBox_Extension_Pack并在 Virtual Box/File/Settings/Extension/添加
Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack
文件).You need to make sure the VirtualBox has the Oracle_VM_VirtualBox_Extension_Pack downloaded and added in the Virtual Box / File / Settings / Extension / add the
Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack
file).如 记录在 boot2docker 中,您将可以访问(从您的 Tiny Coressh 会话)到
/c/Users/
(即%USERPROFILE%
由 Virtual Box 共享)As documented in boot2docker, you will have access (from your Tiny Core ssh session) to
/c/Users/<yourLogin>
(ie the%USERPROFILE%
is shared by Virtual Box)最后要理解的一点是默认不导出端口:
- 您的容器端口在您的 Tiny Core 主机上是不可见的(例如,您必须使用
-p 80:80
才能将容器的 80 端口暴露给 Linux 会话的 80 端口) - 默认情况下,您的 Tiny Cort 端口不会从您的 Virtual Box VM 导出:即使您的容器在 Tiny Core 中可见,您的 Windows 浏览器也不会看到它:http://127.0.0.1 不起作用
连接已重置
".
- your container ports are not visible from your Tiny Core host (you must use
-p 80:80
for example in order to expose the 80 port of the container to the 80 port of the Linux session) - your Tiny Cort ports are not exported from your Virtual Box VM by default: even if your container is visible from within Tiny Core, your Windows browser won't see it: http://127.0.0.1 won't work "
The connection was reset
".
第一点,
docker run -it --rm --name my-apache-app -v "$PWD":/usr/local/apache2/htdocs/httpd:2.4
没有-p 80:80
就不能工作.For the first point,
docker run -it --rm --name my-apache-app -v "$PWD":/usr/local/apache2/htdocs/ httpd:2.4
won't work without a-p 80:80
in it.对于第二点,定义一个别名
doskey vbm="c:Program FilesOracleVirtualBoxVBoxManage.exe" $*
,然后:- 如果 Virtual Box 'boot2docker-vm
' 尚未启动,则使用vbm modifyvm
- 如果 Virtual Box 'boot2docker-vm
' 已经 启动,则使用vbm controlvm
For the second point, define an alias
doskey vbm="c:Program FilesOracleVirtualBoxVBoxManage.exe" $*
, and then: - if the Virtual Box 'boot2docker-vm
' is not yet started, usesvbm modifyvm
- if the Virtual Box 'boot2docker-vm
' is already started, usesvbm controlvm
通常,如果我在 boot2docker 会话期间意识到无法从 Windows 访问端口 80:
Typically, if I realize, during a boot2docker session, that the port 80 is not accessible from Windows:
vbm controlvm "boot2docker-vm" natpf1 "tcp-port80,tcp,,80,,80"; vbm controlvm "boot2docker-vm" natpf1 "udp-port80,udp,,80,,80";
然后,只有这样,我才能访问http://127.0.0.1
Then, and only then, I can access http://127.0.0.1
为了方便使用
boot2docker
:- 在 Windows 上创建一个文件夹
%USERPROFILE%prog2d
- 在其中添加
.profile
(直接在 Windows 中,在%USERPROFILE%prog2d
),使用您的设置和别名.
- create on Windows a folder
%USERPROFILE%prog2d
- add a
.profile
in it (directly in Windows, in%USERPROFILE%prog2d
), with your settings and alias.
例如(我修改了原来的
/home/docker/.ashrc
):For example (I modified the original
/home/docker/.ashrc
):# ~/.ashrc: Executed by SHells. # . /etc/init.d/tc-functions if [ -n "$DISPLAY" ] then `which editor >/dev/null` && EDITOR=editor || EDITOR=vi else EDITOR=vi fi export EDITOR # Alias definitions. # alias df='df -h' alias du='du -h' alias ls='ls -p' alias ll='ls -l' alias la='ls -la' alias d='dmenu_run &' alias ce='cd /etc/sysconfig/tcedir' export HTTP_PROXY=http://<user>:<pwd>@proxy.company:80 export HTTPS_PROXY=http://<user>:<pwd>@proxy.company:80 export NO_PROXY=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103 export http_proxy=http://<user>:<password>@proxy.company:80 export https_proxy=http://<user>:<password>@proxy.company:80 export no_proxy=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103 alias l='ls -alrt' alias h=history alias cdd='cd /c/Users/<user>/prog/b2d' ln -fs /c/Users/<user>/prog/b2d /home/docker
(192.168.59.103通常是
boot2docker ip
返回的ip)(192.168.59.103 is usually the ip returned by
boot2docker ip
)- 在您的
%PATH%
中创建并添加一个b2d.bat
脚本,它将:- 启动
boot2docker
- 为
docker
服务(已重新启动)和/home/docker
用户帐户复制正确的配置文件. - 启动一个交互式 ssh 会话
- create and add a
b2d.bat
script in your%PATH%
which will:- start
boot2docker
- copy the right profile, both for the
docker
service (which is restarted) and for the/home/docker
user account. - initiate an interactive ssh session
即:
doskey vbm="c:Program FilesOracleVirtualBoxVBoxManage.exe" $* boot2docker start boot2docker ssh sudo cp -f /c/Users/<user>/prog/b2d/.profile /var/lib/boot2docker/profile boot2docker ssh sudo /etc/init.d/docker restart boot2docker ssh cp -f /c/Users/<user>/prog/b2d/.profile .ashrc boot2docker ssh
为了进入一个新的 boot2docker 会话,并根据需要完全定义您的设置,只需输入:
In order to enter a new boot2docker session, with your settings defined exactly as you want, simply type:
b2d
你很高兴:
- a
docker search xxx
将工作(它将访问互联网) - 任何
docker build
都可以工作(如果ENV http_proxy
指令存在,它将访问互联网) %USERPROFILE%prog2d
中的任何 Windows 文件都可以直接从~/b2d
修改.
或者,您实际上可以直接在 Windows 会话中使用您喜欢的编辑器(而不是vi
)编写和修改这些相同的文件(如某些 Dockerfile)
- a
docker search xxx
will work (it will access internet) - any
docker build
will work (it will access internet if theENV http_proxy
directives are there) - any Windows file from
%USERPROFILE%prog2d
can be modified right from~/b2d
.
Or you actually can write and modify those same files (like some Dockerfile) right from your Windows session, using your favorite editor (instead ofvi
)
所有这一切,都在企业防火墙之后.
And all this, behind a corporate firewall.
也许我公司的代理不允许 https.这是我的解决方法:
Maybe my company's proxy doesn't allow https. Here's my workaround:
boot2docker ssh
,
杀死docker进程和- 设置代理
export http_proxy=http://proxy.com
,然后 - 使用
docker -d --insercure-registry docker.io
启动 docker
boot2docker ssh
,
kill the docker process and- set the proxy
export http_proxy=http://proxy.com
, then - start docker with
docker -d --insercure-registry docker.io
这篇关于如何让 Docker 在企业防火墙后面的 Windows 系统上运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- start
- 启动
- the docker service to be able to query/load images (for example:
- docker 服务能够查询/加载图像(例如: