在Windows上的代理后面设置docker工具箱 [英] Setup docker toolbox behind proxy on Windows
问题描述
根据我的公司政策,我们使用Windows 7,并且在计算机上具有特权访问权限(管理员权限的子集).
As per my corporate policies, we are using windows 7, with privileged access (subset of admin rights) on the machine.
我已经安装了docker工具箱,但是当它需要从Artifactory公司的Docker中心提取图像时,由于HTTPS和代理,我遇到了问题.
I have installed docker toolbox however when its time to pull images from Docker hub of companies Artifactory i was getting issues because of HTTPS and proxy.
推荐答案
我终于弄清楚了如何在Windows 7上使用HTTPS证书在公司代理后面正确设置docker工具箱.
I finally figured this out on how properly to set-up docker toolbox on windows 7 behind corporate proxy with HTTPS certs.
以下是步骤
- 安装Docker工具箱
- 安装后,转到
C:/Users/<user>/.docker/machine/machines/default并打开config.json.如果您没有该文件夹,请从您的桌面打开"Docker Quickstart Terminal",为您自己创建一个虚拟盒子docker-machine. - 在 下添加以下行
- Install Docker Toolbox
- After installation, go to
C:/Users/<user>/.docker/machine/machines/defaultand openconfig.json. If you do not have that folder, then please open "Docker Quickstart Terminal" from your desktop to create a virtual box docker-machine for yourself. - Add the following lines under
{
"HostOptions": {
...
"EngineOptions": {
...
"Env": [
"HTTP_PROXY=http://<username>:<pwd>@<host>:<port>",
"HTTPS_PROXY=http://<username>:<pwd>@<host>:<port>",
"NO_PROXY=<docker-machine ip>"
],
}
}
}
请注意HTTPS_PROXY中的http.
-
完成上述步骤后,您需要安装公司证书
After the above step, you need to install the company certs
获取一组企业根证书,该证书应安装在企业配置的浏览器中.在Chrome中,您可以转到设置",单击显示高级设置",然后向下滚动到HTTPS/SSL,在其中可以选择管理证书".我的组织已将它们放入受信任的根证书颁发机构"中,并以该组织的名字命名.导出每个(我有两个),一次导出一个,确保选择DER格式.
Get the set of corporate root certificates, which should be installed in your corporate-configured browser. In Chrome, you can go to Settings, click Show advanced settings, and scroll down to HTTPS/SSL, where you can choose Manage Certificates. My organization has put them in Trusted Root Cerftification Authorities and named them after the organization. Export each (I have two), one at a time, making sure to choose DER format.
将它们保存到已知位置后,您将需要将它们转换为PEM格式.我发现最简单的方法是从Docker快速入门终端中运行openssl.exe [1]命令.
Once you have them saved to a known location, you will want to convert them to PEM format. The easiest way I found to do this was to run the openssl.exe[1] command from within the Docker Quickstart Terminal.
openssl x509 -inform der -in certificate.cer -out certificate.pem
-
一旦有了.pem文件,您将需要将它们复制到Docker机器可以访问的位置.我在
c:\Users\my.username\certs中创建了一个目录并将其复制到那里.
Once you have the .pem files, you will want to copy them to a location to which your Docker machine has access. I made a directory in
c:\Users\my.username\certsand copied them there.
此步骤可能并非严格必要,但这是我所做的,并且可以正常工作.您将需要将这些证书复制到持久的boot2docker分区中.我正在连接到我的默认计算机,这是您需要执行第5步的操作.
This step may not be strictly necessary, but it's what I did, and it works. You will want to copy those certificates into your boot2docker partition, which is persistent. I am connecting to my default machine, which IS something you will need to do for Step 5.
MINGW64:$
docker-machine ssh default
docker @ default:〜$ sudo -s
docker@default:~$ sudo -s
root @ default:/home/docker#mkdir /var/lib/boot2docker/certs
root@default:/home/docker# mkdir /var/lib/boot2docker/certs
root @ default:/home/docker#cp /c/Users/my.username/certs/*.pem /var/lib/boot2docker/certs/
root@default:/home/docker# cp /c/Users/my.username/certs/*.pem /var/lib/boot2docker/certs/
现在是时候编写一个bootlocal.sh脚本了,该脚本将在每次系统启动时将证书复制到正确的位置.[2]如果还没有,请按照步骤4打开与计算机的SSH连接.
Now it's time to write a bootlocal.sh script, which will copy the certificates to the proper location each time the system starts.[2] If you haven't already, open an SSH connection to the machine, per Step 4.
touch /var/lib/boot2docker/bootlocal.sh && chmod +x /var/lib/boot2docker/bootlocal.sh
vi /var/lib/boot2docker/bootlocal.sh
插入以下内容并保存文件:
Insert the following and save the file:
#!/bin/sh
mkdir -p /etc/docker/certs.d && cp certs/certificate.pem /etc/docker/certs.d
通过在计算机内部使用reboot命令或在Docker终端中使用docker-machine命令重新启动计算机:
Restart the machine, either by using the reboot command from within the machine, or by using the docker-machine command from the Docker terminal:
docker-machine restart default
现在,您应该可以运行"hello-world"和其他了.我希望这有帮助.
Now you should be able to run 'hello-world' and others. I hope this helps.
参考: Windows上的Docker(Boot2Docker) -证书由未知授权错误签名
这篇关于在Windows上的代理后面设置docker工具箱的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
