如何让Docker在公司防火墙后面的Windows系统上运行? [英] How do I get Docker to run on a Windows system behind a corporate firewall?
问题描述
我正在尝试按照本教程进行操作,以安装Docker:
http://docs.docker.io/zh-CN/latest/installation/windows/
到目前为止,我已经手动运行了VM下载的存储库(遵循GitHub链接并下载为ZIP文件,因为即使在使用 git conf --global http.proxy ...设置代理之后, git clone在我的公司代理后面也无法工作-一直要求我进行身份验证407,尽管我输入了用户名和密码)。
现在,我处于应该使用 docker run busybox echo hello world (正在运行Docker部分)。
当我这样做时,我首先被告知Docker不是安装(如本教程底部所示),然后用 apt-get install docker 进行安装后,出现 Segmentation Fault或critical error遇到了。 d流产。
我现在该怎么办?这是因为我没有使用 git clone 还是Docker安装有问题?我在某处读到, apt-get install docker 不是安装我想要的Docker,而是安装一些GNOME工具。
公司代理后面的Windows Boot2Docker
$ b,我可以指定我的apt-request以获取正确的工具吗?$ b
(上下文:2015年3月,Windows 7,在公司代理之后)
TLDR;参见GitHub项目 VonC / b2d :
克隆它并:
- 配置
.. \env.bat跟随env.bat.template, - 您要在
配置文件文件中使用的别名, - 执行
senv.bat然后b2d.bat。
然后您处于正确定制的 boot2docker 环境,其中:
- 当您使用SSH会话时,可以通过公司代理访问Internet键入
docker search / pull。 - Dockerfile在执行
apt-获取更新/安装,然后键入docker build。
安装和第一步
如果您是工作站的管理员,则可以运行在Windows上安装boot2docker 。
当前随附:
- Boot2Docker 1.5.0(Docker v1.5.0,Linux v3.18.5)
- Boot2Docker管理工具v1.5.0
- VirtualBox v4.3.20-r96997
- msysGit v1.9.5-preview20141217
然后,一次已安装:
- 添加
c:\path\to\Boot2Docker对于Windows\在您的%PATH%中 - (一次):
boot2docker init -
boot2docker start -
boot2docker ssh - 键入
exit退出ssh会话,并boot2docker ssh返回:保留您刚刚键入的命令的历史记录。 - 如果要关闭VM,请
boot2docker stop
如果打开Virtual Box GUI,您实际上可以看到 VM的启动或停止。 d在DOS cmd会话中键入 boot2docker start 或 stop 。
主机&代理:Windows => Boot2Docker => Docker容器
要理解的要点是,您将需要管理2个主机:
- Windows工作站是 由VirtualBox运行的Linux Tiny Core ,以便您定义和运行容器
(%HOME%\ \.boot2docker\boot2docker.iso=>
。%USERPROFILE%\VirtualBox虚拟机\boot2docker-vm\boot2docker-vm.vmdk), - 您的boot2docker Linux Tiny Core是主机的主机,用于运行您的容器。
用代理的意思是:
- 您的Windows Host必须设置其
HTTP_PROXY,HTTPS_PROXY和NO_PROXY环境变量(您可能已经有了它们,例如, Virtual Box以检测Virtual Box的新版本) - 您的小型Core Host必须已设置
http_proxy,https_proxy和no_proxy(注意大小写,在Linux环境中为小写),表示:
- docker服务,以便能够查询/加载图像(例如:
docker search nginx)。
如果未设置,则下一个docker pull将为您提供拨号tcp:查找索引。docker.io:没有这样的主机。
这是在新文件/ var / lib / boot2docker / profile中设置的:它是profile,而不是.profile。 - docker帐户(要在
/home/docker/.ashrc中设置)需要执行任何其他需要Internet访问的命令(除docker以外的其他命令) - 您要创建的任何Dockerfile (或下一个
运行apt-get update会得到一个提示,例如无法解析'http.debian.net')。
这意味着您必须先添加ENV http_proxy http:// ...行,然后再运行RUN
- docker服务,以便能够查询/加载图像(例如:
好的 no_proxy 设置为:
.company,.sock,localhost,127.0.0.1,:: 1,192.168。 59.103
(带有' .company '
数据持久化吗?使用文件夹共享
要理解的另一点是 boot2docker使用Tiny Core ,这是一个很小的Linux发行版(.iso文件是仅26 MB)。
并且 Tiny Core没有持久性(除了一些技术文件夹):如果您修改〜/ .ashrc 以及所有的首选设置和别名...下一个 boot2docker stop / boot2docker start 将还原原始 Linux环境,< 。
您需要确保VirtualBox具有 Oracle_VM_VirtualBox_Extension_Pack 下载并添加到Virtual Box / File / Settings / Extension /中,并添加了 Oracle_VM_VirtualBox_Extension_Pack-4.x。 yy-zzzzz.vbox-extpack 文件)。
记录在boot2docker中,您将可以(通过Tiny Core ssh会话)访问 / c / Users /< yourLogin> (即%USERPROFILE% 由Virtual Box共享)
端口重定向?对于VirtualBox VM的容器和
要了解的最后一点是默认情况下不导出任何端口:
- 您的容器端口在Tiny Core主机上不可见(您必须使用
-p 80:80 以便将容器的80端口暴露给Linux会话的80端口) - 您的 Tiny Cort端口不会从虚拟盒中导出VM默认情况下:即使您的容器在Tiny Core中可见,您的Windows浏览器也不会看到它: http:/ /127.0.0.1 不起作用
连接已重置。
首先, docker运行-it --rm --name my-apache-app -v $ PWD:/ usr / local / apache2 / htdocs / httpd:2.4 如果没有 -p 80:80 ,将无法正常工作。
第二点,定义别名 doskey vbm = c:\Program Files\Oracle\Virtual Box\VBoxManage.exe $ * ,然后:
-如果虚拟框' boot2docker-vm '还没有开始,使用 vbm Modifyvm
-如果虚拟框' boot2docker-vm '已经 开始,使用 vbm controlvm
通常,如果我在boot2docker会话期间意识到无法从Windows访问端口80:
vbm controlvm boot2docker-vm natpf1 tcp-port80,tcp ,, 80, ,80;
vbm controlvm boot2docker-vm natpf1 udp-port80,udp ,, 80,,80;
然后,只有这样,我才能访问 http://127.0.0.1
永久设置:复制到docker服务和 docker帐户
为了轻松使用 boot2docker :
- 在Windows上创建文件夹
%USERPROFILE%\prog\b2d - 在其中添加一个
.profile(直接在Windows中,在%USERPROFILE%\prog\b2d ),具有您的设置和别名。
例如(我修改了原始的 /home/docker/.ashrc ):
#〜/ .ashrc:由SHells执行。
#
。 /etc/init.d/tc-functions
if [-n $ DISPLAY]
然后
`哪个编辑器> / dev / null`&& EDITOR =编辑器|| EDITOR = vi
else
EDITOR = vi
fi
export EDITOR
#别名定义。
#
别名df ='df -h'
别名du ='du -h'
别名ls ='ls -p'
别名ll ='ls -l'
别名la ='ls -la'
别名d ='dmenu_run&'
别名ce ='cd / etc / sysconfig / tcedir '
export HTTP_PROXY = http://< user>:< pwd> @ proxy.company:80
export HTTPS_PROXY = http://< user>:< pwd> ; @ proxy.company:80
export NO_PROXY = .company,.sock,localhost,127.0.0.1,:: 1,192.168.59.103
export http_proxy = http://< user> :<密码> @ proxy.company:80
导出https_proxy = http://< user>:<密码> @ proxy.company:80
export no_proxy = .company,.sock,本地主机,127.0.0.1,:: 1,192.168.59.103
别名l ='ls -alrt'
别名h = history
别名cdd ='cd / c / Users /< ; user> / prog / b2d'
ln -fs / c / Users /< user> / prog / b2d / home / docker
(192.168.59.103通常是 boot2docker ip 返回的ip)
将所有内容放在一起启动boot2docker会话: b2d.bat
- 创建并添加<$您的
%PATH%中的c $ c> b2d.bat 脚本,它将:
- 启动
boot2docker - 复制正确的配置文件,均用于
docker服务(已重新启动)并为/ home / docker用户帐户。 - 启动交互式ssh会话
- 启动
即:
doskey vbm = c:\Program Files\Oracle\VirtualBox\VBoxManage.exe $ *
boot2docker start
boot2docker ssh sudo cp -f / c / Users /< user> /prog/b2d/.profile / var / lib / boot2docker / profile
boot2docker ssh sudo sudo /etc/init.d/docker restart
boot2docker ssh cp -f / c /Users/<user>/prog/b2d/.profile .ashrc
boot2docker ssh
要输入新的boot2docker会话,并根据需要精确定义您的设置,只需键入:
b2d
您很高兴:
最终结果:
- a
docker search xxx将起作用(它将访问互联网) - 任何
docker build将起作用(如果存在ENV http_proxy指令,它将访问Internet) -
%USERPROFILE%\prog\b2d中的任何Windows文件都可以直接从〜/ b2d中进行修改。< br>
或者您实际上可以直接使用自己喜欢的编辑器(而不是vi)在Windows会话中编写和修改相同的文件(如Dockerfile)
所有这些都在公司防火墙后面。
奖金:仅http
也许我公司的代理不允许https 。这是我的解决方法:
-
boot2docker ssh,
终止docker进程,并 - 设置代理
export http_proxy = http://proxy.com,然后 - 使用
docker -d --insercure-registry docker.io - configure
..\env.batfollowing theenv.bat.template, - add the alias you want in the '
profile' file, - execute
senv.batthenb2d.bat. - an ssh session able to access internet behind corporate proxy when you type
docker search/pull. - Dockerfiles able to access internet behind corporate proxy when they do an
apt-get update/installand you type adocker build. - Boot2Docker 1.5.0 (Docker v1.5.0, Linux v3.18.5)
- Boot2Docker Management Tool v1.5.0
- VirtualBox v4.3.20-r96997
- msysGit v1.9.5-preview20141217
- add
c:\path\to\Boot2Docker For Windows\in your%PATH% - (one time):
boot2docker init boot2docker startboot2docker ssh- type
exitto exit the ssh session, andboot2docker sshto go back in: the history of commands you just typed is preserved. - if you want to close the VM,
boot2docker stop - your Windows workstation is the host to the Linux Tiny Core run by VirtualBox in order for you to define and run containers
(%HOME%\.boot2docker\boot2docker.iso=>
.%USERPROFILE%\VirtualBox VMs\boot2docker-vm\boot2docker-vm.vmdk), - Your boot2docker Linux Tiny Core is host to your containers that you will run.
- Your Windows Host must have set its
HTTP_PROXY,HTTPS_PROXYandNO_PROXYenvironment variable (you probably have them already, and they can be used for instance by the Virtual Box to detect new versions of Virtual Box) - Your Tiny Core Host must have set
http_proxy,https_proxyandno_proxy(note the case, lowercase in the Linux environment) for:- the docker service to be able to query/load images (for example:
docker search nginx).
If not set, the nextdocker pullwill get you adial tcp: lookup index.docker.io: no such host.
This is set in a new file/var/lib/boot2docker/profile: it isprofile, not.profile. - the docker account (to be set in
/home/docker/.ashrc), if you need to execute any other command (other than docker) which would require internet access) - any Dockerfile that you would create (or the next
RUN apt-get updatewill get you a, for example,Could not resolve 'http.debian.net').
That means you must add the linesENV http_proxy http://...first, before anyRUNcommand requiring internet access.
- the docker service to be able to query/load images (for example:
I'm trying to get a working Docker installation following this tutorial: http://docs.docker.io/en/latest/installation/windows/
So far, I got the VM running with a manually downloaded repository (followed the GitHub link and downloaded as a ZIP file, because "git clone" didn't work behind my corporate proxy, even after setting up the proxy with "git conf --global http.proxy ..." - it kept asking me for authentification 407, although I entered my user name and password).
Now I am in the state in which I should use "docker run busybox echo hello world" (Section "Running Docker").
When I do this, I first get told that Docker is not installed (as shown at the bottom of the tutorial), and then, after I got it with apt-get install docker, I get "Segmentation Fault or critical error encountered. Dumping core and aborting."
What can I do now? Is this because I didn't use git clone or is something wrong with the Docker installation? I read somewhere, that apt-get install docker doesn't install the Docker I want, but some GNOME tool. Can I maybe specify my apt-request to get the right tool?
Windows Boot2Docker behind corporate proxy
(Context: March 2015, Windows 7, behind corporate proxy)
TLDR; see GitHub project VonC/b2d:
Clone it and:
You then are in a properly customized boot2docker environment with:
Installation and first steps
If you are admin of your workstation, you can run boot2docker install on your Windows.
It currently comes with:
Then, once installed:
You actually can see the VM start or stop if you open the Virtual Box GUI, and type in a DOS cmd session boot2docker start or stop.
Hosts & Proxy: Windows => Boot2Docker => Docker Containers
The main point to understand is that you will need to manage 2 HOSTS:
In term of proxy, that means:
A good no_proxy to set is:
.company,.sock,localhost,127.0.0.1,::1,192.168.59.103
(with '.company' the domain name of your company, for the internal sites)
Data persistence? Use folder sharing
The other point to understand is that boot2docker uses Tiny Core, a... tiny Linux distribution (the .iso file is only 26 MB).
And Tiny Core offers no persistence (except for a few technical folders): if you modify your ~/.ashrc with all your preferred settings and alias... the next boot2docker stop / boot2docker start will restore a pristine Linux environment, with your modification gone.
You need to make sure the VirtualBox has the Oracle_VM_VirtualBox_Extension_Pack downloaded and added in the Virtual Box / File / Settings / Extension / add the Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack file).
As documented in boot2docker, you will have access (from your Tiny Core ssh session) to /c/Users/<yourLogin> (ie the %USERPROFILE% is shared by Virtual Box)
Port redirection? For container and for VirtualBox VM
The final point to understand is that no port is exported by default:
- your container ports are not visible from your Tiny Core host (you must use
-p 80:80for example in order to expose the 80 port of the container to the 80 port of the Linux session) - your Tiny Cort ports are not exported from your Virtual Box VM by default: even if your container is visible from within Tiny Core, your Windows browser won't see it: http://127.0.0.1 won't work "
The connection was reset".
For the first point, docker run -it --rm --name my-apache-app -v "$PWD":/usr/local/apache2/htdocs/ httpd:2.4 won't work without a -p 80:80 in it.
For the second point, define an alias doskey vbm="c:\Program Files\Oracle\VirtualBox\VBoxManage.exe" $*, and then:
- if the Virtual Box 'boot2docker-vm' is not yet started, uses vbm modifyvm
- if the Virtual Box 'boot2docker-vm' is already started, uses vbm controlvm
Typically, if I realize, during a boot2docker session, that the port 80 is not accessible from Windows:
vbm controlvm "boot2docker-vm" natpf1 "tcp-port80,tcp,,80,,80";
vbm controlvm "boot2docker-vm" natpf1 "udp-port80,udp,,80,,80";
Then, and only then, I can access http://127.0.0.1
Persistent settings: copied to docker service and docker account
In order to use boot2docker easily:
- create on Windows a folder
%USERPROFILE%\prog\b2d - add a
.profilein it (directly in Windows, in%USERPROFILE%\prog\b2d), with your settings and alias.
For example (I modified the original /home/docker/.ashrc):
# ~/.ashrc: Executed by SHells.
#
. /etc/init.d/tc-functions
if [ -n "$DISPLAY" ]
then
`which editor >/dev/null` && EDITOR=editor || EDITOR=vi
else
EDITOR=vi
fi
export EDITOR
# Alias definitions.
#
alias df='df -h'
alias du='du -h'
alias ls='ls -p'
alias ll='ls -l'
alias la='ls -la'
alias d='dmenu_run &'
alias ce='cd /etc/sysconfig/tcedir'
export HTTP_PROXY=http://<user>:<pwd>@proxy.company:80
export HTTPS_PROXY=http://<user>:<pwd>@proxy.company:80
export NO_PROXY=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103
export http_proxy=http://<user>:<password>@proxy.company:80
export https_proxy=http://<user>:<password>@proxy.company:80
export no_proxy=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103
alias l='ls -alrt'
alias h=history
alias cdd='cd /c/Users/<user>/prog/b2d'
ln -fs /c/Users/<user>/prog/b2d /home/docker
(192.168.59.103 is usually the ip returned by boot2docker ip)
Putting everything together to start a boot2docker session: b2d.bat
- create and add a
b2d.batscript in your%PATH%which will:- start
boot2docker - copy the right profile, both for the
dockerservice (which is restarted) and for the/home/dockeruser account. - initiate an interactive ssh session
- start
That is:
doskey vbm="c:\Program Files\Oracle\VirtualBox\VBoxManage.exe" $*
boot2docker start
boot2docker ssh sudo cp -f /c/Users/<user>/prog/b2d/.profile /var/lib/boot2docker/profile
boot2docker ssh sudo /etc/init.d/docker restart
boot2docker ssh cp -f /c/Users/<user>/prog/b2d/.profile .ashrc
boot2docker ssh
In order to enter a new boot2docker session, with your settings defined exactly as you want, simply type:
b2d
And you are good to go:
End result:
- a
docker search xxxwill work (it will access internet) - any
docker buildwill work (it will access internet if theENV http_proxydirectives are there) - any Windows file from
%USERPROFILE%\prog\b2dcan be modified right from~/b2d.
Or you actually can write and modify those same files (like some Dockerfile) right from your Windows session, using your favorite editor (instead ofvi)
And all this, behind a corporate firewall.
Bonus: http only
Tuan adds in the comments:
Maybe my company's proxy doesn't allow https. Here's my workaround:
boot2docker ssh,
kill the docker process and- set the proxy
export http_proxy=http://proxy.com, then - start docker with
docker -d --insercure-registry docker.io
这篇关于如何让Docker在公司防火墙后面的Windows系统上运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
