如何让 Docker 在企业防火墙后面的 Windows 系统上运行? [英] How do I get Docker to run on a Windows system behind a corporate firewall?

问题描述

我正在尝试按照本教程进行 Docker 安装:http://docs.docker.io/en/latest/installation/windows/

I'm trying to get a working Docker installation following this tutorial: http://docs.docker.io/en/latest/installation/windows/

到目前为止，我使用手动下载的存储库运行虚拟机(按照 GitHub 链接并下载为 ZIP 文件，因为git clone"在我的公司代理后面不起作用，即使在使用"git conf --global http.proxy ..." - 尽管我输入了用户名和密码，但它一直要求我进行身份验证 407).

So far, I got the VM running with a manually downloaded repository (followed the GitHub link and downloaded as a ZIP file, because "git clone" didn't work behind my corporate proxy, even after setting up the proxy with "git conf --global http.proxy ..." - it kept asking me for authentification 407, although I entered my user name and password).

现在我处于应该使用docker run busybox echo hello world"(运行 Docker"部分)的状态.

Now I am in the state in which I should use "docker run busybox echo hello world" (Section "Running Docker").

当我这样做时，我首先被告知未安装 Docker(如教程底部所示)，然后，在我使用 apt-get install docker 获得它后，我get 遇到分段错误或严重错误.转储核心并中止."

When I do this, I first get told that Docker is not installed (as shown at the bottom of the tutorial), and then, after I got it with apt-get install docker, I get "Segmentation Fault or critical error encountered. Dumping core and aborting."

我现在能做什么?这是因为我没有使用 git clone 还是 Docker 安装有问题?我在某处读到，apt-get install docker 没有安装我想要的 Docker，而是安装了一些 GNOME 工具.我可以指定我的 apt-request 以获得正确的工具吗?

What can I do now? Is this because I didn't use git clone or is something wrong with the Docker installation? I read somewhere, that apt-get install docker doesn't install the Docker I want, but some GNOME tool. Can I maybe specify my apt-request to get the right tool?

推荐答案

企业代理背后的Windows Boot2Docker

(背景:2015 年 3 月，Windows 7，在企业代理之后)

Windows Boot2Docker behind corporate proxy

(Context: March 2015, Windows 7, behind corporate proxy)

克隆它并:

• 在env.bat.template之后配置..env.bat，
• 在profile"文件中添加你想要的别名，
• 执行senv.bat，然后执行b2d.bat.

• configure ..env.bat following the env.bat.template,
• add the alias you want in the 'profile' file,
• execute senv.bat then b2d.bat.

然后你就在一个正确定制的 boot2docker 环境中:

You then are in a properly customized boot2docker environment with:

• 当您键入 docker search/pull 时，ssh 会话能够在公司代理后面访问互联网.
• 当 Dockerfile 执行 apt-get update/install 并且您键入 docker build 时，它们能够通过公司代理访问互联网.

• an ssh session able to access internet behind corporate proxy when you type docker search/pull.
• Dockerfiles able to access internet behind corporate proxy when they do an apt-get update/install and you type a docker build.

如果您是工作站的管理员，则可以在 Windows 上运行 boot2docker install.
它目前带有:

If you are admin of your workstation, you can run boot2docker install on your Windows.
It currently comes with:

• Boot2Docker 1.5.0(Docker v1.5.0，Linux v3.18.5)
• Boot2Docker 管理工具 v1.5.0
• VirtualBox v4.3.20-r96997
• msysGit v1.9.5-preview20141217

然后，一旦安装:

• 在您的 %PATH%
中添加 c:path oBoot2Docker For Windows
• (一次):boot2docker init
• boot2docker start
• boot2docker ssh
• 输入 exit 退出 ssh 会话，boot2docker ssh 返回:您刚刚输入的命令历史被保留.
• 如果你想关闭虚拟机，boot2docker stop

• add c:path oBoot2Docker For Windows in your %PATH%
• (one time): boot2docker init
• boot2docker start
• boot2docker ssh
• type exit to exit the ssh session, and boot2docker ssh to go back in: the history of commands you just typed is preserved.
• if you want to close the VM, boot2docker stop

如果您打开 Virtual Box GUI，并输入 DOS cmd 会话 boot2docker start 或 stop.

You actually can see the VM start or stop if you open the Virtual Box GUI, and type in a DOS cmd session boot2docker start or stop.

要理解的要点是您将需要管理 2 个主机:

• 您的 Windows 工作站是 Linux Tiny Core 的主机 由 VirtualBox 运行，以便您定义和运行容器
  (%HOME%.boot2dockeroot2docker.iso =>
  .%USERPROFILE%VirtualBox VMsoot2docker-vmoot2docker-vm.vmdk),
• 您的 boot2docker Linux Tiny Core 是您将要运行的容器的宿主.

• your Windows workstation is the host to the Linux Tiny Core run by VirtualBox in order for you to define and run containers
  (%HOME%.boot2dockeroot2docker.iso =>
  .%USERPROFILE%VirtualBox VMsoot2docker-vmoot2docker-vm.vmdk),
• Your boot2docker Linux Tiny Core is host to your containers that you will run.

就代理而言，这意味着:

• 您的 Windows 主机必须设置了它的 HTTP_PROXY、HTTPS_PROXY 和 NO_PROXY 环境变量(您可能已经有了它们，并且可以使用它们例如通过 Virtual Box 检测 Virtual Box 的新版本)
• 您的 Tiny Core Host 必须为:
  • docker 服务能够查询/加载图像(例如:docker search nginx).
    如果没有设置，下一个docker pull会给你一个dial tcp:lookup index.docker.io: no such host.
    这是在新文件 /var/lib/boot2docker/profile 中设置的:它是 profile，而不是 .profile.
  • docker 帐户(在 /home/docker/.ashrc 中设置)，如果您需要执行任何其他命令(docker 除外)，则需要互联网接入)
  • 您将创建的任何 Dockerfile(或下一个 RUN apt-get update 将为您提供一个，例如，Could not resolve 'http.debian.net').
    这意味着您必须首先添加行 ENV http_proxy http://...，在任何需要互联网访问的 RUN 命令之前.
  • Your Windows Host must have set its HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variable (you probably have them already, and they can be used for instance by the Virtual Box to detect new versions of Virtual Box)
  • Your Tiny Core Host must have set http_proxy, https_proxy and no_proxy (note the case, lowercase in the Linux environment) for:
    • the docker service to be able to query/load images (for example: docker search nginx).
      If not set, the next docker pull will get you a dial tcp: lookup index.docker.io: no such host.
      This is set in a new file /var/lib/boot2docker/profile: it is profile, not .profile.
    • the docker account (to be set in /home/docker/.ashrc), if you need to execute any other command (other than docker) which would require internet access)
    • any Dockerfile that you would create (or the next RUN apt-get update will get you a, for example, Could not resolve 'http.debian.net').
      That means you must add the lines ENV http_proxy http://... first, before any RUN command requiring internet access.

    一个好的 no_proxy 设置是:

    .company,.sock,localhost,127.0.0.1,::1,192.168.59.103
    

    (使用.company"表示您公司的域名，用于内部网站)

    (with '.company' the domain name of your company, for the internal sites)

    要理解的另一点是 boot2docker 使用 Tiny Core，这是一个...微型 Linux 发行版(.iso 文件只有 26 MB).
    并且 Tiny Core 不提供持久性(除了一些技术文件夹):如果您使用所有首选设置和别名修改 ~/.ashrc... 下一个 boot2docker stop/boot2docker start 将恢复原始 Linux 环境，你的修改消失了.

    The other point to understand is that boot2docker uses Tiny Core, a... tiny Linux distribution (the .iso file is only 26 MB).
    And Tiny Core offers no persistence (except for a few technical folders): if you modify your ~/.ashrc with all your preferred settings and alias... the next boot2docker stop / boot2docker start will restore a pristine Linux environment, with your modification gone.

    您需要确保 VirtualBox 已下载 Oracle_VM_VirtualBox_Extension_Pack并在 Virtual Box/File/Settings/Extension/添加 Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack 文件).

    You need to make sure the VirtualBox has the Oracle_VM_VirtualBox_Extension_Pack downloaded and added in the Virtual Box / File / Settings / Extension / add the Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack file).

    如 记录在 boot2docker 中，您将可以访问(从您的 Tiny Coressh 会话)到 /c/Users/(即 %USERPROFILE% 由 Virtual Box 共享)

    As documented in boot2docker, you will have access (from your Tiny Core ssh session) to /c/Users/<yourLogin> (ie the %USERPROFILE% is shared by Virtual Box)

    最后要理解的一点是默认不导出端口:

    • 您的容器端口在您的 Tiny Core 主机上是不可见的(例如，您必须使用 -p 80:80 才能将容器的 80 端口暴露给 Linux 会话的 80 端口)
    • 默认情况下，您的 Tiny Cort 端口不会从您的 Virtual Box VM 导出:即使您的容器在 Tiny Core 中可见，您的 Windows 浏览器也不会看到它:http://127.0.0.1 不起作用连接已重置".
    • your container ports are not visible from your Tiny Core host (you must use -p 80:80 for example in order to expose the 80 port of the container to the 80 port of the Linux session)
    • your Tiny Cort ports are not exported from your Virtual Box VM by default: even if your container is visible from within Tiny Core, your Windows browser won't see it: http://127.0.0.1 won't work "The connection was reset".

    第一点，docker run -it --rm --name my-apache-app -v "$PWD":/usr/local/apache2/htdocs/httpd:2.4没有 -p 80:80 就不能工作.

    For the first point, docker run -it --rm --name my-apache-app -v "$PWD":/usr/local/apache2/htdocs/ httpd:2.4 won't work without a -p 80:80 in it.

    对于第二点，定义一个别名 doskey vbm="c:Program FilesOracleVirtualBoxVBoxManage.exe" $*，然后:- 如果 Virtual Box 'boot2docker-vm' 尚未启动，则使用 vbm modifyvm- 如果 Virtual Box 'boot2docker-vm' 已经 启动，则使用 vbm controlvm

    For the second point, define an alias doskey vbm="c:Program FilesOracleVirtualBoxVBoxManage.exe" $*, and then: - if the Virtual Box 'boot2docker-vm' is not yet started, uses vbm modifyvm - if the Virtual Box 'boot2docker-vm' is already started, uses vbm controlvm

    通常，如果我在 boot2docker 会话期间意识到无法从 Windows 访问端口 80:

    Typically, if I realize, during a boot2docker session, that the port 80 is not accessible from Windows:

    vbm controlvm "boot2docker-vm" natpf1 "tcp-port80,tcp,,80,,80";
    vbm controlvm "boot2docker-vm" natpf1 "udp-port80,udp,,80,,80";
    

    然后，只有这样，我才能访问http://127.0.0.1

    Then, and only then, I can access http://127.0.0.1

    为了方便使用boot2docker:

    • 在 Windows 上创建一个文件夹 %USERPROFILE%prog2d
    • 在其中添加 .profile(直接在 Windows 中，在%USERPROFILE%prog2d)，使用您的设置和别名.
    • create on Windows a folder %USERPROFILE%prog2d
    • add a .profile in it (directly in Windows, in%USERPROFILE%prog2d), with your settings and alias.

    例如(我修改了原来的/home/docker/.ashrc):

    For example (I modified the original /home/docker/.ashrc):

    # ~/.ashrc: Executed by SHells.
    #
    . /etc/init.d/tc-functions
    if [ -n "$DISPLAY" ]
    then
            `which editor >/dev/null` && EDITOR=editor || EDITOR=vi
    else
            EDITOR=vi
    fi
    export EDITOR
    
    # Alias definitions.
    #
    alias df='df -h'
    alias du='du -h'
    
    alias ls='ls -p'
    alias ll='ls -l'
    alias la='ls -la'
    
    alias d='dmenu_run &'
    alias ce='cd /etc/sysconfig/tcedir'
    
    export HTTP_PROXY=http://<user>:<pwd>@proxy.company:80
    export HTTPS_PROXY=http://<user>:<pwd>@proxy.company:80
    export NO_PROXY=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103
    
    export http_proxy=http://<user>:<password>@proxy.company:80
    export https_proxy=http://<user>:<password>@proxy.company:80
    export no_proxy=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103
    
    alias l='ls -alrt'
    alias h=history
    alias cdd='cd /c/Users/<user>/prog/b2d'
    
    ln -fs /c/Users/<user>/prog/b2d /home/docker
    

    (192.168.59.103通常是boot2docker ip返回的ip)

    (192.168.59.103 is usually the ip returned by boot2docker ip)

    • 在您的 %PATH% 中创建并添加一个 b2d.bat 脚本，它将:
      • 启动 boot2docker
      • 为 docker 服务(已重新启动)和 /home/docker 用户帐户复制正确的配置文件.
      • 启动一个交互式 ssh 会话
      • create and add a b2d.bat script in your %PATH% which will:
        • start boot2docker
        • copy the right profile, both for the docker service (which is restarted) and for the /home/docker user account.
        • initiate an interactive ssh session

        即:

        doskey vbm="c:Program FilesOracleVirtualBoxVBoxManage.exe" $*
        boot2docker start
        boot2docker ssh sudo cp -f /c/Users/<user>/prog/b2d/.profile /var/lib/boot2docker/profile
        boot2docker ssh sudo /etc/init.d/docker restart
        boot2docker ssh cp -f /c/Users/<user>/prog/b2d/.profile .ashrc
        boot2docker ssh
        

        为了进入一个新的 boot2docker 会话，并根据需要完全定义您的设置，只需输入:

        In order to enter a new boot2docker session, with your settings defined exactly as you want, simply type:

        b2d
        

        你很高兴:

        • a docker search xxx 将工作(它将访问互联网)
        • 任何 docker build 都可以工作(如果 ENV http_proxy 指令存在，它将访问互联网)
        • %USERPROFILE%prog2d 中的任何 Windows 文件都可以直接从 ~/b2d 修改.
          或者，您实际上可以直接在 Windows 会话中使用您喜欢的编辑器(而不是 vi)编写和修改这些相同的文件(如某些 Dockerfile)
        • a docker search xxx will work (it will access internet)
        • any docker build will work (it will access internet if the ENV http_proxy directives are there)
        • any Windows file from %USERPROFILE%prog2d can be modified right from ~/b2d.
          Or you actually can write and modify those same files (like some Dockerfile) right from your Windows session, using your favorite editor (instead of vi)

        所有这一切，都在企业防火墙之后.

        And all this, behind a corporate firewall.

        团添加了在评论中:

        也许我公司的代理不允许 https.这是我的解决方法:

        Maybe my company's proxy doesn't allow https. Here's my workaround:

        • boot2docker ssh,
          杀死docker进程和
        • 设置代理export http_proxy=http://proxy.com，然后
        • 使用 docker -d --insercure-registry docker.io
        启动 docker
        • boot2docker ssh,
          kill the docker process and
        • set the proxy export http_proxy=http://proxy.com, then
        • start docker with docker -d --insercure-registry docker.io

        这篇关于如何让 Docker 在企业防火墙后面的 Windows 系统上运行?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！