如何让Docker在企业防火墙后面的Windows系统上运行？ [英] How to get Docker to run on a Windows System behind a corporate firewall?

问题描述

我正在尝试在本教程之后得到一个工作的docker-installation：
http：/ /docs.docker.io/en/latest/installation/windows/

到目前为止，我使用手动下载的存储库运行VM（其次是github-link并以zip方式下载，因为git clone没有在我的公司代理之后工作，即使在使用git conf --global http.proxy ...设置代理之后，它仍然要求我进行身份验证407，尽管我进入我的用户& PW）。
现在我处于使用docker run busybox echo hello world（Running Docker一节）的状态。
当我这样做时，我首先被告知docker没有安装（如教程底部所示），然后，在我使用apt-get安装docker之后，我得到分段故障或关键遇到错误，倾销核心和中止。

现在该怎么办？这是因为我没有使用git克隆还是停靠码头安装有问题？我读到某个地方，apt-get install docker不安装我想要的docker，但是有些GNOME-Tool可以指定我的apt-request来获取正确的工具？

解决方案

企业代理背后的Windows Boot2Docker

（上下文：2015年3月，Windows 7，企业代理背后） b
$ b

TLDR;请参阅GitHub项目 VonC / b2d ：

克隆它和：

• 配置 .. \env.bat 在 env.bat.template 之后，


• 添加您要在个人资料中的别名'文件，


• 执行 senv.bat 然后 b2d.bat 。

然后，您正在定制 boot2docker 环境与

• 一个ssh会话能够访问公司代理后面的互联网您输入 docker search / pull 。


• Dockerfiles可以访问公司代理后面的互联网，当他们执行 apt -get update / install ，然后键入 docker build 。

---

安装和第一步

如果您是工作站的管理员，可以运行 boot2docker安装在您的Windows上。

它目前附带：

• Boot2Docker 1.5.0（Docker v1.5.0，Linux v3.18.5）


• Boot2Docker管理工具v1.5.0


• VirtualBox v4.3.20-r96997


• msysGit v1.9.5-preview20141217

然后，一旦安装：

• 添加 c：\path\to\Boot2Docker对于Windows \\ $ ％PATH％


• （一次）： boot2docker init


• boot2docker start


• boot2docker ssh


• 键入退出退出ssh会话， boot2docker ssh 返回：您刚刚键入的命令的历史记录将被保留。


• 如果要关闭VM， boot2docker stop

你实际上可以看到 VM启动o如果打开虚拟框GUI，则停止，并键入DOS cmd会话 boot2docker start 或 stop 。 p>

---

Hosts&代理：Windows => Boot2Docker => Docker容器

要了解的主要内容是，您将需要管理2个HOSTS

：

• 您的Windows工作站是 主机。由VirtualBox运行的net /rel =nofollow noreferrer> Linux Tiny Core ，以便您定义和运行容器
  
  （％HOME％ \.boot2docker\boot2docker.iso =>
  
  。％USERPROFILE％\VirtualBox VMs\boot2docker-vm\boot2docker-vm。 vmdk ），


• 您的boot2docker Linux Tiny Core是主机到您将运行的容器。

根据代理，这意味着：

• 您的Windows主机必须设置其 HTTP_PROXY ， HTTPS_PROXY 和 NO_PROXY 环境变量（你可能已经有他们了，他们ca n用于虚拟盒子以检测新版本的虚拟盒）


• 您的Tiny Core主机必须设置 http_proxy https_proxy 和 no_proxy （注意，在Linux环境中为小写）：
  
  
  
  
  • docker服务可以查询/加载图片（例如： docker search nginx ）。
    
    如果没有设置，下一个 docker pull 会给你一个拨号tcp：lookup index.docker.io：没有这样主机。
    
    这是在一个新文件 / var / lib / boot2docker / profile 中设置的：它是 profile ，而不是 .profile 。
  
  
  • 停靠港帐户（在 /home/docker/.ashrc 中设置），如果您需要执行任何其他需要互联网访问的命令（docker除外），否则您将创建的任何Dockerfile （或下一个运行apt-get update 会得到一个，例如无法解析'http.debian.net'）。
    
    这意味着你必须先添加 ENV http_proxy http：// ... 之前的任何 RUN 命令需要互联网访问。
  
  

一个很好的 no_proxy 设置为：

  .company，.sock，localhost，127.0.0.1，:: 1,192.168。 59.103 
  

（with' .company '您公司的域名，内部网站）

---

数据持久性？使用文件夹共享

另一点要理解的是， boot2docker使用Tiny Core ，一个...微软的Linux发行版（.iso文件是只有26 MB）。

和 Tiny Core不提供持久性（除了几个技术文件夹）：如果您修改〜/ .ashrc 包含所有首选设置和别名...下一个 boot2docker stop / boot2docker start 将恢复原始Linux环境 strong>与您的修改已经。

您需要确保VirtualBox具有 Oracle_VM_VirtualBox_Extension_Pack 下载并添加到虚拟框/文件/设置/扩展中/添加 Oracle_VM_VirtualBox_Extension_Pack-4.x .yy-zzzzz.vbox-extpack 文件）。

作为记录在boot2docker ，您将可以访问（从您的Tiny Core ssh会话）到 / c / Users /< yourLogin> （即％USERPROFILE ％由虚拟框共享）

---

端口重定向？对于VirtualBox VM的容器和

最后要了解的是，默认情况下不导出端口：

• 您的容器端口从您的Tiny Core主机中不可见（您必须使用 -p 80:80 ）


• 您的 Tiny Cort端口不会从虚拟框中导出VM默认情况下：即使您的容器在Tiny Core中可见，您的Windows浏览器也不会看到它： http： //127.0.0.1 将无法正常工作连接已重置。

对于第一点， docker运行-it -rm -name my-apache-app -v$ PWD：/ usr / local / apache2 / htdocs / httpd： 2.4 不会在没有 -p 80:80 的情况下工作。

对于第二点，定义一个别名 doskey vbm =c：\Program Fil es \Oracle\VirtualBox\VBoxManage.exe$ * 然后：
- 如果虚拟框' boot2docker-vm '尚未启动，使用 vbm modifyvm
- 如果虚拟框' boot2docker-vm '已经已经开始使用 vbm controlvm

通常情况下，如果我意识到一个boot2docker会话，端口80无法从Windows访问：

  vbm controlvmboot2docker-vmnatpf1tcp-port80 ，TCP ,, 80，，80\" ; 
 vbm controlvmboot2docker-vmnatpf1udp-port80，udp ,, 80，，80; 
  

然后，只有这样，我可以访问 http://127.0.0.1

---

持久设置：复制到码头服务和 docker帐户

为了方便使用 boot2docker >

• 在Windows上创建一个文件夹％USERPROFILE％\prog\b2d


• 在其中添加一个 .profile （直接在Windows中，％USERPROFILE％\prog\b2d ），其中您的设置和别名。

例如（我修改了原始 /home/docker/.ashrc ）：

 ＃〜/ .ashrc ：由SHELL执行。 
＃
。 /etc/init.d/tc-functions 
如果[-n$ DISPLAY] 
然后
`哪个编辑器> / dev / null`&&& EDITOR = editor || EDITOR = vi 
 else 
 EDITOR = vi 
 fi 
 export EDITOR 
 
＃别名定义。 
＃
 alias df ='df -h'
 alias du ='du -h'
 
 alias ls ='ls -p'
别名ll ='ls -l'
 alias la ='ls -la'
 
 alias d ='dmenu_run&'
 alias ce ='cd / etc / sysconfig / tcedir '
 
 export HTTP_PROXY = http：//< user>：< pwd> @ proxy.company：80 
 export HTTPS_PROXY = http：//< user>：< pwd> ; @ proxy.company：80 
 export NO_PROXY = .company，.sock，localhost，127.0.0.1，:: 1,192.168.59.103 
 
 export http_proxy = http：//< user> ：< password> @ proxy.company：80 
 export https_proxy = http：//< user>：< password> @ proxy.company：80 
 export no_proxy = .company，.sock， localhost，127.0.0.1，:: 1,192.168.59.103 
 
 alias l ='ls -alrt'
 alias h = history 
 alias cdd ='cd / c / Users / ;用户> / prog / b2d'
 
 ln -fs / c / Users /< user> / prog / b2d / home / docker 
  

（192.168.59.103通常是由 boot2docker ip 返回的ip）

---

将所有东西放在一起，启动一个boot2docker会话： b2d.bat

• 在％PATH％中创建并添加一个 b2d.bat 脚本，它将：
  
  
  
  
  • 开始 boot2docker
  
  
  • 复制正确的配置文件，均为 docker 服务（重新启动）和 / home / docker 用户帐户。
  
  
  • 启动交互式ssh会话
  
  

即：

  doskey vbm =c：\Program Files\Oracle\VirtualBox\VBoxManage.exe$ * 
 boot2docker start 
 boot2docker ssh sudo cp -f /c/Users/<user>/prog/b2d/.profile / var / lib / boot2docker / profile 
 boot2docker ssh sudo /etc/init.d/docker restart 
 boot2docker ssh cp -f /c/Users/<user>/prog/b2d/.profile .ashrc 
 boot2docker ssh 
  

为了进入一个新的boot2docker会话，你的设置根据需要定义 ，只需键入：

  b2d 
  

你很好：

---

最终结果：

• a docker search xxx 将会工作访问互联网）


• 任何 docker build 将工作（如果 ENV http_proxy 指令在那里）


• 从％USERPROFILE％\prog\b2d 的任何Windows文件可以从您可以使用自己喜欢的编辑器，直接在Windows会话中编写和修改这些相同的文件（如某些Dockerfile）（<而不是 vi ）

所有这一切，在企业防火墙后面。 / p>

---

奖金：仅限http：

Tuan 添加在评论中：

也许我公司的代理不允许https。这是我的解决方法：

• boot2docker ssh
  
  终止docker进程，并且


• 设置代理 export http_proxy = http：//proxy.com 然后


• 启动Docker与 docker -d --insercure-registry docker.io

i'm trying to get a working docker-installation following this tutorial: http://docs.docker.io/en/latest/installation/windows/

So far, I got the VM running with a manually downloaded repository (followed the github-link and downloaded as zip, because "git clone" didnt work behind my corporate proxy, even after setting up the proxy with "git conf --global http.proxy ..." - it kept asking me for authentification 407, although i entered my user & PW). Now I am in the state in which i should use "docker run busybox echo hello world" (Section "Running Docker"). When i do this, i first get told that docker is not installed (as shown at the bottom of the tutorial), and then, after i got it with apt-get install docker, i get "Segmentation Fault or critical error encountered. dumping core and aborting."

What to do now? Is this because i didnt use git clone or is something wrong with the docker installation? I read somewhere, that apt-get install docker doesnt install the docker i want, but some GNOME-Tool, can i maybe specify my apt-request to get the right tool?

解决方案

Windows Boot2Docker behind corporate proxy

(Context: March 2015, Windows 7, behind corporate proxy)

TLDR; see GitHub project VonC/b2d:

Clone it and:

• configure ..\env.bat following the env.bat.template,
• add the alias you want in the 'profile' file,
• execute senv.bat then b2d.bat.

You then are in a properly customized boot2docker environment with:

• an ssh session able to access internet behind corporate proxy when you type docker search/pull.
• Dockerfiles able to access internet behind corporate proxy when they do an apt-get update/install and you type a docker build.

---

Installation and first steps

If you are admin of your workstation, you can run boot2docker install on your Windows.
It currently comes with:

• Boot2Docker 1.5.0 (Docker v1.5.0, Linux v3.18.5)
• Boot2Docker Management Tool v1.5.0
• VirtualBox v4.3.20-r96997
• msysGit v1.9.5-preview20141217

Then, once installed:

• add c:\path\to\Boot2Docker For Windows\ in your %PATH%
• (one time): boot2docker init
• boot2docker start
• boot2docker ssh
• type exit to exit the ssh session, and boot2docker ssh to go back in: the history of commands you just typed is preserved.
• if you want to close the VM, boot2docker stop

You actually can see the VM start or stop if you open the Virtual Box GUI, and type in a DOS cmd session boot2docker start or stop.

---

Hosts & Proxy: Windows => Boot2Docker => Docker Containers

The main point to understand is that you will need to manage 2 HOSTS:

• your Windows workstation is the host to the Linux Tiny Core run by VirtualBox in order for you to define and run containers
  (%HOME%\.boot2docker\boot2docker.iso =>
  .%USERPROFILE%\VirtualBox VMs\boot2docker-vm\boot2docker-vm.vmdk),
• Your boot2docker Linux Tiny Core is host to your containers that you will run.

In term of proxy, that means:

• Your Windows Host must have set its HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variable (you probably have them already, and they can be used for instance by the Virtual Box to detect new versions of Virtual Box)
• Your Tiny Core Host must have set http_proxy, https_proxy and no_proxy (note the case, lowercase in the Linux environment) for:
  • the docker service to be able to query/load images (for example: docker search nginx).
    If not set, the next docker pull will get you a dial tcp: lookup index.docker.io: no such host.
    This is set in a new file /var/lib/boot2docker/profile: it is profile, not .profile.
  • the docker account (to be set in /home/docker/.ashrc), if you need to execute any other command (other than docker) which would require internet access)
  • any Dockerfile that you would create (or the next RUN apt-get update will get you a, for example, Could not resolve 'http.debian.net').
    That means you must add the lines ENV http_proxy http://... first, before any RUN command requiring internet access.

A good no_proxy to set is:

.company,.sock,localhost,127.0.0.1,::1,192.168.59.103

(with '.company' the domain name of your company, for the internal sites)

---

Data persistence? Use folder sharing

The other point to understand is that boot2docker uses Tiny Core, a... tiny Linux distribution (the .iso file is only 26 MB).
And Tiny Core offers no persistence (except for a few technical folders): if you modify your ~/.ashrc with all your preferred settings and alias... the next boot2docker stop / boot2docker start will restore a pristine Linux environment, with your modification gone.

You need to make sure the VirtualBox has the Oracle_VM_VirtualBox_Extension_Pack downloaded and added in the Virtual Box / File / Settings / Extension / add the Oracle_VM_VirtualBox_Extension_Pack-4.x.yy-zzzzz.vbox-extpack file).

As documented in boot2docker, you will have access (from your Tiny Core ssh session) to /c/Users/<yourLogin> (ie the %USERPROFILE% is shared by Virtual Box)

---

Port redirection? For container and for VirtualBox VM

The final point to understand is that no port is exported by default:

• your container ports are not visible from your Tiny Core host (you must use -p 80:80 for example in order to expose the 80 port of the container to the 80 port of the Linux session)
• your Tiny Cort ports are not exported from your Virtual Box VM by default: even if your container is visible from within Tiny Core, your Windows browser won't see it: http://127.0.0.1 won't work "The connection was reset".

For the first point, docker run -it --rm --name my-apache-app -v "$PWD":/usr/local/apache2/htdocs/ httpd:2.4 won't work without a -p 80:80 in it.

For the second point, define an alias doskey vbm="c:\Program Files\Oracle\VirtualBox\VBoxManage.exe" $*, and then: - if the Virtual Box 'boot2docker-vm' is not yet started, uses vbm modifyvm - if the Virtual Box 'boot2docker-vm' is already started, uses vbm controlvm

Typically, if I realize, during a boot2docker session, that the port 80 is not accessible from Windows:

vbm controlvm "boot2docker-vm" natpf1 "tcp-port80,tcp,,80,,80";
vbm controlvm "boot2docker-vm" natpf1 "udp-port80,udp,,80,,80";

Then, and only then, I can access http://127.0.0.1

---

Persistent settings: copied to docker service and docker account

In order to use boot2docker easily:

• create on Windows a folder %USERPROFILE%\prog\b2d
• add a .profile in it (directly in Windows, in%USERPROFILE%\prog\b2d), with your settings and alias.

For example (I modified the original /home/docker/.ashrc):

# ~/.ashrc: Executed by SHells.
#
. /etc/init.d/tc-functions
if [ -n "$DISPLAY" ]
then
        `which editor >/dev/null` && EDITOR=editor || EDITOR=vi
else
        EDITOR=vi
fi
export EDITOR

# Alias definitions.
#
alias df='df -h'
alias du='du -h'

alias ls='ls -p'
alias ll='ls -l'
alias la='ls -la'

alias d='dmenu_run &'
alias ce='cd /etc/sysconfig/tcedir'

export HTTP_PROXY=http://<user>:<pwd>@proxy.company:80
export HTTPS_PROXY=http://<user>:<pwd>@proxy.company:80
export NO_PROXY=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103

export http_proxy=http://<user>:<password>@proxy.company:80
export https_proxy=http://<user>:<password>@proxy.company:80
export no_proxy=.company,.sock,localhost,127.0.0.1,::1,192.168.59.103

alias l='ls -alrt'
alias h=history
alias cdd='cd /c/Users/<user>/prog/b2d'

ln -fs /c/Users/<user>/prog/b2d /home/docker

(192.168.59.103 is usually the ip returned by boot2docker ip)

---

Putting everything together to start a boot2docker session: b2d.bat

• create and add a b2d.bat script in your %PATH% which will:
  • start boot2docker
  • copy the right profile, both for the docker service (which is restarted) and for the /home/docker user account.
  • initiate an interactive ssh session

That is:

doskey vbm="c:\Program Files\Oracle\VirtualBox\VBoxManage.exe" $*
boot2docker start
boot2docker ssh sudo cp -f /c/Users/<user>/prog/b2d/.profile /var/lib/boot2docker/profile
boot2docker ssh sudo /etc/init.d/docker restart
boot2docker ssh cp -f /c/Users/<user>/prog/b2d/.profile .ashrc
boot2docker ssh

In order to enter a new boot2docker session, with your settings defined exactly as you want, simply type:

b2d

And you are good to go:

---

End result:

• a docker search xxx will work (it will access internet)
• any docker build will work (it will access internet if the ENV http_proxy directives are there)
• any Windows file from %USERPROFILE%\prog\b2d can be modified right from ~/b2d.
  Or you actually can write and modify those same files (like some Dockerfile) right from your Windows session, using your favorite editor (instead of vi)

And all this, behind a corporate firewall.

---

Bonus: http only

Tuan adds in the comments:

Maybe my company's proxy doesn't allow https. Here's my workaround:

• boot2docker ssh,
  kill the docker process and
• set the proxy export http_proxy=http://proxy.com, then
• start docker with docker -d --insercure-registry docker.io

这篇关于如何让Docker在企业防火墙后面的Windows系统上运行？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！