Docker for Mac behind a proxy
May 19, 2016Recently I got an invite for the private Beta program for Docker for Mac and Docker for Windows. I started to play around with the Docker for Mac application but ran quite quickly into a known limitation. I was not able to pull docker images from the Docker Registry since my network uses a HTTP proxy to access Internet sites. Unfortunately, with the current beta versions it is not possible to configure proxy settings for the Docker Engine.
I spend some time to understand how the Docker for Mac application works and found a workaround. This workaround is hopefully not needed as soon as the proxy settings support is build into the Docker for Mac application.
As described in the official documentation the Docker for Mac application runs the Docker Engine on an Alpine Linux distribution inside a Virtual Machine (VM) using the xhyve hypervisor.
You can access the Linux machine with user root
and no password after entering in OSX Terminal:
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
In the init script for the Docker Engine, located at /etc/init.d/docker
, I’ve added my proxy settings (see the code snippet below).
#!/sbin/openrc-run
export http_proxy=http://proxy:8080
export https_proxy=http://proxy:8080
export no_proxy=localhost,127.0.0.1
depend()
{
after transfused
before chronyd
}
After adding the proxy settings the Docker Engine must be restarted:
/etc/init.d/docker stop
/etc/init.d/docker start
To detach from the screen session enter control-a d
.
Back in the OSX Terminal I’m now able to pull images from the Docker Registry with the usual command, e.g.:
docker pull ubuntu
This workaround works well until you quit the Docker for Mac application. After starting the application again you’ll notice that the previous made settings are lost, since the changes are not permanent.
To make the proxy settings permanent and survive a Docker for Mac application restart it requires some additional steps.
The xhyve hypervisor requires two files to start a Virtual Machine (VM) with Alpine Linux. In the folder /Applications/Docker.app/Contents/Resources/moby/
you can find the files vmlinuz64
which is the Linux kernel and initrd.img
with the root file system. To make our proxy settings permanent we need to modify the initrd.img
file.
Important: Before you begin to modify the root file system create a backup of the initrd.img
file:
cp /Applications/Docker.app/Contents/Resources/moby/initrd.img /Applications/Docker.app/Contents/Resources/moby/initrd.img-backup
Access the Linux machine with user root
and no password after entering in OSX Terminal:
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
Next step is to copy the root file system into the Virtual Machine and extract it into a temp folder:
mkdir /temp && cd /temp
cp /Mac/Applications/Docker.app/Contents/Resources/moby/initrd.img-backup /initrd.img-backup.gz
gunzip /initrd.img-backup.gz
cpio -id < /initrd.img-backup
Now edit the init script located in the temp folder at /temp/etc/init.d/docker
as described above with your proxy settings. As last step we need to recreate and compress the new file system:
cd /temp
find . | cpio --create --format='newc' > /initrd.img
gzip /initrd.img
mv /initrd.img.gz /Mac/Applications/Docker.app/Contents/Resources/moby/initrd.img
cd / && rm -rf /temp && rm -f /initrd.img-backup
After making the changes you can detach from the screen session (control-a d
).
Restart the Docker for Mac application and test your proxy settings.
As a last note please be aware that these permanent changes are lost as soon as the Docker for Mac application gets an update.
Have fun!