Martin Schygulla

Blog about thoughts, stories and ideas.

© 2016. All rights reserved.

Docker for Mac behind a proxy

May 19, 2016

Recently I got an invite for the private Beta program for Docker for Mac and Docker for Windows. I started to play around with the Docker for Mac application but ran quite quickly into a known limitation. I was not able to pull docker images from the Docker Registry since my network uses a HTTP proxy to access Internet sites. Unfortunately, with the current beta versions it is not possible to configure proxy settings for the Docker Engine.

I spend some time to understand how the Docker for Mac application works and found a workaround. This workaround is hopefully not needed as soon as the proxy settings support is build into the Docker for Mac application.

As described in the official documentation the Docker for Mac application runs the Docker Engine on an Alpine Linux distribution inside a Virtual Machine (VM) using the xhyve hypervisor.

You can access the Linux machine with user root and no password after entering in OSX Terminal:

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

In the init script for the Docker Engine, located at /etc/init.d/docker, I’ve added my proxy settings (see the code snippet below).

#!/sbin/openrc-run

export http_proxy=http://proxy:8080
export https_proxy=http://proxy:8080
export no_proxy=localhost,127.0.0.1

depend()
{
  after transfused
  before chronyd
}

After adding the proxy settings the Docker Engine must be restarted:

/etc/init.d/docker stop
/etc/init.d/docker start

To detach from the screen session enter control-a d.

Back in the OSX Terminal I’m now able to pull images from the Docker Registry with the usual command, e.g.:

docker pull ubuntu

This workaround works well until you quit the Docker for Mac application. After starting the application again you’ll notice that the previous made settings are lost, since the changes are not permanent.

To make the proxy settings permanent and survive a Docker for Mac application restart it requires some additional steps.

The xhyve hypervisor requires two files to start a Virtual Machine (VM) with Alpine Linux. In the folder /Applications/Docker.app/Contents/Resources/moby/ you can find the files vmlinuz64 which is the Linux kernel and initrd.img with the root file system. To make our proxy settings permanent we need to modify the initrd.img file.

Important: Before you begin to modify the root file system create a backup of the initrd.img file:

cp /Applications/Docker.app/Contents/Resources/moby/initrd.img /Applications/Docker.app/Contents/Resources/moby/initrd.img-backup

Access the Linux machine with user root and no password after entering in OSX Terminal:

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

Next step is to copy the root file system into the Virtual Machine and extract it into a temp folder:

mkdir /temp && cd /temp
cp /Mac/Applications/Docker.app/Contents/Resources/moby/initrd.img-backup /initrd.img-backup.gz
gunzip /initrd.img-backup.gz
cpio -id < /initrd.img-backup

Now edit the init script located in the temp folder at /temp/etc/init.d/docker as described above with your proxy settings. As last step we need to recreate and compress the new file system:

cd /temp
find . | cpio --create --format='newc' > /initrd.img
gzip /initrd.img
mv /initrd.img.gz /Mac/Applications/Docker.app/Contents/Resources/moby/initrd.img
cd / && rm -rf /temp && rm -f /initrd.img-backup

After making the changes you can detach from the screen session (control-a d).

Restart the Docker for Mac application and test your proxy settings.

As a last note please be aware that these permanent changes are lost as soon as the Docker for Mac application gets an update.

Have fun!