# 2021-01-07 #「Docker」- 設定代理
阿新 • • 發佈:2021-01-07
問題描述
某些 Docker 映象,位於我們無法訪問倉庫中,需要我們通過代理進行訪問。
該筆記將記錄:通過代理訪問映象倉庫,來拉取映象的方法。
解決方案
// 新增類似如下配置: # systemctl edit docker.service [Service] Environment="HTTP_PROXY=http://proxy.example.com:80" Environment="HTTPS_PROXY=https://proxy.example.com:443" Environment="NO_PROXY=localhost,127.0.0.1" // 顯示配置結果: # systemctl show --property Environment docker.service // 重新啟動服務 # systemctl restart docker.service
更多細節請參考官方文件:
docker pull/Proxy configuration
Control Docker with systemd/HTTP/HTTPS proxy
常見問題描述
proxyconnect tcp: net/http: TLS handshake timeout
ssl - Docker not able to pull images behind proxy TLS handshake timeout - Stack Overflow
問題描述:執行 docker pull 命令時產生如下資訊:
# docker pull google/cadvisor Using default tag: latest Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: net/http: TLS handshake timeout
問題原因:配置錯誤,我們沒有單獨的 HTTPS 代理,我們的 HTTP 代理支援 HTTPS 代理。
解決辦法:
將配置 Environment="HTTPS_PROXY=https://proxy.example.com:443" 修改為 Environment="HTTPS_PROXY=http://proxy.example.com:443"
Upload failed, retrying: remote error: tls: protocol version not supported
問題描述:在上傳映象(docker push)時,產生如下錯誤:
... time="2020-11-20T10:40:54.481118132+08:00" level=info msg="Attempting next endpoint for push after error: remote error: tls: protocol version not supported" time="2020-11-20T10:43:22.178234212+08:00" level=error msg="Upload failed, retrying: remote error: tls: protocol version not supported" time="2020-11-20T10:43:53.722306200+08:00" level=error msg="Upload failed, retrying: remote error: tls: protocol version not supported" time="2020-11-20T10:44:34.796173126+08:00" level=error msg="Upload failed, retrying: remote error: tls: protocol version not supported" time="2020-11-20T10:45:21.055632062+08:00" level=error msg="Upload failed, retrying: EOF" time="2020-11-20T10:45:39.645404914+08:00" level=error msg="Not continuing with push after error: context canceled" ...
問題原因:「Starting from version 18.09 docker removed support for older tls ciphers.」,而我們使用的網路加速(HTTP PROXY)使用舊版加密演算法來建立 HTTPS 連線,因而導致該問題
解決辦法:我們使用 Squid 服務。但是由於時間成本,我們暫時關閉 docker.service 的代理配置以解決問題 :-)
參考文獻
K4NZ/設定代理
docker pull/Proxy configuration
Control Docker with systemd/HTTP/HTTPS proxy
configuration - How do I override or configure systemd services? - Ask Ubuntu