Created
March 12, 2019 15:11
-
-
Save blockspacer/893b31e61c88f6899ffd0813111b3e41 to your computer and use it in GitHub Desktop.
docker under corp proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # read https://docs.docker.com/network/proxy/ | |
| # set ~/.docker/config.json | |
| #cat > /etc/pip.conf <<EOM | |
| #[global] | |
| #timeout = 60 | |
| #index-url = https://pypi.python.org/simple/ | |
| #extra-index-url = http://151.101.112.223/root/pypi/+simple/ | |
| # http://.............corp........../root/pypi/+simple/ | |
| #trusted-host = pypi.python.org | |
| # pypi.org | |
| # files.pythonhosted.org | |
| # pypi.c.............ru | |
| #EOM | |
| wget --no-check-certificate https://raw.githubusercontent.com/NotGlop/docker-drag/master/docker_pull.py | |
| sudo -E pip2 install requests --index-url=https://pypi.python.org/simple/ --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org | |
| python docker_pull.py ubuntu:18.04 | |
| sudo -E docker load < library_ubuntu.tar | |
| # sudo -E docker run hello-world | |
| # tar xvf library_hello-world.tar --one-top-level | |
| # docker corp dns: | |
| # see https://stackoverflow.com/a/40516974 | |
| sudo su | |
| sudo cat >> /etc/docker/daemon.json << EOF | |
| { | |
| "dns": [".............", "..........."] | |
| } | |
| EOF | |
| exit | |
| sudo service docker restart | |
| sudo -E docker build -t cfrf-docker-gcc . | |
| # Now let’s check if our image has been created. | |
| sudo -E docker images |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:18.04 | |
| # MAINTAINER alex | |
| # Give docker the rights to access X-server | |
| # xhost +local:docker | |
| # Run a terminal in container | |
| # sudo docker run -it --rm -e DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix my-docker-gcc | |
| # an example of how to build (with Makefile generated from cmake) inside the container | |
| # sudo docker run --rm -v "$PWD":/home/u/NetCapStatistics -w /home/u/NetCapStatistics/build alext234/my-docker-gcc cmake -DCMAKE_CXX_COMPILER=g++ -DCMAKE_BUILD_TYPE=Release .. | |
| # sudo docker run --rm -v "$PWD":/home/u/NetCapStatistics -w /home/u/NetCapStatistics/build alext234/my-docker-gcc make | |
| # https://askubuntu.com/a/1013396 | |
| # RUN export DEBIAN_FRONTEND=noninteractive | |
| # Set it via ARG as this only is available during build: | |
| ARG DEBIAN_FRONTEND=noninteractive | |
| ENV LC_ALL C.UTF-8 | |
| ENV LANG en_US.UTF-8 | |
| ENV LANGUAGE en_US:en | |
| #ENV TERM screen | |
| ARG APT="apt-get -qq --no-install-recommends" | |
| # https://www.peterbe.com/plog/set-ex | |
| RUN set -ex | |
| # Turn off SSL verification on the whole system (very bad). | |
| # node | |
| RUN echo 'NODE_TLS_REJECT_UNAUTHORIZED=0' >> ~/.bashrc | |
| # npm | |
| RUN echo "strict-ssl=false" >> ~/.npmrc | |
| RUN echo "registry=http://registry.npmjs.org/" > ~/.npmrc | |
| # ruby | |
| RUN echo ':ssl_verify_mode: 0' >> ~/.gemrc | |
| # yum | |
| RUN echo "sslverify=false" >> /etc/yum.conf | |
| RUN echo "sslverify=false" >> ~/.yum.conf | |
| # apt | |
| RUN echo "Acquire::http::Verify-Peer \"false\";" >> /etc/apt.conf | |
| RUN echo "Acquire::https::Verify-Peer \"false\";" >> /etc/apt.conf | |
| RUN echo "Acquire::http::Verify-Peer \"false\";" >> ~/.apt.conf | |
| RUN echo "Acquire::https::Verify-Peer \"false\";" >> ~/.apt.conf | |
| RUN echo "Acquire::http::Verify-Peer \"false\";" >> /etc/apt/apt.conf.d/00proxy | |
| RUN echo "Acquire::https::Verify-Peer \"false\";" >> /etc/apt/apt.conf.d/00proxy | |
| # wget | |
| RUN echo "check-certificate = off" >> /etc/.wgetrc | |
| RUN echo "check-certificate = off" >> ~/.wgetrc | |
| # curl | |
| RUN echo "insecure" >> /etc/.curlrc | |
| RUN echo "insecure" >> ~/.curlrc | |
| RUN $APT update | |
| RUN $APT install -y --reinstall software-properties-common | |
| RUN $APT install -y gnupg2 wget | |
| RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key --no-check-certificate | apt-key add - | |
| # NOTE: need to set at least empty http-proxy | |
| RUN apt-key adv --keyserver-options http-proxy=$http_proxy --keyserver keyserver.ubuntu.com --recv-keys 1E9377A2BA9EF27F | |
| RUN apt-key adv --keyserver-options http-proxy=$http_proxy --keyserver keyserver.ubuntu.com --recv-keys 1E9377A2BA9EF27F | |
| RUN apt-key adv --keyserver-options http-proxy=$http_proxy --keyserver keyserver.ubuntu.com --recv-keys 94558F59 | |
| RUN apt-key adv --keyserver-options http-proxy=$http_proxy --keyserver keyserver.ubuntu.com --recv-keys 2EA8F35793D8809A | |
| RUN apt-add-repository "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu $(lsb_release -sc) main" | |
| RUN apt-add-repository -y "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-5.0 main" | |
| RUN apt-add-repository -y "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-6.0 main" | |
| RUN apt-add-repository -y "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-7 main" | |
| RUN apt-add-repository -y "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-8 main" | |
| # update and install dependencies | |
| RUN $APT update | |
| RUN $APT install -y \ | |
| ca-certificates \ | |
| software-properties-common \ | |
| git \ | |
| wget \ | |
| locales | |
| RUN $APT update | |
| RUN $APT install -y \ | |
| make \ | |
| git \ | |
| curl \ | |
| vim \ | |
| vim-gnome | |
| RUN $APT install -y cmake | |
| RUN $APT install -y \ | |
| build-essential \ | |
| clang-6.0 python-lldb-6.0 lldb-6.0 lld-6.0 llvm-6.0-dev \ | |
| clang-tools-6.0 libclang-common-6.0-dev libclang-6.0-dev \ | |
| libc++abi-dev libc++-dev libclang-common-6.0-dev libclang1-6.0 libclang-6.0-dev |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # https://gist.github.com/jakebrinkmann/10a79062cd11b26694ed09a0faeb3500 | |
| yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo | |
| # https://allinonescript.com/questions/45415524/installing-docker-ce-in-redhat/47903707 | |
| # subscription-manager repos --enable=rhel-7-server-extras-rpms | |
| # install docker | |
| # https://blog.vpscheap.net/how-to-install-and-use-docker-on-centos-7/ | |
| curl -fsSLk https://get.docker.com/ | sh | |
| # Start service | |
| systemctl start docker | |
| # Print status | |
| systemctl status docker | |
| # flush changes to service | |
| systemctl daemon-reload | |
| # NOTE: By default, executing Docker command requires root or sudo privilege | |
| # add user to docker group | |
| # create docker group and add user | |
| # groupadd docker | |
| usermod -aG docker vagrant | |
| # Ensure docker service always starts | |
| systemctl enable docker | |
| # install docker-compose | |
| curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose | |
| chmod +x /usr/local/bin/docker-compose | |
| # install docker-machine | |
| # Docker Machine is a tool that makes it easy to provision and manage multiple Docker hosts remotely from your personal computer. | |
| # NOTE On macOS and Windows, Machine is installed along with other Docker products when you install the Docker for Mac, Docker for Windows, or Docker Toolbox. | |
| # https://www.digitalocean.com/community/tutorials/how-to-provision-and-manage-remote-docker-hosts-with-docker-machine-on-centos-7 | |
| # https://medium.com/@brianmayrose/installing-docker-docker-machine-and-docker-compose-then-run-a-nginx-container-67f2cd197538 | |
| uname -s | |
| # see https://github.com/docker/machine/releases | |
| # see https://docs.docker.com/machine/install-machine/ | |
| #wget --no-check-certificate https://github.com/docker/machine/releases/download/v0.16.1/docker-machine-$(uname -s)-$(uname -m) | |
| # TODO: fix proxy | |
| wget --no-check-certificate https://mirror.shileizcc.com/Docker/docker-machine-Linux-x86_64-0.7.2 | |
| # docker-machine-Linux-x86_64 | |
| ls | |
| mv docker-machine-Linux-x86_64 docker-machine | |
| chmod +x docker-machine | |
| mv docker-machine /usr/local/bin | |
| docker-machine version | |
| yum -y install bash-completion | |
| # TODO: https://raw.githubusercontent.com/docker/machine/master/contrib/completion/bash/docker-machine-prompt.bash | |
| pwd | |
| ls -artl | |
| # TODO: support Windows https://technology.amis.nl/2018/05/21/rapidly-spinning-up-a-vm-with-ubuntu-and-docker-on-my-windows-machine-using-vagrant-and-virtualbox/ | |
| # wget --no-check-certificate https://raw.githubusercontent.com/NotGlop/docker-drag/master/docker_pull.py | |
| # sudo -E pip2 install requests --index-url=https://pypi.python.org/simple/ --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org | |
| # python docker_pull.py hello-world | |
| # sudo -E docker load < library_hello-world.tar | |
| # sudo -E docker run hello-world | |
| # docker corp dns: | |
| # https://stackoverflow.com/a/40516974 | |
| # sudo su | |
| # sudo cat >> /etc/docker/daemon.json << EOF | |
| # { | |
| # "dns": ["............", "......................................"] | |
| # } | |
| # EOF | |
| # exit | |
| # sudo service docker restart |
Author
blockspacer
commented
Oct 1, 2019
- https://gist.github.com/blockspacer/893b31e61c88f6899ffd0813111b3e41#file-docker-conf-proxy-rxt
- https://stackoverflow.com/a/53551452
- https://medium.com/@saniaky/configure-docker-to-use-a-host-proxy-e88bd988c0aa
- https://stackoverflow.com/a/28093517
- https://stackoverflow.com/a/38901128
- https://dev.to/shriharshmishra/behind-the-corporate-proxy-2jd8
# include the minikube IP (192.168.99.100)
export NO_PROXY=192.168.99.100,.....
# NOTE DOCKER_OPTS below
# sudo -E DOCKER_OPTS='--insecure-registry registry.docker.io --insecure-registry production.cloudflare.docker.com' \
# docker build \
# --build-arg http_proxy=http://172.17.0.1:3128 \
# --build-arg https_proxy=http://172.17.0.1:3128 \
# --build-arg no_proxy=localhost,127.0.0.*,10.*,192.168.*,*.somecorp.ru,*.mycorp.ru \
# --build-arg HTTP_PROXY=http://172.17.0.1:3128 \
# --build-arg HTTPS_PROXY=http://172.17.0.1:3128 \
# --build-arg NO_PROXY=localhost,127.0.0.*,10.*,192.168.*,*.somecorp.ru,*.mycorp.ru \
# --no-cache -t cpp-docker-cxxctp .
# edit HTTP_PROXY in /etc/systemd/system/docker.service.d/http-proxy.conf and /etc/default/docker
# add dns from /etc/resolv.conf into /etc/docker/daemon.json
# also add dns from `nmcli dev show | grep 'IP4.DNS'` as in https://development.robinwinslow.uk/2016/06/23/fix-docker-networking-dns/
# systemctl daemon-reload
# sudo systemctl restart docker
# /etc/docker/daemon.json
{
"dns": ["127.0.0.53", "10.8.13.11", "10.8.13.12", "8.8.4.4", "8.8.8.8", "10.8.13.11", "10.8.13.12"],
"registry-mirrors":["https://docker.mirrors.ustc.edu.cn", "registry.docker-cn.com"],
"insecure-registries":["104.18.122.25", "54.210.105.17", "218.104.71.170", "34.228.211.243", "https://production.cloudflare.docker.com", "https://registry.docker.io", "https://registry-1.docker.io", "https://gcr.io", "https://k8s.gcr.io", "https://registry.docker-cn.com", "https://eu.gcr.io", "https://us.gcr.io", "https://asia.gcr.io"],
"log-driver": "json-file",
"log-opts": {
"max-size": "50m",
"max-file": "3"
}
}
in /etc/resolv.conf add
nameserver 8.8.4.4
nameserver 8.8.8.8
ls /usr/local/share/ca-certificates/
ls /usr/share/ca-certificates
ls /etc/ssl/certs/
ls ~/.minikube/files/etc/ssl/certs
# sudo chmod 750 *.crt
sudo update-ca-certificates
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
$ systemctl show --property=Environment docker
# https://github.com/docker/docker-credential-helpers/issues/103#issuecomment-576854271
sudo apt install gnupg2 pass gpg
see docker/compose#3419 (comment)
sudo cat >> /etc/hosts << EOF
127.0.0.1 localunixsocket
127.0.0.1 localunixsocket.local
127.0.0.1 localunixsocket.home
127.0.0.1 localunixsocket.*.svc.cluster.local
EOF
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment