# 2021-01-07 #「Docker」- 设置代理

问题描述

某些 Docker 镜像，位于我们无法访问仓库中，需要我们通过代理进行访问。

该笔记将记录：通过代理访问镜像仓库，来拉取镜像的方法。

解决方案

// 添加类似如下配置：

# systemctl edit docker.service
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
Environment="NO_PROXY=localhost,127.0.0.1"

// 显示配置结果：

# systemctl show --property Environment docker.service

// 重新启动服务

# systemctl restart docker.service

更多细节请参考官方文档：
docker pull/Proxy configuration
Control Docker with systemd/HTTP/HTTPS proxy

常见问题描述

proxyconnect tcp: net/http: TLS handshake timeout

ssl - Docker not able to pull images behind proxy TLS handshake timeout - Stack Overflow

问题描述：执行 docker pull 命令时产生如下信息：

# docker pull google/cadvisor
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: net/http: TLS handshake timeout

问题原因：配置错误，我们没有单独的 HTTPS 代理，我们的 HTTP 代理支持 HTTPS 代理。

解决办法：

将配置

Environment="HTTPS_PROXY=https://proxy.example.com:443"

修改为

Environment="HTTPS_PROXY=http://proxy.example.com:443"

Upload failed, retrying: remote error: tls: protocol version not supported

Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure · Issue #2922 · docker/for-win

问题描述：在上传镜像（docker push）时，产生如下错误：

...
time="2020-11-20T10:40:54.481118132+08:00" level=info msg="Attempting next endpoint for push after error: remote error: tls: protocol version not supported"
time="2020-11-20T10:43:22.178234212+08:00" level=error msg="Upload failed, retrying: remote error: tls: protocol version not supported"                
time="2020-11-20T10:43:53.722306200+08:00" level=error msg="Upload failed, retrying: remote error: tls: protocol version not supported"
time="2020-11-20T10:44:34.796173126+08:00" level=error msg="Upload failed, retrying: remote error: tls: protocol version not supported"
time="2020-11-20T10:45:21.055632062+08:00" level=error msg="Upload failed, retrying: EOF"
time="2020-11-20T10:45:39.645404914+08:00" level=error msg="Not continuing with push after error: context canceled"
...

问题原因：「Starting from version 18.09 docker removed support for older tls ciphers.」，而我们使用的网络加速（HTTP PROXY）使用旧版加密算法来建立 HTTPS 连接，因而导致该问题

解决办法：我们使用 Squid 服务。但是由于时间成本，我们暂时关闭 docker.service 的代理配置以解决问题 :-)

参考文献

K4NZ/设置代理
docker pull/Proxy configuration
Control Docker with systemd/HTTP/HTTPS proxy
configuration - How do I override or configure systemd services? - Ask Ubuntu