What Additional Settings Are Required If the Proxy Is Enabled?

Settings on Edge Nodes

If the edge node uses the network proxy, add the HTTP_PROXY and HTTPS_PROXY parameters to the /opt/IEF/Cert/user_config file as follows:

Run the following command to open the /opt/IEF/Cert/user_config file, and add the two parameter settings. Note that http://192.168.0.70:8888 in the following example must be replaced with the actual network proxy address.

vi /opt/IEF/Cert/user_config

After modifying the configuration file, run the installation commands on edge nodes.

If the network proxy requires username and password authentication, prefix the username and password to the proxy address. For example, change http://192.168.0.70:8888 to the following format:

http://username:password@192.168.0.70:8888

Settings on Docker Daemon

In certain lab environments, servers do not have permissions to directly connect to external networks. Therefore, network proxies are required. Generally, network proxies are configured in configuration files such as /etc/environment and /etc/profile, which is applicable to most operations. However, Docker commands cannot use these proxies. For example, if the docker pull operation needs to pull an image from the external network, the following error message is displayed:

$ docker pull hello-world
Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
docker: Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/hello-world/images. You may want to check your internet connection or if you are behind a proxy..

• Solution 1: Stop the Docker service, and manually start the Docker daemon by using port 2375 to listen to all network interfaces.

  systemctl stop docker.service

  nohup docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &

• Solution 2: Edit the configuration file (/etc/default/docker in Ubuntu, or /etc/sysconfig/docker in CentOS). However, it is not recommended to configure the daemon process by modifying these configuration files.

  HTTP_PROXY="http://[proxy-addr]:[proxy-port]/"
  HTTPS_PROXY="https://[proxy-addr]:[proxy-port]/"
  export HTTP_PROXY HTTPS_PROXY

• Solution 3: Modifications made with this solution are persistent and always take effect. This solution also modifies the default docker.service file.
  1. Create an embedded systemd directory for the Docker service.

     mkdir -p /etc/systemd/system/docker.service.d

  2. Create the /etc/systemd/system/docker.service.d/http-proxy.conf file and add the HTTP_PROXY environment variable to the file. In the following command, replace [proxy-addr] and [proxy-port] with the actual proxy address and port number, respectively.

     [Service]
     Environment="HTTP_PROXY=http://[proxy-addr]:[proxy-port]/" "HTTPS_PROXY=https://[proxy-addr]:[proxy-port]/"

     If there are internal Docker registries that can be accessed without using a proxy, set the NO_PROXY environment variable as follows:

     [Service]
     Environment="HTTP_PROXY=http://[proxy-addr]:[proxy-port]/" "HTTPS_PROXY=https://[proxy-addr]:[proxy-port]/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"

  3. Run the following command to update the configurations:

     systemctl daemon-reload

  4. Run the following command to restart the Docker service:

     systemctl restart docker

Settings on Containerized Applications

If the proxy is enabled for an edge node, the containerized application deployed on the node must be configured with proxy addresses before it accesses the external network. You can configure proxy-related environment variables when creating a containerized application.

In the preceding figure, http_proxy and https_proxy are the network proxy addresses used by the edge node. Replace them with the actual network proxy addresses.

The no_proxy variable specifies the website or IP address that needs to ignore the proxy. To be specific, such an address does not use a proxy.