Wondering how to set up an HTTP proxy for Docker and ECS container agent? We can help you with this!
Here, at Bobcares, we often receive similar requests from our AWS customers as a part of our AWS Support Services.
Today, let’s see the steps followed by our Support Techs to help our customers to set up an HTTP proxy for Docker and ECS container agents.
Set up an HTTP proxy for Docker and ECS container agent
Let’s see the steps to set up an HTTP proxy for Docker and ECS container agents in Amazon Linux:
- At first, we have to store the IP address and proxy server port.
- Then, we need to set up an HTTP proxy for the Docker.
- The next step is to set up an HTTP proxy for the Amazon ECS container agent to connect to the internet.
- And finally, we need to set up an HTTP proxy for ecs-init
Storing the IP address and proxy server port
- Firstly, access the EC2 instance via SSH.
2. Switch to root user and then store the IP address and port of the proxy server. For example, see the following:
# export PROXY_SERVER_IP=x.x.x.x
# export PROXY_PORT=9876
Set up an HTTP proxy for the Docker
- To set up the HTTP proxy for the Docker daemon, run the following command:
# cat <<EOF >> /etc/sysconfig/docker
>export HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
>export HTTPS_PROXY=https://$PROXY_SERVER_IP:$PROXY_PORT
>export NO_PROXY=169.254.169.254,169.254.170.2
>EOF
Here, HTTP_PROXY is the socket address of the HTTP proxy that’s used to connect the Amazon ECS container agent to the internet. Also, we must set the NO_PROXY variable to 169.254.169.254,169.254.170.2, and this setting filters EC2 instance metadata, AWS Identity, and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.
2. Restart Docker and while restarting the docker using the following command will stop all running containers including the ecs-agent on the container instance.
# service docker restart
3. Run the following command to verify HTTP proxy settings for Docker daemon.
# docker info | grep -i proxy
HTTP proxy: http://x.x.x.x:9876
HTTPS proxy: http://x.x.x.x:9876
NO proxy: 169.254.169.254,169.254.170.2
Set up an HTTP proxy for the Amazon ECS container agent to connect to the internet
- Now include the proxy configuration using the HTTP_PROXY and NO_PROXY agent configuration parameters in the ECS configuration file, /etc/ecs/ecs.config.
#cat <<EOF >> /etc/ecs/ecs.config
>ECS_CLUSTER=cluster-name
>HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
>NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
>EOF
2. Then start the ECS agent to apply the proxy configuration to the agent .
# sudo start ecs
By default, the Amazon ECS container agent runs through ecs-init if we are using an Amazon ECS-optimized AMI.
3. We can run the following command to verify the HTTP proxy settings for Docker and the ECS agent.
# docker inspect ecs-agent | grep -i proxy
"HTTP_PROXY=http://x.x.x.x:9876",
"NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock"
Set up an HTTP proxy for ecs-init
The last step is to set the HTTP proxy for ecs-init communication. Run the following command:
# cat <<EOF > /etc/init/ecs.override
>env HTTP_PROXY=$PROXY_SERVER_IP:$PROXY_PORT
>env NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
>EOF
This configuration of the Amazon ECS container agent and the Docker daemon affects all the currently running instances.
Also, note that we can also set the environment variables while launching by using Amazon EC2 user data with a user data script.
[Need help with more AWS queries? We’d be happy to assist]
Conclusion
To conclude, today we discussed the steps followed by our Support Engineers to help our customers to set up an HTTP proxy for Docker and ECS container agents.
0 Comments