Connect to Container Registries through a Firewall or Proxy

You can use service parameters to connect to container registries that are otherwise inaccessible behind a firewall or proxy.

Procedure

  1. Do one of the following to allow access to a specified URL.

    • To allow access over HTTP:

      ~(keystone_user)$ system service-parameter-add docker proxy http_proxy=http://<my.proxy.com>:1080
      ~(keystone_user)$ system service-parameter-apply docker
      
    • To allow access over HTTPS:

      ~(keystone_user)$ system service-parameter-add docker proxy https_proxy=https://<my.proxy.com>:1443
      ~(keystone_user)$ system service-parameter-apply docker
      

    If the service parameters “http_proxy” and/or “https_proxy” already exist, use service-parameter-modify instead of service-parameter-add. Substitute the correct value for <my.proxy.com>.

  2. If you access registries that are not on the other side of the firewall/proxy, you can specify their IP addresses in the no_proxy service parameter as a comma separated list.

    Note

    Addresses must not be in subnet format and cannot contain wildcards.

    For example:

    ~(keystone_user)$ system service-parameter-add docker proxy no_proxy="1.2.3.4,5.6.7.8"
    ~(keystone_user)$ system service-parameter-apply docker
    

    If the service parameter “no_proxy” already exists, use service-parameter-modify instead of service-parameter-add.