Connect to Container Registries through a Firewall or Proxy¶
You can use service parameters to connect to container registries that are otherwise inaccessible behind a firewall or proxy.
Procedure
Do one of the following to allow access to a specified URL.
To allow access over HTTP:
~(keystone_user)$ system service-parameter-add docker proxy http_proxy=http://<my.proxy.com>:1080 ~(keystone_user)$ system service-parameter-apply docker
To allow access over HTTPS:
~(keystone_user)$ system service-parameter-add docker proxy https_proxy=https://<my.proxy.com>:1443 ~(keystone_user)$ system service-parameter-apply docker
If the service parameters “http_proxy” and/or “https_proxy” already exist, use service-parameter-modify instead of service-parameter-add. Substitute the correct value for <my.proxy.com>.
If you access registries that are not on the other side of the firewall/proxy, you can specify their IP addresses in the no_proxy service parameter as a comma separated list.
Note
Addresses must not be in subnet format and cannot contain wildcards.
For example:
~(keystone_user)$ system service-parameter-add docker proxy no_proxy="1.2.3.4,5.6.7.8" ~(keystone_user)$ system service-parameter-apply docker
If the service parameter “no_proxy” already exists, use service-parameter-modify instead of service-parameter-add.