Connect to Container Registries through a Firewall or Proxy

You can use service parameters to connect to container registries that are otherwise inaccessible behind a firewall or proxy.

Procedure

1. Do one of the following to allow access to a specified URL.

   • To allow access over HTTP:

     ~(keystone_user)$ system service-parameter-add docker proxy http_proxy=http://<my.proxy.com>:1080
     ~(keystone_user)$ system service-parameter-apply docker
     

   • To allow access over HTTPS:

     ~(keystone_user)$ system service-parameter-add docker proxy https_proxy=https://<my.proxy.com>:1443
     ~(keystone_user)$ system service-parameter-apply docker
     

   If the service parameters “http_proxy” and/or “https_proxy” already exist, use service-parameter-modify instead of service-parameter-add. Substitute the correct value for <my.proxy.com>.

2. If you access registries that are not on the other side of the firewall/proxy, you can specify their IP addresses in the no_proxy service parameter as a comma separated list.

   Note

   Addresses must not be in subnet format and cannot contain wildcards.

   For example:

   ~(keystone_user)$ system service-parameter-add docker proxy no_proxy="1.2.3.4,5.6.7.8"
   ~(keystone_user)$ system service-parameter-apply docker
   

   If the service parameter “no_proxy” already exists, use service-parameter-modify instead of service-parameter-add.