Docker设置http代理

在国内由于不可描述的原因无法访问Google等网站，但是作为一枚挨踢人士，无法使用Google搜索，在使用Ctrl + C技能时是抓狂的；特别是当下Docker、Kubernetes等容器技术火热的时代，很多的文档、镜像都需要访问Google相关网站。

在此简单介绍Centos7配置http代理和Docker pull时使用http代理

1、Centos7配置HTTP代理

1.1、安装epel源和pip包管理

# yum install epel-release -y
# yum install python-pip -y

1.2、安装Shadowsocks客户端

# pip install shadowsocks

1.3、配置Shadowsocks连接

# mkdir /etc/shadowsocks
# vim /etc/shadowsocks/shadowsocks.json
{
"server":"x.x.x.x",  # Shadowsocks服务器地址
"server_port":1035,  # Shadowsocks服务器端口
"local_address": "127.0.0.1", # 本地IP
"local_port":1080,  # 本地端口
"password":"password", # Shadowsocks连接密码
"timeout":300,  # 等待超时时间
"method":"aes-256-cfb",  # 加密方式
"fast_open": false,  # true或false。开启fast_open以降低延迟，但要求Linux内核在3.7+
"workers": 1  #工作线程数
}

注：Shadowsocks服务器地址、端口自行准备

1.4、启动Shadowsocks

# /usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json

Centos7开机自启脚本

# vim /etc/systemd/system/shadowsocks.service
[Unit]
Description=Shadowsocks
[Service]
TimeoutStartSec=0
ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
[Install]
WantedBy=multi-user.target

# systemctl enable shadowsocks.service
# systemctl start shadowsocks.service
# systemctl status shadowsocks.service

验证代理是否可用

# curl --socks5 127.0.0.1:1080 http://httpbin.org/ip
正常应该返回Shadowsocks服务器地址

至此算是可以实现代理，但是每次访问都需要带上参数，是否可以每当访问就可以代理而不需要手动添加参数呢？这个当然是可以的

2、安装配置Privoxy

2.1、安装Privoxy

# yum install privoxy -y

2.2、配置privoxy

# vim /etc/privoxy/config  ##修改如下参数
listen-address 127.0.0.1:8118 # 8118 是默认端口，不用改
forward-socks5t / 127.0.0.1:1080 . #转发到本地端口，注意最后有个点

2.3、配置http、https代理

# vim  /etc/profile
PROXY_HOST=127.0.0.1
export all_proxy=http://$PROXY_HOST:8118
export ftp_proxy=http://$PROXY_HOST:8118
export http_proxy=http://$PROXY_HOST:8118
export https_proxy=http://$PROXY_HOST:8118
export no_proxy=localhost,172.16.0.0/16,192.168.0.0/16.,127.0.0.1,10.10.0.0/16

# source /etc/profile

2.4、测试代理

# curl -I www.google.com
HTTP/1.1 200 OK
Date: Fri, 21 Sep 2018 02:46:43 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2018-09-21-02; expires=Sun, 21-Oct-2018 02:46:43 GMT; path=/; domain=.google.com
Set-Cookie: NID=139=asr4pvtu-vqfmdfMyrtIEjQ7qYPBBEf-6p7DYMiz2HI1SLn81kWiXtc-G1nr9VUw_bq-bwxUMf5HnPKw9UXYx7VpTSVxKHsETJiW-NtjSWIEZDaOMs01UJe0KM7gfuzA; expires=Sat, 23-Mar-2019 02:46:43 GMT; path=/; domain=.google.com; HttpOnly
Transfer-Encoding: chunked
Accept-Ranges: none
Vary: Accept-Encoding
Proxy-Connection: keep-alive

3、Docker配置HTTP代理

通过上面步骤已经在Centos7上访问google等网站，并下载一些资源包，但是在docker pull某些镜像的时候（例如k8s.gcr.io/pause ）会发现还是无法pull镜像，但是这个镜像是在使用kubernetes必不可少

3.1、修改Docker配置

# mkdir /etc/systemd/system/docker.service.d
# vim  /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:8118"

3.2、重启Docker服务

# systemctl daemon-reload
# systemctl restart docker
# docker info
Containers: 26
 Running: 15
 Paused: 0
 Stopped: 11
Images: 47
Server Version: 18.06.1-ce
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay weavemesh
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
 NodeID: j4i6athr04yfqhusrpx6mwkyf
 Is Manager: true
 ClusterID: vejlbon9n62xzznz7gc7lcem7
 Managers: 1
 Nodes: 3
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: 192.168.99.143
 Manager Addresses:
  192.168.99.143:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.796GiB
Name: docker01
ID: BYKL:LKWQ:32GB:DJJA:VU6V:RU7Q:EV7G:IJWZ:OYIP:SWXM:SWO7:WD3Y
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: http://127.0.0.1:8118
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors:
 https://so9gt83b.mirror.aliyuncs.com/
Live Restore Enabled: false

执行docker info 可以看到HTTP Proxy: http://127.0.0.1:8118 刚刚配置的http代理地址