Merge pull request #4199 from thaJeztah/docs_daemon_proxy_config

docs/reference: update dockerd docs for changes in 23.0
This commit is contained in:
Sebastiaan van Stijn 2023-04-13 21:55:50 +02:00 committed by GitHub
commit 60d0659e40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 82 additions and 39 deletions

View File

@ -124,7 +124,7 @@ The following list of environment variables are supported by the `docker` comman
line: line:
| Variable | Description | | Variable | Description |
|:------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------| |:------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) | | `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | | `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
| `DOCKER_CONFIG` | The location of your client configuration files. | | `DOCKER_CONFIG` | The location of your client configuration files. |
@ -132,7 +132,7 @@ line:
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. | | `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) | | `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. | | `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release, at which point this environment-variable is removed. | | `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. |
| `DOCKER_HOST` | Daemon socket to connect to. | | `DOCKER_HOST` | Daemon socket to connect to. |
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | | `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). | | `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
@ -140,13 +140,14 @@ line:
Because Docker is developed using Go, you can also use any environment Because Docker is developed using Go, you can also use any environment
variables used by the Go runtime. In particular, you may find these useful: variables used by the Go runtime. In particular, you may find these useful:
* `HTTP_PROXY` | Variable | Description |
* `HTTPS_PROXY` |:--------------|:-------------------------------------------------------------------------------|
* `NO_PROXY` | `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. |
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. |
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. |
These Go environment variables are case-insensitive. See the See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config)
[Go specification](https://golang.org/pkg/net/http/) for details on these for details on these variables.
variables.
## Configuration files ## Configuration files

View File

@ -18,7 +18,7 @@ redirect_from:
# daemon # daemon
```markdown ```markdown
Usage: dockerd COMMAND Usage: dockerd [OPTIONS]
A self-sufficient runtime for containers. A self-sufficient runtime for containers.
@ -35,14 +35,14 @@ Options:
--containerd-namespace string Containerd namespace to use (default "moby") --containerd-namespace string Containerd namespace to use (default "moby")
--containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby") --containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby")
--cpu-rt-period int Limit the CPU real-time period in microseconds for the --cpu-rt-period int Limit the CPU real-time period in microseconds for the
parent cgroup for all containers parent cgroup for all containers (not supported with cgroups v2)
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the
parent cgroup for all containers parent cgroup for all containers (not supported with cgroups v2)
--cri-containerd start containerd with cri --cri-containerd start containerd with cri
--data-root string Root directory of persistent Docker state (default "/var/lib/docker") --data-root string Root directory of persistent Docker state (default "/var/lib/docker")
-D, --debug Enable debug mode -D, --debug Enable debug mode
--default-address-pool pool-options Default address pools for node specific local networks --default-address-pool pool-options Default address pools for node specific local networks
--default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "host") --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "private")
--default-gateway ip Container default gateway IPv4 address --default-gateway ip Container default gateway IPv4 address
--default-gateway-v6 ip Container default gateway IPv6 address --default-gateway-v6 ip Container default gateway IPv6 address
--default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private") --default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private")
@ -62,6 +62,8 @@ Options:
-H, --host list Daemon socket(s) to connect to -H, --host list Daemon socket(s) to connect to
--host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to. --host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to.
Defaults to the IP address of the default bridge Defaults to the IP address of the default bridge
--http-proxy string HTTP proxy URL to use for outgoing traffic
--https-proxy string HTTPS proxy URL to use for outgoing traffic
--icc Enable inter-container communication (default true) --icc Enable inter-container communication (default true)
--init Run an init in the container to forward signals and reap processes --init Run an init in the container to forward signals and reap processes
--init-path string Path to the docker-init binary --init-path string Path to the docker-init binary
@ -69,8 +71,8 @@ Options:
--ip ip Default IP when binding container ports (default 0.0.0.0) --ip ip Default IP when binding container ports (default 0.0.0.0)
--ip-forward Enable net.ipv4.ip_forward (default true) --ip-forward Enable net.ipv4.ip_forward (default true)
--ip-masq Enable IP masquerading (default true) --ip-masq Enable IP masquerading (default true)
--ip6tables Enable addition of ip6tables rules (experimental)
--iptables Enable addition of iptables rules (default true) --iptables Enable addition of iptables rules (default true)
--ip6tables Enable addition of ip6tables rules (default false)
--ipv6 Enable IPv6 networking --ipv6 Enable IPv6 networking
--label list Set key=value labels to the daemon --label list Set key=value labels to the daemon
--live-restore Enable live restore of docker when containers are still running --live-restore Enable live restore of docker when containers are still running
@ -81,16 +83,17 @@ Options:
--max-concurrent-uploads int Set the max concurrent uploads (default 5) --max-concurrent-uploads int Set the max concurrent uploads (default 5)
--max-download-attempts int Set the max download attempts for each pull (default 5) --max-download-attempts int Set the max download attempts for each pull (default 5)
--metrics-addr string Set default address and port to serve the metrics api on --metrics-addr string Set default address and port to serve the metrics api on
--mtu int Set the containers network MTU --mtu int Set the containers network MTU (default 1500)
--network-control-plane-mtu int Network Control plane MTU (default 1500) --network-control-plane-mtu int Network Control plane MTU (default 1500)
--no-new-privileges Set no-new-privileges by default for new containers --no-new-privileges Set no-new-privileges by default for new containers
--no-proxy string Comma-separated list of hosts or IP addresses for which the proxy is skipped
--node-generic-resource list Advertise user-defined resource --node-generic-resource list Advertise user-defined resource
--oom-score-adjust int Set the oom_score_adj for the daemon (default -500) --oom-score-adjust int Set the oom_score_adj for the daemon
-p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid")
--raw-logs Full timestamps without ANSI coloring --raw-logs Full timestamps without ANSI coloring
--registry-mirror list Preferred registry mirror --registry-mirror list Preferred registry mirror
--rootless Enable rootless mode; typically used with RootlessKit --rootless Enable rootless mode; typically used with RootlessKit
--seccomp-profile string Path to seccomp profile --seccomp-profile string Path to seccomp profile. Use "unconfined" to disable the default seccomp profile (default "builtin")
--selinux-enabled Enable selinux support --selinux-enabled Enable selinux support
--shutdown-timeout int Set the default shutdown timeout (default 15) --shutdown-timeout int Set the default shutdown timeout (default 15)
-s, --storage-driver string Storage driver to use -s, --storage-driver string Storage driver to use
@ -129,16 +132,42 @@ to [the `daemon.json` file](#daemon-configuration-file).
For easy reference, the following list of environment variables are supported For easy reference, the following list of environment variables are supported
by the `dockerd` command line: by the `dockerd` command line:
* `DOCKER_DRIVER` The graph driver to use. | Variable | Description |
* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is |:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
unsuitable for Docker. | `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. | `DOCKER_DRIVER` | The storage driver to use. |
* `DOCKER_TMPDIR` Location for temporary Docker files. | `DOCKER_RAMDISK` | If set this disables 'pivot_root'. |
* `MOBY_DISABLE_PIGZ` Do not use [`unpigz`](https://linux.die.net/man/1/pigz) to | `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
decompress layers in parallel when pulling images, even if it is installed. | `DOCKER_TMPDIR` | Location for temporary files created by the daemon. |
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. | |
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
## Examples ## Examples
### Proxy configuration
> **Note**
>
> Refer to the [Docker Desktop manual](https://docs.docker.com/desktop/networking/#httphttps-proxy-support)
> if you are running [Docker Desktop](https://docs.docker.com/desktop/).
If you are behind an HTTP proxy server, for example in corporate settings,
you may have to configure the Docker daemon to use the proxy server for
operations such as pulling and pushing images. The daemon can be configured
in three ways:
1. Using environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`).
2. Using the "http-proxy", "https-proxy", and "no-proxy" fields in the
[daemon configuration file](#daemon-configuration-file) (Docker Engine 23.0 or newer).
3. Using the `--http-proxy`, `--https-proxy`, and `--no-proxy` command-line
options. (Docker Engine 23.0 or newer).
The command-line and configuration file options take precedence over environment
variables. Refer to [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy)
to set these environment variables on a host using `systemd`.
### Daemon socket option ### Daemon socket option
The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/) The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/)
@ -1222,6 +1251,9 @@ This is a full example of the allowed configuration options on Linux:
"fixed-cidr-v6": "", "fixed-cidr-v6": "",
"group": "", "group": "",
"hosts": [], "hosts": [],
"http-proxy": "http://proxy.example.com:80",
"https-proxy": "https://proxy.example.com:443",
"no-proxy": "*.test.example.com,.example.org",
"icc": false, "icc": false,
"init": false, "init": false,
"init-path": "/usr/libexec/docker-init", "init-path": "/usr/libexec/docker-init",
@ -1255,7 +1287,7 @@ This is a full example of the allowed configuration options on Linux:
"NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID1",
"NVIDIA-GPU=UUID2" "NVIDIA-GPU=UUID2"
], ],
"oom-score-adjust": -500, "oom-score-adjust": 0,
"pidfile": "", "pidfile": "",
"raw-logs": false, "raw-logs": false,
"registry-mirrors": [], "registry-mirrors": [],

View File

@ -34,10 +34,8 @@ use `docker pull`.
If you are behind an HTTP proxy server, for example in corporate settings, If you are behind an HTTP proxy server, for example in corporate settings,
before open a connect to registry, you may need to configure the Docker before open a connect to registry, you may need to configure the Docker
daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration)
environment variables. To set these environment variables on a host using for details.
`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy)
for variables configuration.
### Concurrent downloads ### Concurrent downloads

View File

@ -35,6 +35,8 @@ dockerd - Enable daemon mode
[**-G**|**--group**[=*docker*]] [**-G**|**--group**[=*docker*]]
[**-H**|**--host**[=*[]*]] [**-H**|**--host**[=*[]*]]
[**--help**] [**--help**]
[**--http-proxy**[*""*]]
[**--https-proxy**[*""*]]
[**--icc**[=*true*]] [**--icc**[=*true*]]
[**--init**[=*false*]] [**--init**[=*false*]]
[**--init-path**[=*""*]] [**--init-path**[=*""*]]
@ -54,6 +56,7 @@ dockerd - Enable daemon mode
[**--max-concurrent-downloads**[=*3*]] [**--max-concurrent-downloads**[=*3*]]
[**--max-concurrent-uploads**[=*5*]] [**--max-concurrent-uploads**[=*5*]]
[**--max-download-attempts**[=*5*]] [**--max-download-attempts**[=*5*]]
[**--no-proxy**[*""*]]
[**--node-generic-resources**[=*[]*]] [**--node-generic-resources**[=*[]*]]
[**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]]
[**--raw-logs**] [**--raw-logs**]
@ -233,6 +236,12 @@ unix://[/path/to/socket] to use.
**--help** **--help**
Print usage statement Print usage statement
**--http-proxy***""*
Proxy URL for HTTP requests unless overridden by NoProxy.
**--https-proxy***""*
Proxy URL for HTTPS requests unless overridden by NoProxy.
**--icc**=*true*|*false* **--icc**=*true*|*false*
Allow unrestricted inter\-container and Docker daemon host communication. If Allow unrestricted inter\-container and Docker daemon host communication. If
disabled, containers can still be linked together using the **--link** option disabled, containers can still be linked together using the **--link** option
@ -325,6 +334,9 @@ unix://[/path/to/socket] to use.
**--max-download-attempts**=*5* **--max-download-attempts**=*5*
Set the max download attempts for each pull. Default is `5`. Set the max download attempts for each pull. Default is `5`.
**--no-proxy**=*""*"
Comma-separated values specifying hosts that should be excluded from proxying.
**--node-generic-resources**=*[]* **--node-generic-resources**=*[]*
Advertise user-defined resource. Default is `[]`. Advertise user-defined resource. Default is `[]`.
Use this if your swarm cluster has some nodes with custom Use this if your swarm cluster has some nodes with custom