From b6cd3c85b5e9199a1369e92ba3b992ed6eb8982c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 2 Apr 2022 14:07:51 +0200 Subject: [PATCH] docs: update dockerd usage output for new proxy-options Adds documentation for the options that were added in https://github.com/moby/moby/commit/427c7cc5f86364466c7173e8ca59b97c3876471d Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c846428cb639f10053df376ab8f4ab0adddf02d1) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 40 +++++++++++++++++++++++---- docs/reference/commandline/pull.md | 6 ++-- man/dockerd.8.md | 12 ++++++++ 3 files changed, 48 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 79a78539d5..2413dd1bfc 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -18,7 +18,7 @@ redirect_from: # daemon ```markdown -Usage: dockerd COMMAND +Usage: dockerd [OPTIONS] A self-sufficient runtime for containers. @@ -35,14 +35,14 @@ Options: --containerd-namespace string Containerd namespace to use (default "moby") --containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby") --cpu-rt-period int Limit the CPU real-time period in microseconds for the - parent cgroup for all containers + parent cgroup for all containers (not supported with cgroups v2) --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the - parent cgroup for all containers + parent cgroup for all containers (not supported with cgroups v2) --cri-containerd start containerd with cri --data-root string Root directory of persistent Docker state (default "/var/lib/docker") -D, --debug Enable debug mode --default-address-pool pool-options Default address pools for node specific local networks - --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "host") + --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "private") --default-gateway ip Container default gateway IPv4 address --default-gateway-v6 ip Container default gateway IPv6 address --default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private") @@ -62,6 +62,8 @@ Options: -H, --host list Daemon socket(s) to connect to --host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the default bridge + --http-proxy string HTTP proxy URL to use for outgoing traffic + --https-proxy string HTTPS proxy URL to use for outgoing traffic --icc Enable inter-container communication (default true) --init Run an init in the container to forward signals and reap processes --init-path string Path to the docker-init binary @@ -69,8 +71,8 @@ Options: --ip ip Default IP when binding container ports (default 0.0.0.0) --ip-forward Enable net.ipv4.ip_forward (default true) --ip-masq Enable IP masquerading (default true) + --ip6tables Enable addition of ip6tables rules (experimental) --iptables Enable addition of iptables rules (default true) - --ip6tables Enable addition of ip6tables rules (default false) --ipv6 Enable IPv6 networking --label list Set key=value labels to the daemon --live-restore Enable live restore of docker when containers are still running @@ -81,9 +83,10 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads (default 5) --max-download-attempts int Set the max download attempts for each pull (default 5) --metrics-addr string Set default address and port to serve the metrics api on - --mtu int Set the containers network MTU + --mtu int Set the containers network MTU (default 1500) --network-control-plane-mtu int Network Control plane MTU (default 1500) --no-new-privileges Set no-new-privileges by default for new containers + --no-proxy string Comma-separated list of hosts or IP addresses for which the proxy is skipped --node-generic-resource list Advertise user-defined resource --oom-score-adjust int Set the oom_score_adj for the daemon -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") @@ -143,6 +146,28 @@ by the `dockerd` command line: ## Examples +### Proxy configuration + +> **Note** +> +> Refer to the [Docker Desktop manual](https://docs.docker.com/desktop/networking/#httphttps-proxy-support) +> if you are running [Docker Desktop](https://docs.docker.com/desktop/). + +If you are behind an HTTP proxy server, for example in corporate settings, +you may have to configure the Docker daemon to use the proxy server for +operations such as pulling and pushing images. The daemon can be configured +in three ways: + +1. Using environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`). +2. Using the "http-proxy", "https-proxy", and "no-proxy" fields in the + [daemon configuration file](#daemon-configuration-file) (Docker Engine 23.0 or newer). +3. Using the `--http-proxy`, `--https-proxy`, and `--no-proxy` command-line + options. (Docker Engine 23.0 or newer). + +The command-line and configuration file options take precedence over environment +variables. Refer to [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) +to set these environment variables on a host using `systemd`. + ### Daemon socket option The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/) @@ -1226,6 +1251,9 @@ This is a full example of the allowed configuration options on Linux: "fixed-cidr-v6": "", "group": "", "hosts": [], + "http-proxy": "http://proxy.example.com:80", + "https-proxy": "https://proxy.example.com:443", + "no-proxy": "*.test.example.com,.example.org", "icc": false, "init": false, "init-path": "/usr/libexec/docker-init", diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 443f12af04..8c90dc4e5d 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -34,10 +34,8 @@ use `docker pull`. If you are behind an HTTP proxy server, for example in corporate settings, before open a connect to registry, you may need to configure the Docker -daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` -environment variables. To set these environment variables on a host using -`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) -for variables configuration. +daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration) +for details. ### Concurrent downloads diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 0043f70470..2daac117f3 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -35,6 +35,8 @@ dockerd - Enable daemon mode [**-G**|**--group**[=*docker*]] [**-H**|**--host**[=*[]*]] [**--help**] +[**--http-proxy**[*""*]] +[**--https-proxy**[*""*]] [**--icc**[=*true*]] [**--init**[=*false*]] [**--init-path**[=*""*]] @@ -54,6 +56,7 @@ dockerd - Enable daemon mode [**--max-concurrent-downloads**[=*3*]] [**--max-concurrent-uploads**[=*5*]] [**--max-download-attempts**[=*5*]] +[**--no-proxy**[*""*]] [**--node-generic-resources**[=*[]*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--raw-logs**] @@ -233,6 +236,12 @@ unix://[/path/to/socket] to use. **--help** Print usage statement +**--http-proxy***""* + Proxy URL for HTTP requests unless overridden by NoProxy. + +**--https-proxy***""* + Proxy URL for HTTPS requests unless overridden by NoProxy. + **--icc**=*true*|*false* Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option @@ -325,6 +334,9 @@ unix://[/path/to/socket] to use. **--max-download-attempts**=*5* Set the max download attempts for each pull. Default is `5`. +**--no-proxy**=*""*" + Comma-separated values specifying hosts that should be excluded from proxying. + **--node-generic-resources**=*[]* Advertise user-defined resource. Default is `[]`. Use this if your swarm cluster has some nodes with custom