diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 9180906af0..c5affb008c 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -123,30 +123,31 @@ the [installation](https://docs.docker.com/install/) instructions for your opera The following list of environment variables are supported by the `docker` command line: -| Variable | Description | -|:------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------| -| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) | -| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | -| `DOCKER_CONFIG` | The location of your client configuration files. | -| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. | -| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. | -| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) | -| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. | -| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release, at which point this environment-variable is removed. | -| `DOCKER_HOST` | Daemon socket to connect to. | -| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | -| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). | +| Variable | Description | +|:------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) | +| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | +| `DOCKER_CONFIG` | The location of your client configuration files. | +| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. | +| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. | +| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) | +| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. | +| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. | +| `DOCKER_HOST` | Daemon socket to connect to. | +| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | +| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). | Because Docker is developed using Go, you can also use any environment variables used by the Go runtime. In particular, you may find these useful: -* `HTTP_PROXY` -* `HTTPS_PROXY` -* `NO_PROXY` +| Variable | Description | +|:--------------|:-------------------------------------------------------------------------------| +| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. | +| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. | +| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. | -These Go environment variables are case-insensitive. See the -[Go specification](https://golang.org/pkg/net/http/) for details on these -variables. +See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) +for details on these variables. ## Configuration files diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index a8a3cf2dee..2413dd1bfc 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -18,7 +18,7 @@ redirect_from: # daemon ```markdown -Usage: dockerd COMMAND +Usage: dockerd [OPTIONS] A self-sufficient runtime for containers. @@ -35,14 +35,14 @@ Options: --containerd-namespace string Containerd namespace to use (default "moby") --containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby") --cpu-rt-period int Limit the CPU real-time period in microseconds for the - parent cgroup for all containers + parent cgroup for all containers (not supported with cgroups v2) --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the - parent cgroup for all containers + parent cgroup for all containers (not supported with cgroups v2) --cri-containerd start containerd with cri --data-root string Root directory of persistent Docker state (default "/var/lib/docker") -D, --debug Enable debug mode --default-address-pool pool-options Default address pools for node specific local networks - --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "host") + --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "private") --default-gateway ip Container default gateway IPv4 address --default-gateway-v6 ip Container default gateway IPv6 address --default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private") @@ -62,6 +62,8 @@ Options: -H, --host list Daemon socket(s) to connect to --host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the default bridge + --http-proxy string HTTP proxy URL to use for outgoing traffic + --https-proxy string HTTPS proxy URL to use for outgoing traffic --icc Enable inter-container communication (default true) --init Run an init in the container to forward signals and reap processes --init-path string Path to the docker-init binary @@ -69,8 +71,8 @@ Options: --ip ip Default IP when binding container ports (default 0.0.0.0) --ip-forward Enable net.ipv4.ip_forward (default true) --ip-masq Enable IP masquerading (default true) + --ip6tables Enable addition of ip6tables rules (experimental) --iptables Enable addition of iptables rules (default true) - --ip6tables Enable addition of ip6tables rules (default false) --ipv6 Enable IPv6 networking --label list Set key=value labels to the daemon --live-restore Enable live restore of docker when containers are still running @@ -81,16 +83,17 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads (default 5) --max-download-attempts int Set the max download attempts for each pull (default 5) --metrics-addr string Set default address and port to serve the metrics api on - --mtu int Set the containers network MTU + --mtu int Set the containers network MTU (default 1500) --network-control-plane-mtu int Network Control plane MTU (default 1500) --no-new-privileges Set no-new-privileges by default for new containers + --no-proxy string Comma-separated list of hosts or IP addresses for which the proxy is skipped --node-generic-resource list Advertise user-defined resource - --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) + --oom-score-adjust int Set the oom_score_adj for the daemon -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring --registry-mirror list Preferred registry mirror --rootless Enable rootless mode; typically used with RootlessKit - --seccomp-profile string Path to seccomp profile + --seccomp-profile string Path to seccomp profile. Use "unconfined" to disable the default seccomp profile (default "builtin") --selinux-enabled Enable selinux support --shutdown-timeout int Set the default shutdown timeout (default 15) -s, --storage-driver string Storage driver to use @@ -129,16 +132,42 @@ to [the `daemon.json` file](#daemon-configuration-file). For easy reference, the following list of environment variables are supported by the `dockerd` command line: -* `DOCKER_DRIVER` The graph driver to use. -* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is - unsuitable for Docker. -* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. -* `DOCKER_TMPDIR` Location for temporary Docker files. -* `MOBY_DISABLE_PIGZ` Do not use [`unpigz`](https://linux.die.net/man/1/pigz) to - decompress layers in parallel when pulling images, even if it is installed. +| Variable | Description | +|:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. | +| `DOCKER_DRIVER` | The storage driver to use. | +| `DOCKER_RAMDISK` | If set this disables 'pivot_root'. | +| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. | +| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. | +| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. | +| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. | +| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. | | +| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. | ## Examples +### Proxy configuration + +> **Note** +> +> Refer to the [Docker Desktop manual](https://docs.docker.com/desktop/networking/#httphttps-proxy-support) +> if you are running [Docker Desktop](https://docs.docker.com/desktop/). + +If you are behind an HTTP proxy server, for example in corporate settings, +you may have to configure the Docker daemon to use the proxy server for +operations such as pulling and pushing images. The daemon can be configured +in three ways: + +1. Using environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`). +2. Using the "http-proxy", "https-proxy", and "no-proxy" fields in the + [daemon configuration file](#daemon-configuration-file) (Docker Engine 23.0 or newer). +3. Using the `--http-proxy`, `--https-proxy`, and `--no-proxy` command-line + options. (Docker Engine 23.0 or newer). + +The command-line and configuration file options take precedence over environment +variables. Refer to [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) +to set these environment variables on a host using `systemd`. + ### Daemon socket option The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/) @@ -1222,6 +1251,9 @@ This is a full example of the allowed configuration options on Linux: "fixed-cidr-v6": "", "group": "", "hosts": [], + "http-proxy": "http://proxy.example.com:80", + "https-proxy": "https://proxy.example.com:443", + "no-proxy": "*.test.example.com,.example.org", "icc": false, "init": false, "init-path": "/usr/libexec/docker-init", @@ -1255,7 +1287,7 @@ This is a full example of the allowed configuration options on Linux: "NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2" ], - "oom-score-adjust": -500, + "oom-score-adjust": 0, "pidfile": "", "raw-logs": false, "registry-mirrors": [], diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 443f12af04..8c90dc4e5d 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -34,10 +34,8 @@ use `docker pull`. If you are behind an HTTP proxy server, for example in corporate settings, before open a connect to registry, you may need to configure the Docker -daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` -environment variables. To set these environment variables on a host using -`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) -for variables configuration. +daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration) +for details. ### Concurrent downloads diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 0043f70470..2daac117f3 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -35,6 +35,8 @@ dockerd - Enable daemon mode [**-G**|**--group**[=*docker*]] [**-H**|**--host**[=*[]*]] [**--help**] +[**--http-proxy**[*""*]] +[**--https-proxy**[*""*]] [**--icc**[=*true*]] [**--init**[=*false*]] [**--init-path**[=*""*]] @@ -54,6 +56,7 @@ dockerd - Enable daemon mode [**--max-concurrent-downloads**[=*3*]] [**--max-concurrent-uploads**[=*5*]] [**--max-download-attempts**[=*5*]] +[**--no-proxy**[*""*]] [**--node-generic-resources**[=*[]*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--raw-logs**] @@ -233,6 +236,12 @@ unix://[/path/to/socket] to use. **--help** Print usage statement +**--http-proxy***""* + Proxy URL for HTTP requests unless overridden by NoProxy. + +**--https-proxy***""* + Proxy URL for HTTPS requests unless overridden by NoProxy. + **--icc**=*true*|*false* Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option @@ -325,6 +334,9 @@ unix://[/path/to/socket] to use. **--max-download-attempts**=*5* Set the max download attempts for each pull. Default is `5`. +**--no-proxy**=*""*" + Comma-separated values specifying hosts that should be excluded from proxying. + **--node-generic-resources**=*[]* Advertise user-defined resource. Default is `[]`. Use this if your swarm cluster has some nodes with custom