mirror of https://github.com/docker/cli.git
Merge pull request #4202 from thaJeztah/23.0_backport_docs_daemon_proxy_config
[23.0 backport] docs/reference: update dockerd docs for changes in 23.0
This commit is contained in:
commit
f480fb1e37
|
@ -123,30 +123,31 @@ the [installation](https://docs.docker.com/install/) instructions for your opera
|
||||||
The following list of environment variables are supported by the `docker` command
|
The following list of environment variables are supported by the `docker` command
|
||||||
line:
|
line:
|
||||||
|
|
||||||
| Variable | Description |
|
| Variable | Description |
|
||||||
|:------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
|:------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
|
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
|
||||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||||
| `DOCKER_CONFIG` | The location of your client configuration files. |
|
| `DOCKER_CONFIG` | The location of your client configuration files. |
|
||||||
| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. |
|
| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. |
|
||||||
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
|
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
|
||||||
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
|
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
|
||||||
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
|
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
|
||||||
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release, at which point this environment-variable is removed. |
|
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. |
|
||||||
| `DOCKER_HOST` | Daemon socket to connect to. |
|
| `DOCKER_HOST` | Daemon socket to connect to. |
|
||||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||||
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
|
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
|
||||||
|
|
||||||
Because Docker is developed using Go, you can also use any environment
|
Because Docker is developed using Go, you can also use any environment
|
||||||
variables used by the Go runtime. In particular, you may find these useful:
|
variables used by the Go runtime. In particular, you may find these useful:
|
||||||
|
|
||||||
* `HTTP_PROXY`
|
| Variable | Description |
|
||||||
* `HTTPS_PROXY`
|
|:--------------|:-------------------------------------------------------------------------------|
|
||||||
* `NO_PROXY`
|
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. |
|
||||||
|
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. |
|
||||||
|
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. |
|
||||||
|
|
||||||
These Go environment variables are case-insensitive. See the
|
See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config)
|
||||||
[Go specification](https://golang.org/pkg/net/http/) for details on these
|
for details on these variables.
|
||||||
variables.
|
|
||||||
|
|
||||||
## Configuration files
|
## Configuration files
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ redirect_from:
|
||||||
# daemon
|
# daemon
|
||||||
|
|
||||||
```markdown
|
```markdown
|
||||||
Usage: dockerd COMMAND
|
Usage: dockerd [OPTIONS]
|
||||||
|
|
||||||
A self-sufficient runtime for containers.
|
A self-sufficient runtime for containers.
|
||||||
|
|
||||||
|
@ -35,14 +35,14 @@ Options:
|
||||||
--containerd-namespace string Containerd namespace to use (default "moby")
|
--containerd-namespace string Containerd namespace to use (default "moby")
|
||||||
--containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby")
|
--containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby")
|
||||||
--cpu-rt-period int Limit the CPU real-time period in microseconds for the
|
--cpu-rt-period int Limit the CPU real-time period in microseconds for the
|
||||||
parent cgroup for all containers
|
parent cgroup for all containers (not supported with cgroups v2)
|
||||||
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the
|
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the
|
||||||
parent cgroup for all containers
|
parent cgroup for all containers (not supported with cgroups v2)
|
||||||
--cri-containerd start containerd with cri
|
--cri-containerd start containerd with cri
|
||||||
--data-root string Root directory of persistent Docker state (default "/var/lib/docker")
|
--data-root string Root directory of persistent Docker state (default "/var/lib/docker")
|
||||||
-D, --debug Enable debug mode
|
-D, --debug Enable debug mode
|
||||||
--default-address-pool pool-options Default address pools for node specific local networks
|
--default-address-pool pool-options Default address pools for node specific local networks
|
||||||
--default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "host")
|
--default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "private")
|
||||||
--default-gateway ip Container default gateway IPv4 address
|
--default-gateway ip Container default gateway IPv4 address
|
||||||
--default-gateway-v6 ip Container default gateway IPv6 address
|
--default-gateway-v6 ip Container default gateway IPv6 address
|
||||||
--default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private")
|
--default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private")
|
||||||
|
@ -62,6 +62,8 @@ Options:
|
||||||
-H, --host list Daemon socket(s) to connect to
|
-H, --host list Daemon socket(s) to connect to
|
||||||
--host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to.
|
--host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to.
|
||||||
Defaults to the IP address of the default bridge
|
Defaults to the IP address of the default bridge
|
||||||
|
--http-proxy string HTTP proxy URL to use for outgoing traffic
|
||||||
|
--https-proxy string HTTPS proxy URL to use for outgoing traffic
|
||||||
--icc Enable inter-container communication (default true)
|
--icc Enable inter-container communication (default true)
|
||||||
--init Run an init in the container to forward signals and reap processes
|
--init Run an init in the container to forward signals and reap processes
|
||||||
--init-path string Path to the docker-init binary
|
--init-path string Path to the docker-init binary
|
||||||
|
@ -69,8 +71,8 @@ Options:
|
||||||
--ip ip Default IP when binding container ports (default 0.0.0.0)
|
--ip ip Default IP when binding container ports (default 0.0.0.0)
|
||||||
--ip-forward Enable net.ipv4.ip_forward (default true)
|
--ip-forward Enable net.ipv4.ip_forward (default true)
|
||||||
--ip-masq Enable IP masquerading (default true)
|
--ip-masq Enable IP masquerading (default true)
|
||||||
|
--ip6tables Enable addition of ip6tables rules (experimental)
|
||||||
--iptables Enable addition of iptables rules (default true)
|
--iptables Enable addition of iptables rules (default true)
|
||||||
--ip6tables Enable addition of ip6tables rules (default false)
|
|
||||||
--ipv6 Enable IPv6 networking
|
--ipv6 Enable IPv6 networking
|
||||||
--label list Set key=value labels to the daemon
|
--label list Set key=value labels to the daemon
|
||||||
--live-restore Enable live restore of docker when containers are still running
|
--live-restore Enable live restore of docker when containers are still running
|
||||||
|
@ -81,16 +83,17 @@ Options:
|
||||||
--max-concurrent-uploads int Set the max concurrent uploads (default 5)
|
--max-concurrent-uploads int Set the max concurrent uploads (default 5)
|
||||||
--max-download-attempts int Set the max download attempts for each pull (default 5)
|
--max-download-attempts int Set the max download attempts for each pull (default 5)
|
||||||
--metrics-addr string Set default address and port to serve the metrics api on
|
--metrics-addr string Set default address and port to serve the metrics api on
|
||||||
--mtu int Set the containers network MTU
|
--mtu int Set the containers network MTU (default 1500)
|
||||||
--network-control-plane-mtu int Network Control plane MTU (default 1500)
|
--network-control-plane-mtu int Network Control plane MTU (default 1500)
|
||||||
--no-new-privileges Set no-new-privileges by default for new containers
|
--no-new-privileges Set no-new-privileges by default for new containers
|
||||||
|
--no-proxy string Comma-separated list of hosts or IP addresses for which the proxy is skipped
|
||||||
--node-generic-resource list Advertise user-defined resource
|
--node-generic-resource list Advertise user-defined resource
|
||||||
--oom-score-adjust int Set the oom_score_adj for the daemon (default -500)
|
--oom-score-adjust int Set the oom_score_adj for the daemon
|
||||||
-p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid")
|
-p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid")
|
||||||
--raw-logs Full timestamps without ANSI coloring
|
--raw-logs Full timestamps without ANSI coloring
|
||||||
--registry-mirror list Preferred registry mirror
|
--registry-mirror list Preferred registry mirror
|
||||||
--rootless Enable rootless mode; typically used with RootlessKit
|
--rootless Enable rootless mode; typically used with RootlessKit
|
||||||
--seccomp-profile string Path to seccomp profile
|
--seccomp-profile string Path to seccomp profile. Use "unconfined" to disable the default seccomp profile (default "builtin")
|
||||||
--selinux-enabled Enable selinux support
|
--selinux-enabled Enable selinux support
|
||||||
--shutdown-timeout int Set the default shutdown timeout (default 15)
|
--shutdown-timeout int Set the default shutdown timeout (default 15)
|
||||||
-s, --storage-driver string Storage driver to use
|
-s, --storage-driver string Storage driver to use
|
||||||
|
@ -129,16 +132,42 @@ to [the `daemon.json` file](#daemon-configuration-file).
|
||||||
For easy reference, the following list of environment variables are supported
|
For easy reference, the following list of environment variables are supported
|
||||||
by the `dockerd` command line:
|
by the `dockerd` command line:
|
||||||
|
|
||||||
* `DOCKER_DRIVER` The graph driver to use.
|
| Variable | Description |
|
||||||
* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is
|
|:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
unsuitable for Docker.
|
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
|
||||||
* `DOCKER_RAMDISK` If set this will disable 'pivot_root'.
|
| `DOCKER_DRIVER` | The storage driver to use. |
|
||||||
* `DOCKER_TMPDIR` Location for temporary Docker files.
|
| `DOCKER_RAMDISK` | If set this disables 'pivot_root'. |
|
||||||
* `MOBY_DISABLE_PIGZ` Do not use [`unpigz`](https://linux.die.net/man/1/pigz) to
|
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
|
||||||
decompress layers in parallel when pulling images, even if it is installed.
|
| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. |
|
||||||
|
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||||
|
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||||
|
| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. | |
|
||||||
|
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
|
### Proxy configuration
|
||||||
|
|
||||||
|
> **Note**
|
||||||
|
>
|
||||||
|
> Refer to the [Docker Desktop manual](https://docs.docker.com/desktop/networking/#httphttps-proxy-support)
|
||||||
|
> if you are running [Docker Desktop](https://docs.docker.com/desktop/).
|
||||||
|
|
||||||
|
If you are behind an HTTP proxy server, for example in corporate settings,
|
||||||
|
you may have to configure the Docker daemon to use the proxy server for
|
||||||
|
operations such as pulling and pushing images. The daemon can be configured
|
||||||
|
in three ways:
|
||||||
|
|
||||||
|
1. Using environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`).
|
||||||
|
2. Using the "http-proxy", "https-proxy", and "no-proxy" fields in the
|
||||||
|
[daemon configuration file](#daemon-configuration-file) (Docker Engine 23.0 or newer).
|
||||||
|
3. Using the `--http-proxy`, `--https-proxy`, and `--no-proxy` command-line
|
||||||
|
options. (Docker Engine 23.0 or newer).
|
||||||
|
|
||||||
|
The command-line and configuration file options take precedence over environment
|
||||||
|
variables. Refer to [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy)
|
||||||
|
to set these environment variables on a host using `systemd`.
|
||||||
|
|
||||||
### Daemon socket option
|
### Daemon socket option
|
||||||
|
|
||||||
The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/)
|
The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/)
|
||||||
|
@ -1222,6 +1251,9 @@ This is a full example of the allowed configuration options on Linux:
|
||||||
"fixed-cidr-v6": "",
|
"fixed-cidr-v6": "",
|
||||||
"group": "",
|
"group": "",
|
||||||
"hosts": [],
|
"hosts": [],
|
||||||
|
"http-proxy": "http://proxy.example.com:80",
|
||||||
|
"https-proxy": "https://proxy.example.com:443",
|
||||||
|
"no-proxy": "*.test.example.com,.example.org",
|
||||||
"icc": false,
|
"icc": false,
|
||||||
"init": false,
|
"init": false,
|
||||||
"init-path": "/usr/libexec/docker-init",
|
"init-path": "/usr/libexec/docker-init",
|
||||||
|
@ -1255,7 +1287,7 @@ This is a full example of the allowed configuration options on Linux:
|
||||||
"NVIDIA-GPU=UUID1",
|
"NVIDIA-GPU=UUID1",
|
||||||
"NVIDIA-GPU=UUID2"
|
"NVIDIA-GPU=UUID2"
|
||||||
],
|
],
|
||||||
"oom-score-adjust": -500,
|
"oom-score-adjust": 0,
|
||||||
"pidfile": "",
|
"pidfile": "",
|
||||||
"raw-logs": false,
|
"raw-logs": false,
|
||||||
"registry-mirrors": [],
|
"registry-mirrors": [],
|
||||||
|
|
|
@ -34,10 +34,8 @@ use `docker pull`.
|
||||||
|
|
||||||
If you are behind an HTTP proxy server, for example in corporate settings,
|
If you are behind an HTTP proxy server, for example in corporate settings,
|
||||||
before open a connect to registry, you may need to configure the Docker
|
before open a connect to registry, you may need to configure the Docker
|
||||||
daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
|
daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration)
|
||||||
environment variables. To set these environment variables on a host using
|
for details.
|
||||||
`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy)
|
|
||||||
for variables configuration.
|
|
||||||
|
|
||||||
### Concurrent downloads
|
### Concurrent downloads
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,8 @@ dockerd - Enable daemon mode
|
||||||
[**-G**|**--group**[=*docker*]]
|
[**-G**|**--group**[=*docker*]]
|
||||||
[**-H**|**--host**[=*[]*]]
|
[**-H**|**--host**[=*[]*]]
|
||||||
[**--help**]
|
[**--help**]
|
||||||
|
[**--http-proxy**[*""*]]
|
||||||
|
[**--https-proxy**[*""*]]
|
||||||
[**--icc**[=*true*]]
|
[**--icc**[=*true*]]
|
||||||
[**--init**[=*false*]]
|
[**--init**[=*false*]]
|
||||||
[**--init-path**[=*""*]]
|
[**--init-path**[=*""*]]
|
||||||
|
@ -54,6 +56,7 @@ dockerd - Enable daemon mode
|
||||||
[**--max-concurrent-downloads**[=*3*]]
|
[**--max-concurrent-downloads**[=*3*]]
|
||||||
[**--max-concurrent-uploads**[=*5*]]
|
[**--max-concurrent-uploads**[=*5*]]
|
||||||
[**--max-download-attempts**[=*5*]]
|
[**--max-download-attempts**[=*5*]]
|
||||||
|
[**--no-proxy**[*""*]]
|
||||||
[**--node-generic-resources**[=*[]*]]
|
[**--node-generic-resources**[=*[]*]]
|
||||||
[**-p**|**--pidfile**[=*/var/run/docker.pid*]]
|
[**-p**|**--pidfile**[=*/var/run/docker.pid*]]
|
||||||
[**--raw-logs**]
|
[**--raw-logs**]
|
||||||
|
@ -233,6 +236,12 @@ unix://[/path/to/socket] to use.
|
||||||
**--help**
|
**--help**
|
||||||
Print usage statement
|
Print usage statement
|
||||||
|
|
||||||
|
**--http-proxy***""*
|
||||||
|
Proxy URL for HTTP requests unless overridden by NoProxy.
|
||||||
|
|
||||||
|
**--https-proxy***""*
|
||||||
|
Proxy URL for HTTPS requests unless overridden by NoProxy.
|
||||||
|
|
||||||
**--icc**=*true*|*false*
|
**--icc**=*true*|*false*
|
||||||
Allow unrestricted inter\-container and Docker daemon host communication. If
|
Allow unrestricted inter\-container and Docker daemon host communication. If
|
||||||
disabled, containers can still be linked together using the **--link** option
|
disabled, containers can still be linked together using the **--link** option
|
||||||
|
@ -325,6 +334,9 @@ unix://[/path/to/socket] to use.
|
||||||
**--max-download-attempts**=*5*
|
**--max-download-attempts**=*5*
|
||||||
Set the max download attempts for each pull. Default is `5`.
|
Set the max download attempts for each pull. Default is `5`.
|
||||||
|
|
||||||
|
**--no-proxy**=*""*"
|
||||||
|
Comma-separated values specifying hosts that should be excluded from proxying.
|
||||||
|
|
||||||
**--node-generic-resources**=*[]*
|
**--node-generic-resources**=*[]*
|
||||||
Advertise user-defined resource. Default is `[]`.
|
Advertise user-defined resource. Default is `[]`.
|
||||||
Use this if your swarm cluster has some nodes with custom
|
Use this if your swarm cluster has some nodes with custom
|
||||||
|
|
Loading…
Reference in New Issue