Docker設置http代理

在國內由於不可描述的原因無法訪問Google等網站，但是作為一枚挨踢人士，無法使用Google搜索，在使用Ctrl + C技能時是抓狂的；特別是當下Docker、Kubernetes等容器技術火熱的時代，很多的文檔、鏡像都需要訪問Google相關網站。

在此簡單介紹Centos7配置http代理和Docker pull時使用http代理

1、Centos7配置HTTP代理

1.1、安裝epel源和pip包管理

# yum install epel-release -y
# yum install python-pip -y

1.2、安裝Shadowsocks客戶端

# pip install shadowsocks

1.3、配置Shadowsocks連接

# mkdir /etc/shadowsocks
# vim /etc/shadowsocks/shadowsocks.json
{
"server":"x.x.x.x",  # Shadowsocks服務器地址
"server_port":1035,  # Shadowsocks服務器端口
"local_address": "127.0.0.1", # 本地IP
"local_port":1080,  # 本地端口
"password":"password", # Shadowsocks連接密碼
"timeout":300,  # 等待超時時間
"method":"aes-256-cfb",  # 加密方式
"fast_open": false,  # true或false。開啟fast_open以降低延遲，但要求Linux內核在3.7+
"workers": 1  #工作線程數 
}

注：Shadowsocks服務器地址、端口自行准備

1.4、啟動Shadowsocks

# /usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json

Centos7開機自啟腳本

# vim /etc/systemd/system/shadowsocks.service
[Unit]
Description=Shadowsocks
[Service]
TimeoutStartSec=0
ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
[Install]
WantedBy=multi-user.target

# systemctl enable shadowsocks.service
# systemctl start shadowsocks.service
# systemctl status shadowsocks.service

驗證代理是否可用

# curl --socks5 127.0.0.1:1080 http://httpbin.org/ip
正常應該返回Shadowsocks服務器地址

至此算是可以實現代理，但是每次訪問都需要帶上參數，是否可以每當訪問就可以代理而不需要手動添加參數呢？這個當然是可以的

2、安裝配置Privoxy

2.1、安裝Privoxy

# yum install privoxy -y

2.2、配置privoxy

# vim /etc/privoxy/config  ##修改如下參數
listen-address 127.0.0.1:8118 # 8118 是默認端口，不用改
forward-socks5t / 127.0.0.1:1080 . #轉發到本地端口，注意最后有個點

2.3、配置http、https代理

# vim  /etc/profile
PROXY_HOST=127.0.0.1
export all_proxy=http://$PROXY_HOST:8118
export ftp_proxy=http://$PROXY_HOST:8118
export http_proxy=http://$PROXY_HOST:8118
export https_proxy=http://$PROXY_HOST:8118
export no_proxy=localhost,172.16.0.0/16,192.168.0.0/16.,127.0.0.1,10.10.0.0/16

# source /etc/profile

2.4、測試代理

# curl -I www.google.com
HTTP/1.1 200 OK
Date: Fri, 21 Sep 2018 02:46:43 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2018-09-21-02; expires=Sun, 21-Oct-2018 02:46:43 GMT; path=/; domain=.google.com
Set-Cookie: NID=139=asr4pvtu-vqfmdfMyrtIEjQ7qYPBBEf-6p7DYMiz2HI1SLn81kWiXtc-G1nr9VUw_bq-bwxUMf5HnPKw9UXYx7VpTSVxKHsETJiW-NtjSWIEZDaOMs01UJe0KM7gfuzA; expires=Sat, 23-Mar-2019 02:46:43 GMT; path=/; domain=.google.com; HttpOnly
Transfer-Encoding: chunked
Accept-Ranges: none
Vary: Accept-Encoding
Proxy-Connection: keep-alive

3、Docker配置HTTP代理

通過上面步驟已經在Centos7上訪問google等網站，並下載一些資源包，但是在docker pull某些鏡像的時候（例如k8s.gcr.io/pause ）會發現還是無法pull鏡像，但是這個鏡像是在使用kubernetes必不可少

3.1、修改Docker配置

# mkdir /etc/systemd/system/docker.service.d
# vim  /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:8118"

3.2、重啟Docker服務

# systemctl daemon-reload
# systemctl restart docker
# docker info
Containers: 26
 Running: 15
 Paused: 0
 Stopped: 11
Images: 47
Server Version: 18.06.1-ce
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay weavemesh
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
 NodeID: j4i6athr04yfqhusrpx6mwkyf
 Is Manager: true
 ClusterID: vejlbon9n62xzznz7gc7lcem7
 Managers: 1
 Nodes: 3
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: 192.168.99.143
 Manager Addresses:
  192.168.99.143:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.796GiB
Name: docker01
ID: BYKL:LKWQ:32GB:DJJA:VU6V:RU7Q:EV7G:IJWZ:OYIP:SWXM:SWO7:WD3Y
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: http://127.0.0.1:8118
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors:
 https://so9gt83b.mirror.aliyuncs.com/
Live Restore Enabled: false

執行docker info 可以看到HTTP Proxy: http://127.0.0.1:8118 剛剛配置的http代理地址