How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Enterprise Linux for Amazon Linux?

Last updated: 2019-09-26

How do I set up an HTTP proxy for Docker and the Amazon Elastic Container Service (Amazon ECS) container agent in Amazon Linux?

Short Description

Complete the following:

  • Set up an HTTP proxy for the Docker daemon
  • Set up an HTTP proxy for the Amazon ECS container agent

Note: You can also set your environment variables during launch using Amazon Elastic Compute Cloud (Amazon EC2) user data with a user data script. For a user data script that works on all versions of Linux, see HTTP Proxy Configuration.

If you're not using Amazon Linux, see How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Enterprise Linux for Amazon Linux 2?

Resolution

Set up an HTTP proxy for the Docker daemon

1.    Connect to the Amazon EC2 instance using SSH.

Note: Replace the PROXY_SERVER_IP placeholder with the IP or hostname of your proxy server. Replace the port (3128) if the HTTP proxy in your environment uses a different port.

cat <<EOF >> /etc/sysconfig/docker
export HTTP_PROXY=http://PROXY_SERVER_IP:3128
export HTTPS_PROXY=http://PROXY_SERVER_IP:3128
export NO_PROXY=169.254.169.254,169.254.170.2
EOF

Note: HTTP_PROXY is the socket address (IPaddress:Port) of the HTTP proxy that's used to connect the Amazon ECS container agent to the internet.

If the HTTP_PROXY variable is set, you must set the NO_PROXY variable to 169.254.169.254,169.254.170.2. This setting filters Amazon EC2 instance metadata, AWS Identity and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.

2.    To restart Docker, run the following command:

service docker restart

Note: The preceding command stops all running containers, including the ecs-agent on the container instance.

3.    To verify the HTTP proxy settings for Docker, run the following command:

docker info | grep -i proxy

Note: The command output shows the HTTP proxy and HTTPS proxy.

Set up an HTTP proxy for the Amazon ECS container agent

1.    To remove the container named ecs-agent, run the following command:

docker rm ecs-agent

2.    To start the Amazon ECS container agent, run the following commands:

docker run --name ecs-agent \
--env "NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock" \
--env "HTTPS_PROXY=http://PROXY_SERVER_IP:3128" \
--env "HTTP_PROXY=http://PROXY_SERVER_IP:3128" \
--detach=true \
--restart=on-failure:10 \
--volume=/var/run:/var/run \
--volume=/var/log/ecs/:/log \
--volume=/var/lib/ecs/data:/data \
--volume=/etc/ecs:/etc/ecs \
--net=host \
--env-file=/etc/ecs/ecs.config \
amazon/amazon-ecs-agent:latest

Note: Replace the PROXY_SERVER_IP placeholder with the IP or hostname of your proxy server. Replace the port (3128) if the HTTP proxy in your environment uses a different port.

3.    To verify the HTTP proxy settings for Docker and the Amazon ECS container agent, run the following command:

docker inspect ecs-agent | grep -i proxy

The HTTP proxy and HTTPS proxy appear in the command output.

Note: The configuration for both Docker and the Amazon ECS container agent affects only a single instance. To update all the instances in a cluster, create a launch configuration, and then use an Auto Scaling group to launch new instances.


Did this article help you?

Anything we could improve?


Need more help?