How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2?

Last updated: 2020-08-20

I want to set up an HTTP proxy for Docker and the Amazon Elastic Container Service (Amazon ECS) container agent in Amazon Linux 2.

Short description

To set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2, complete the steps in the following sections:

  • Store the IP address and proxy server port
  • Set up an HTTP proxy for the Docker daemon
  • Set up an HTTP proxy for the Amazon ECS container agent
  • Set up an HTTP proxy for ecs-init

Note: You can also set your environment variables during launch using Amazon Elastic Compute Cloud (Amazon EC2) user data with a user data script. For a user data script that works on all versions of Linux, see HTTP proxy configuration.

If you're using Amazon Linux, see How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux?

Resolution

Store the IP address and proxy server port

1.    Connect to the Amazon EC2 instance using SSH.

2.    As a root user, store the IP address and port of the proxy server for later use in environment variables. For example:

export PROXY_SERVER_IP=x.x.x.x
export PROXY_PORT=1234

Set up an HTTP proxy for the Docker daemon

1.    Run the following commands with sudo permissions:

mkdir /etc/systemd/system/docker.service.d
cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT"
Environment="HTTPS_PROXY=https://$PROXY_SERVER_IP:$PROXY_PORT"
Environment="NO_PROXY=169.254.169.254,169.254.170.2"
EOF

Note: HTTP_PROXY is the socket address (IPaddress:Port) of the HTTP proxy that's used to connect the Amazon ECS container agent to the internet.

If the HTTP_PROXY variable is set, you must set the NO_PROXY variable to 169.254.169.254,169.254.170.2. This setting filters Amazon EC2 instance metadata, AWS Identity and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.

2.    To reload units because of docker.service changing on disk, run the following command:

systemctl daemon-reload

3.    To restart Docker, run the following command:

systemctl restart docker.service

Note: The preceding command stops all running containers, including the ecs-agent on the container instance.

4.    To verify the HTTP proxy settings for Docker, run the following command:

docker info | grep -i proxy

Note: The command output shows the HTTP proxy and HTTPS proxy.

Set up an HTTP proxy for the Amazon ECS container agent

1.    In your /etc/ecs/ecs.config file, include the proxy configuration using the HTTP_PROXY and NO_PROXY agent configuration parameters. For example:

cat <<EOF >> /etc/ecs/ecs.config
ECS_CLUSTER=your-cluster-name
HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
EOF

2.    To apply the HTTP configurations from step 1 to the ecs-agent, run the following command:

systemctl restart ecs

Note: If you're using an Amazon ECS-optimized Amazon Machine Image (AMI), then the Amazon ECS container agent is run through ecs-init by default.

3.    To verify the HTTP proxy settings for Docker and the Amazon ECS container agent, run the following command:

docker inspect ecs-agent | grep -i proxy

Note: The proxy settings appear in the command output.

Set up an HTTP proxy for ecs-init

1.    Run the following commands with sudo permissions:

mkdir /etc/systemd/system/ecs.service.d
cat <<EOF > /etc/systemd/system/ecs.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=$PROXY_SERVER_IP:$PROXY_PORT/"
Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock"
EOF

2.    To reload units because of docker.service changing on disk, run the following command:

systemctl daemon-reload

3.    To apply the HTTP configurations from step 1 to the ecs-agent, run the following command:

systemctl restart ecs

Note: The configuration for both Docker and the Amazon ECS container agent affects only the current running instance. To update all the instances in a cluster, create a launch configuration, and then use an Auto Scaling group to launch new instances.