I want to use an HTTP proxy with an Amazon Elastic Compute Cloud (Amazon EC2) Linux instance inside a private network with an Amazon Elastic Container Service (Amazon ECS) cluster. How can I do this?

For Docker, you can create an http-proxy.conf file with the necessary environment variables. Then, restart the Docker daemon. For the ECS agent, you can stop the agent. Then, you can restart it with a few additional parameters.

Set up an HTTP proxy for Docker

1. Connect to the EC2 instance using SSH. Then, run these commands:

Systemd

mkdir /etc/systemd/system/docker.service.d
cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://PROXY_SERVER_IP:3128/" "HTTPS_PROXY=http://PROXY_SERVER_IP:3128/" "NO_PROXY=169.254.169.254,/var/run/docker.sock"
EOF

Note: PROXY_SERVER_IP is a placeholder. Replace it with the IP address of your proxy server.

Init

cat <<EOF > /etc/sysconfig/docker
[Service]
Environment="HTTP_PROXY=http://PROXY_SERVER_IP:3128/" "HTTPS_PROXY=http://PROXY_SERVER_IP:3128/" "NO_PROXY=169.254.169.254,/var/run/docker.sock"
EOF

2. Restart Docker using either of these commands:

Systemd

systemctl restart docker

Init

service docker restart

3. Verify the HTTP proxy settings for Docker using this command:

docker info| grep -i proxy

Now you can see the HTTP proxy and HTTPS proxy in the results.

Set up an HTTP proxy for the ECS agent

1. Start the ECS agent container with these commands:

docker run --name ecs-agent \
--env=ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=true \
--env=ECS_ENABLE_TASK_IAM_ROLE=true \
--env "NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock" \
--env "https_proxy=http://PROXY_SERVER_IP:PORT" \
--env "http_proxy=http://PROXY_SERVER_IP:PORT" \
--env=ECS_DATADIR=/data \
--env=ECS_LOGLEVEL=info \
--env=ECS_LOGFILE=/log/ecs-agent.log \
--env=ECS_CLUSTER=CLUSTER_NAME \
--net=host \
--volume=/var/lib/ecs/data:/data \
--volume=/var/log/ecs/:/log \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--restart=on-failure:10 \
--detach=true \
amazon/amazon-ecs-agent:latest

Note: CLUSTER_NAME and PROXY_SERVER_IP:PORT are placeholders. Replace them with a preexisting cluster name and Proxy IP:Port.

2. Verify the HTTP proxy settings for Docker and the ECS agent using this command:

docker inspect ecs-agent | grep –i proxy

Now you can see the HTTP proxy and HTTPS proxy in the results.

Note: Either configuration affects only a single instance. To update all the instances in a cluster, create a launch configuration. Then, use an Auto Scaling group to launch new instances.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-03-22

Updated: 2018-03-22