I want to use an HTTP proxy with an Amazon EC2 instance inside a private network with an Amazon EC2 Container Service cluster. How can I do this?

For Docker, you can create a http-proxy.conf file with the necessary environment variables and then restart the docker daemon. For the ECS agent, you can stop the agent and then restart it with a few additional parameters.

To set up an HTTP proxy for Docker, use the following instructions.

1.    Connect to the EC2 instance using SSH and run these commands:

Systemd

mkdir /etc/systemd/system/docker.service.d
cat < /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://PROXY_SERVER_IP:3128/" "HTTPS_PROXY=http://PROXY_SERVER_IP:3128/" "NO_PROXY=169.254.169.254,/var/run/docker.sock"
EOF

Note: PROXY_SERVER_IP is a placeholder; replace it with the IP address of your proxy server.

Init

cat < /etc/sysconfig/docker
[Service]
Environment="HTTP_PROXY=http://PROXY_SERVER_IP:3128/" "HTTPS_PROXY=http://PROXY_SERVER_IP:3128/" "NO_PROXY=169.254.169.254,/var/run/docker.sock"
EOF

2.    Restart Docker using this command:

Systemd

systemctl restart docker

Init

service docker restart

3.    Verify the HTTP proxy settings for Docker using this command:

docker info| grep -i proxy

You should now be able to see the HTTP proxy and HTTPS proxy in the results.

To set up an HTTP proxy for the ECS agent, use the following instructions.

1.    Stop the old ecs-agent container:

Note: If you are not using an ECS-optimized AMI, these steps do not apply. For more information, see Updating the Amazon ECS Container Agent.

sudo stop ecs

2.    Start the new container with these commands:

amazon/amazon-ecs-agent:latest
--env=ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=true \
--env=ECS_ENABLE_TASK_IAM_ROLE=true \
-e "NO_PROXY=169.254.169.254,/var/run/docker.sock" \
-e "https_proxy=http://PROXY_SERVER_IP:3128" \
-e "http_proxy=http://PROXY_SERVER_IP:3128" \
--env=ECS_DATADIR=/data \
--env=ECS_LOGLEVEL=info \
--env=ECS_LOGFILE=/log/ecs-agent.log \
--env=ECS_CLUSTER=CLUSTER_NAME \
--net=host \
--volume=/var/lib/ecs/data:/data \
--volume=/var/log/ecs/:/log \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--restart=on-failure:10 \
--detach=true \
docker run --name ecs-agent \

Note: CLUSTER_NAME is a placeholder; replace it with a preexisting cluster name.

3.    Verify the HTTP proxy settings for Docker and the ECS agent using this command:

docker inspect ecs-agent | grep –i proxy

You should now be able to see the HTTP proxy and HTTPS proxy in the results.

Note: Either of these configurations only take effect on a single instance. If you need to update all the instances in a cluster, consider creating a launch configuration and then use an Auto Scaling group to launch new instances.

Docker, ECS, HTTP proxy, Red Hat Enterprise Linux 7, RHEL, CentOS 6, ECS Optimized AMI


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-03-22