I want to use an HTTP proxy with an Amazon Elastic Compute Cloud (Amazon EC2) Linux instance in a private network with an Amazon Elastic Container Service (Amazon ECS) cluster. How can I do this?

For Docker, create an http-proxy.conf file with the necessary environment variables, and then restart the Docker daemon. For the Amazon ECS container agent, stop and then restart the agent with additional parameters.

Set up an HTTP proxy for Docker

1.    Connect to the Amazon EC2 instance using SSH, and then run either the systemd or init command:

Systemd:

mkdir /etc/systemd/system/docker.service.d
cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://PROXY_SERVER_IP:3128/"
Environment="HTTPS_PROXY=http://PROXY_SERVER_IP:3128/"
Environment="NO_PROXY=169.254.169.254,/var/run/docker.sock"
EOF

Note: Replace the PROXY_SERVER_IP placeholder with the IP address of your proxy server.

Init:

cat <<EOF > /etc/sysconfig/docker
[Service]
Environment="HTTP_PROXY=http://PROXY_SERVER_IP:3128/"
Environment="HTTPS_PROXY=http://PROXY_SERVER_IP:3128/"
Environment="NO_PROXY=169.254.169.254,/var/run/docker.sock"
EOF

2.    To restart Docker, run either the systemd or init command:

Systemd:

systemctl restart docker

Init:

service docker restart

3.    To verify the HTTP proxy settings for Docker, run the following command:

docker info| grep -i proxy

Note: The command output shows the HTTP proxy and HTTPS proxy.

Set up an HTTP proxy for the Amazon ECS container agent

1.    To start the Amazon ECS container agent, run the following commands:  

docker run --name ecs-agent \
--env=ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=true \
--env=ECS_ENABLE_TASK_IAM_ROLE=true \
--env "NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock" \
--env "https_proxy=http://PROXY_SERVER_IP:PORT" \
--env "http_proxy=http://PROXY_SERVER_IP:PORT" \
--env=ECS_DATADIR=/data \
--env=ECS_LOGLEVEL=info \
--env=ECS_LOGFILE=/log/ecs-agent.log \
--env=ECS_CLUSTER=CLUSTER_NAME \
--net=host \
--volume=/var/lib/ecs/data:/data \
--volume=/var/log/ecs/:/log \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--restart=on-failure:10 \
--detach=true \
amazon/amazon-ecs-agent:latest

Note: Replace the CLUSTER_NAME placeholder and the PROXY_SERVER_IP:PORT placeholder with a name and port that you want to use.

2.    To verify the HTTP proxy settings for Docker and the Amazon ECS container agent, run the following command:

docker inspect ecs-agent | grep –i proxy

The HTTP proxy and HTTPS proxy appear in the command output.

Note: The configuration for both Docker and the Amazon ECS container agent affects only a single instance. To update all the instances in a cluster, create a launch configuration, and then use an Auto Scaling group to launch new instances.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-03-22

Updated: 2019-01-10