I want to set up an HTTP proxy for Docker and the Amazon Elastic Container Service (Amazon ECS) container agent in Amazon Linux.
Short description
Take the following actions:
- Store the IP address and proxy server port.
- Set up an HTTP proxy for the Docker daemon.
- Set up an HTTP proxy for the Amazon ECS container agent.
- Set up an HTTP proxy for ecs-init. For more information, see amazon-ecs-init on the GitHub website.
Note: You can also use Amazon Elastic Compute Cloud (Amazon EC2) user data that has a user data script to set your environment variables during launch. For a user data script that works on all versions of Linux, see Using an HTTP proxy for Amazon ECS Linux container instances.
If you use Amazon Linux 2 or Amazon Linux 2023, then see How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2 or Amazon Linux 2023?
Note: Amazon Linux 1 Amazon Machine Image (AMI) reached its end of life. It's a best practice to migrate to Amazon Linux 2 or Amazon Linux 2023 AMIs. For more information, see Amazon Linux AMI FAQs.
Resolution
Store the IP address and proxy server port
Complete the following steps:
- Use SSH to connect to the Amazon EC2 instance.
- As a root user, note the IP address and port of the proxy server to use later in the environment variables:
export PROXY_SERVER_IP=x.x.x.xexport PROXY_PORT=1234
Set up an HTTP proxy for the Docker daemon
Complete the following steps:
-
Run the following commands with sudo permissions:
cat <<EOF >> /etc/sysconfig/docker
export HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
export HTTPS_PROXY=https://$PROXY_SERVER_IP:$PROXY_PORT
export NO_PROXY=169.254.169.254,169.254.170.2EOF
Note: HTTP_PROXY is the socket address (IPaddress:Port) of the HTTP proxy that's used to connect the Amazon ECS container agent to the internet.
If the HTTP_PROXY variable is set, then you must set the NO_PROXY variable to 169.254.169.254,169.254.170.2. This setting filters Amazon EC2 instance metadata, AWS Identity and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.
-
To restart Docker, run the following command:
service docker restart
Note: The preceding command stops all running containers. For example, it stops the ecs-agent on the container instance.
-
To check the HTTP proxy settings for Docker, run the following command:
docker info | grep -i proxy
Note: The command output shows the HTTP proxy and HTTPS proxy.
Set up an HTTP proxy for the Amazon ECS container agent
Complete the following steps:
-
In your /etc/ecs/ecs.config file, add the HTTP_PROXY and NO_PROXY agent configuration parameters.
Example:
cat <<EOF >> /etc/ecs/ecs.config
ECS_CLUSTER=your-cluster-name
HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
EOF
-
To apply the HTTP proxy configurations to the ecs-agent, run the following command:
sudo start ecs
Note: If you use an Amazon ECS optimized AMI, then the Amazon ECS container agent runs through ecs-init by default.
-
To check the HTTP proxy settings for Docker and the Amazon ECS container agent, run the following command:
docker inspect ecs-agent | grep -i proxy
Note: The proxy settings appear in the command output.
Set up an HTTP proxy for ecs-init
Run the following commands with sudo permissions:
cat <<EOF > /etc/init/ecs.override
env HTTP_PROXY=$PROXY_SERVER_IP:$PROXY_PORT
env NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
EOF
Note: The configuration for both Docker and the Amazon ECS container agent affects only the current instance. To update all the instances in a cluster, create a launch configuration with user data, and use an Auto Scaling group to launch new instances.
Related information
Updating the Amazon ECS container agent
Bootstrapping container instances to pass data