How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux?

4 minute read
0

I want to set up an HTTP proxy for Docker and the Amazon Elastic Container Service (Amazon ECS) container agent in Amazon Linux.

Short description

Take the following actions:

  • Store the IP address and proxy server port.
  • Set up an HTTP proxy for the Docker daemon.
  • Set up an HTTP proxy for the Amazon ECS container agent.
  • Set up an HTTP proxy for ecs-init. For more information, see amazon-ecs-init on the GitHub website.

Note: You can also use Amazon Elastic Compute Cloud (Amazon EC2) user data that has a user data script to set your environment variables during launch. For a user data script that works on all versions of Linux, see Using an HTTP proxy for Amazon ECS Linux container instances.

If you use Amazon Linux 2 or Amazon Linux 2023, then see How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2 or Amazon Linux 2023?
Note: Amazon Linux 1 Amazon Machine Image (AMI) reached its end of life. It's a best practice to migrate to Amazon Linux 2 or Amazon Linux 2023 AMIs. For more information, see Amazon Linux AMI FAQs.

Resolution

Store the IP address and proxy server port

Complete the following steps:

  1. Use SSH to connect to the Amazon EC2 instance.
  2. As a root user, note the IP address and port of the proxy server to use later in the environment variables:
    export PROXY_SERVER_IP=x.x.x.xexport PROXY_PORT=1234

Set up an HTTP proxy for the Docker daemon

Complete the following steps:

  1. Run the following commands with sudo permissions:

    cat <<EOF >> /etc/sysconfig/docker
    export HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
    export HTTPS_PROXY=https://$PROXY_SERVER_IP:$PROXY_PORT
    export NO_PROXY=169.254.169.254,169.254.170.2EOF

    Note: HTTP_PROXY is the socket address (IPaddress:Port) of the HTTP proxy that's used to connect the Amazon ECS container agent to the internet.

    If the HTTP_PROXY variable is set, then you must set the NO_PROXY variable to 169.254.169.254,169.254.170.2. This setting filters Amazon EC2 instance metadata, AWS Identity and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.

  2. To restart Docker, run the following command:

    service docker restart

    Note: The preceding command stops all running containers. For example, it stops the ecs-agent on the container instance.

  3. To check the HTTP proxy settings for Docker, run the following command:

    docker info | grep -i proxy

    Note: The command output shows the HTTP proxy and HTTPS proxy.

Set up an HTTP proxy for the Amazon ECS container agent

Complete the following steps:

  1. In your /etc/ecs/ecs.config file, add the HTTP_PROXY and NO_PROXY agent configuration parameters.
    Example:

    cat <<EOF >> /etc/ecs/ecs.config
    ECS_CLUSTER=your-cluster-name
    HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
    NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
    EOF
  2. To apply the HTTP proxy configurations to the ecs-agent, run the following command:

    sudo start ecs

    Note: If you use an Amazon ECS optimized AMI, then the Amazon ECS container agent runs through ecs-init by default.

  3. To check the HTTP proxy settings for Docker and the Amazon ECS container agent, run the following command:

    docker inspect ecs-agent | grep -i proxy

Note: The proxy settings appear in the command output.

Set up an HTTP proxy for ecs-init

Run the following commands with sudo permissions:

cat <<EOF > /etc/init/ecs.override
env HTTP_PROXY=$PROXY_SERVER_IP:$PROXY_PORT
env NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
EOF

Note: The configuration for both Docker and the Amazon ECS container agent affects only the current instance. To update all the instances in a cluster, create a launch configuration with user data, and use an Auto Scaling group to launch new instances.

Related information

Updating the Amazon ECS container agent

Bootstrapping container instances to pass data

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago