docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon docker

Document how to configure CA certificate(s) for HTTP proxies

Open cocowalla opened this issue 3 years ago • 1 comments

File: network/proxy.md

Most corporate HTTP proxies use a self-signed CA certificate, allowing traffic interception. However, the Docker proxy docs make no mention of certificates.

AFAIK, for such proxies to work you need to install the certificate inside each and every container, which is a huge PITA. It would be great to have officially sanctioned methods documented.

cocowalla avatar Feb 01 '22 11:02 cocowalla

You can work with a self-signed CA - just create a new image that has the custom CA in the trust store.

FROM registry:2

COPY ca.pem /usr/local/share/ca-certificates/my-ca.crt
RUN chmod 644 /usr/local/share/ca-certificates/my-ca.crt && update-ca-certificates

However, any ideas on how to use client certificates for the proxy authentication when the main registry is configured with clientcas?

teodorkostov-es avatar Sep 29 '22 15:09 teodorkostov-es

There hasn't been any activity on this issue for a long time. If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment. If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.

Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

docker-robott avatar Jan 04 '23 01:01 docker-robott

Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

/lifecycle locked

docker-robott avatar Feb 17 '23 03:02 docker-robott