dev-proxy icon indicating copy to clipboard operation
dev-proxy copied to clipboard
verified publisher icon microsoft

How-to use Dev Proxy with apps running in a Docker container

Open waldekmastykarz opened this issue 2 years ago • 6 comments

Add a how to article that explains how to use Dev Proxy with apps running in a Docker container. Include two scenarios:

  • [x] Dev Proxy is running on the host
  • [ ] Dev Proxy is running in another container

waldekmastykarz avatar Dec 13 '23 09:12 waldekmastykarz

Usage with proxy running on the host and the app in a container is covered here: https://learn.microsoft.com/en-us/microsoft-cloud/dev/dev-proxy/how-to/use-dev-proxy-with-dotnet-docker?pivots=client-operating-system-windows

waldekmastykarz avatar Feb 20 '24 09:02 waldekmastykarz

I spent the last few days getting dev-proxy working in a docker compose setup, with one container calling through dev-proxy. Leaving this here for anyone else who finds their way here with Google.

The steps:

  • Generate the cert on the dev-proxy container with --install-cert and mount it to a docker volume
  • In any container that needs to proxy through the dev-proxy container, start it with an entrypoint script that first converts the rootCert.pfx file from the docker volume to a pem certificate, and then installs the cert in the trusted store with update-ca-certificates (ubuntu). This is necessary because the docker volume is only available at runtime.
  • Set the HTTPS_PROXY environment variable to the docker service running dev-proxy in docker-compose.yaml

Graph.Dockerfile to build dev-proxy container

FROM mcr.microsoft.com/dotnet/runtime-deps:8.0 AS setup
RUN apt -y update
RUN apt -y upgrade
RUN apt install -y curl unzip

USER app
WORKDIR /home/app

RUN curl -sL https://aka.ms/devproxy/setup.sh | bash
RUN /home/app/devproxy/devproxy msgraphdb

FROM mcr.microsoft.com/dotnet/runtime-deps:8.0 AS run

WORKDIR /home/app
USER app
COPY --from=setup /home/app/devproxy ./

CMD ["./devproxy", "--ip-address", "0.0.0.0", "--port", "80", "--config-file", "presets/m365.json", "--failure-rate", "0", "--install-cert"]

entrypoint.sh, in my dotnet app's container

#!/bin/bash
set -e

if ! test -f /usr/local/share/ca-certificates/dev-proxy-ca.crt; then
  openssl pkcs12 -in tls/rootCert.pfx -out /usr/local/share/ca-certificates/dev-proxy-ca.crt -nodes -password pass:
  update-ca-certificates
fi

exec dotnet "$@"

docker-compose overrides to add dev-proxy container and proxy though it

services:
  graph:
    build:
      dockerfile: Graph.Dockerfile
    expose:
      - 80
    stdin_open: true
    tty: true
    volumes:
      - tls:/home/app/dev-proxy

  api:
    build:
      target: dev
    environment:
      HTTPS_PROXY: http://graph
      HTTP_PROXY: http://graph
    depends_on:
      - graph
    volumes:
      - tls:/home/app/tls:ro

volumes:
  tls:

kirkedev avatar Sep 18 '24 14:09 kirkedev

This is awesome! Thank you so much for sharing! We'll look for ways to get it added to our docs for easier discovery

waldekmastykarz avatar Sep 18 '24 14:09 waldekmastykarz

@kirkedev thanks for this, can you tell me how did you arrive at

HTTPS_PROXY: http://graph
HTTP_PROXY: http://graph

this configuration. I don't fully understand how the packets are getting proxied from one container to another.

prakashnathjha avatar Oct 29 '24 05:10 prakashnathjha

@prakashnathjha Those are environment variables that dotnet's HttpClient will use as a default, application level proxy. They're more or less a standard by convention. A lot of other environments will use those too.

In the docker compose file they're pointing at the graph service, which is my dev proxy.

https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclient.defaultproxy?view=net-8.0

kirkedev avatar Oct 29 '24 14:10 kirkedev

Hey @kirkedev , thanks for the explanation. I was actually more confused about http://graph, was able to figure out ultimately. Thanks!

prakashnathjha avatar Oct 29 '24 14:10 prakashnathjha