Transparent caching proxy server for Docker containers, run in a Docker
container. It can speed up the dependency-fetching part of your application
Instructions for Use
First check out the code. Then build with:
sudo docker build -t docker-proxy .
Then run with:
The script will start the container and set up the appropriate
routing rules. Your other Docker containers will automatically use
the proxy, whether or not they were already running. When you are finished,
just press <kbd>Ctrl</kbd><kbd>C</kbd> to stop the proxy.
NOTE: This project is not designed to be run with a simple
docker run - it
run.sh to be run on the docker host, so it can adjust the
routing rules. You will need to check this code out
run.sh on the host. For OS X, that's on your boot2docker,
Docker Machine or similar host). To start under Docker Machine on OS X:
docker-machine scp run.sh default:/home/docker/run.sh docker-machine ssh default sh ./run.sh
run.sh will fire up a Docker container running Squid, with
appropriate firewall rules in place for transparent proxying. It will also
configure port-based routing on the main host such that any traffic from a
Docker container to port 80 routes via the transparent proxy container. It
sudo access to perform the firewall changes, and it will prompt you
for your password as appropriate.
run.sh is designed to run in the foreground, because when the
container terminates it needs to remove the rules that were redirecting the
If you want to see Squid in operation, you can (in another terminal) attach
docker-proxy container - it is tailing the access log, so will show a
record of requests made.
The proxy server supports HTTPS caching via Squid's SSL Bump feature. To
enable it, start with:
The server will decrypt traffic from the server and encrypt it again using its
own root certificate. HTTPS connections from your other Docker containers will
fail until you install the root certificate. To install it:
- Install the
ca-certificatespackage (Debian/Ubuntu images)
Those steps can be performed in a running container (for testing), or you can
add them to your
detect-proxy.sh can be run after you install
your OS packages with apt, because apt shouldn't need HTTPS. However, adding
add-apt-repository will fail until the certificate is installed. See
test/Dockerfile for an example.
Some programs don't use the OS's primary key store, such as
You may need to take extra steps for those programs.
To test HTTPS support, do this in another console after starting the proxy:
cd test sudo docker build -t test-proxy . sudo docker run --rm test-proxy # Should print "All tests passed"
This proxy configuration is intended to be used solely to speed
up development of Docker applications. Do not attempt to use this to
eavesdrop on other people's connections.
There exists a real possibility this script will break your
rules in some unexpected way. Be aware that if things go wrong, the potential
exists for all containers to lose the ability to download anything.