Connect to the internet from a Windows container behind a http proxy

dogtail9 · February 13, 2018, 8:13am

I actually solved this problem.

I exported the registry from one of my servers that had the proxy settings to a reg-file.

Export the key [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] to a file called proxy.reg. Then in your Dockerfile add the following lines.

COPY ./proxy.reg .
RUN regedit.exe -S proxy.reg

It turns out that Windows actually reads the values for the proxy from the [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] key in the registry. This key is created when you click the OK/Apply button in the proxy config dialog in Internet Explorer (hard to do in a container)

function Add-ProxySettings {
    Param(
        [Parameter(Mandatory=$False)]
        [String]$Proxy
        ,
        [Parameter(Mandatory=$False)]
        [String]$BypassProxy
    )  
    
    Write-Host "Setting Proxy To: " $Proxy;
    Write-Host "Setting bypass list to: " $BypassProxy;
    
    [String] $start =  [System.Text.Encoding]::ASCII.GetString([byte[]](70, 0, 0, 0, 25, 0, 0, 0, 3, 0, 0, 0, 29, 0, 0, 0 ), 0, 16);
    [String] $endproxy = [System.Text.Encoding]::ASCII.GetString([byte[]]( 233, 0, 0, 0 ), 0, 4);
    [String] $end = [System.Text.Encoding]::ASCII.GetString([byte[]]( 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), 0, 36);
    
    [String] $text = "$($start)$($Proxy)$($endproxy)$($BypassProxy)$($end)";

    [byte[]] $data = [System.Text.Encoding]::ASCII.GetBytes($text);
    $regKeyConnections = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
    Set-ItemProperty -Path $regKeyConnections -Name "DefaultConnectionSettings" -Value $data
 
    Get-ItemProperty -Path $regKeyConnections
}

I made an attempt to create a powershell script that sets the encoded registry settings as well. Use it with cousion, I have not used this in production yet. And yes, this only works in the WindowsServerCore image. The NanoServer images does not have the Internet Explorer installed so the registry keys do not exists. If you want to use tha NanoServer image you have to find another solution.

My company also has its own CA so I had to add our root-certificate to the container to get SSL to work for internal https requests. You can do that with the following line in the Dockerfile.

RUN Import-Certificate -FilePath CorpRootCert.der -CertStoreLocation Cert:\LocalMachine\Root

I hope this helps because I spended several days to figure this one out.

/Christer

Topic		Replies	Views
No Internet Connectivity in docker-windows container General docker , windows	1	53	January 16, 2025
Configure http proxy? Windows Server 2016	5	9294	May 15, 2020
Http proxy configuration - running behind a corporate proxy Docker Desktop windows	14	60214	March 25, 2019
Docker for Windows Proxy with WSL2 Docker Desktop docker	0	2529	November 8, 2019
Internet connectivity in containers behind corporate proxy General	3	14115	November 21, 2016

Connect to the internet from a Windows container behind a http proxy

Related topics