Docker swarm mode not picking up proxy configuration

My corporation (hospital) network is behind a proxy. I configured the docker client to use this proxy according to the official documentation. And this works as expected when running a container directly or when starting multiple containers via docker compose. I also can see there that environment variables like $HTTP_PROXY are correctly set inside the containers, and internet access is available.
But when creating a service using Docker swarm mode with docker service create (test-wise using only one swarm node), then the proxy configuration is ignored, and containers don’t have those proxy environment variables set. Do I have to add an extra step to tell swarm mode to pick up the proxies configuration?

My output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.9.1-docker)
  compose: Docker Compose (Docker Inc., v2.12.2)
  scan: Docker Scan (Docker Inc., v0.21.0)

Server:
 Containers: 12
  Running: 12
  Paused: 0
  Stopped: 0
 Images: 33
 Server Version: 20.10.21
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: active
  NodeID: w9mihkuv5mc2pttzk99x688x6
  Is Manager: true
  ClusterID: lfed819tu2dgj3n35gbugsbis
  Managers: 1
  Nodes: 1
  Default Address Pool: 10.0.0.0/8  
  SubnetSize: 24
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
  Raft:
   Snapshot Interval: 10000
   Number of Old Snapshots to Retain: 0
   Heartbeat Tick: 1
   Election Tick: 10
  Dispatcher:
   Heartbeat Period: 5 seconds
  CA Configuration:
   Expiry Duration: 3 months
   Force Rotate: 0
  Autolock Managers: false
  Root Rotation In Progress: false
  Node Address: 161.42.235.115
  Manager Addresses:
   161.42.235.115:2377
 Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 4.15.0-197-generic
 Operating System: Ubuntu 18.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.66GiB
 Name: RADIA-ADITAPP02
 ID: H2HA:NA4N:N7OB:VR6W:IMAV:BC4L:LPSB:VU2B:A2L4:4DKU:JM3L:3WCH
 Docker Root Dir: /mnt/sdb/docker
 Debug Mode: false
 HTTP Proxy: xxx:xxx@xxx:8080
 HTTPS Proxy: xxx:xxx@xxx:8080
 No Proxy: xxx
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

And my proxies configuration in ~/.docker/config.json:

{
  "proxies": {
    "default": {
      "httpProxy": "http://xxx:xxx@xxx:8080",
      "httpsProxy": "http://xxx:xxx@xxx:8080",
      "noProxy": "xxx"
    }
  }
}

I have the same exact issue. Proxy configuration works when running containers with docker run, but the environment variables aren’t passed down to containers running in swarm.

1 Like

Hello,
I have the same issue as well.
Has anybody of you found a solution?

A simple solution is just to set the environment variables (http_proxy, HTTP_PROXY, https_proxy, HTTPS_PROXY) yourself (see https://docs.docker.com/network/proxy/#configure-the-docker-client). I am using a .env file for this. This is the thing that Docker Compose normally does, but Swarm mode doesn’t. So quite easy to work around this.

same same here, any update?

yes, it appears the configuration Configure the daemon with systemd | Docker Docs (/etc/systemd/system/docker.service.d/http-proxy.conf) is only used by docker itself to pull images

Yes, the Daemon proxy configuration has no effect here but makes sure images can be pulled from the Docker Repostory. All in all it’s quite confusing. Here is what I found out:

  • Proxies in ~/.docker/config.json (see documenation) are used when building an image from a Dockerfile.
  • Those settings in this file are also used for Docker Compose and are set as environment variables inside the started containers (e.g. $http_proxy, $HTTP_PROXY, …)
  • Those settings are also used when building an Image for Docker Swarm.
  • But there are no proxy environment variables automatically set in containers that are started by Docker Swarm.
  • A workaround is to set those proxy environment variables manually (e.g. by using an env file).

I would not expect a proxy env var to be automatically set just because the orchestration tool is using it. I would say this is by design.

As you write, you can manually set the env var for it to be available within the container.