Issues with proxy and self-signed CA certs

Docker Desktop
1

Expected behavior

I’m able to pull images from the public docker repository with Docker for Mac while using a corporate proxy which also re-signs SSL certificates (Aka a corporate MITM attack).

Actual behavior

Example:

$ docker pull debian Using default tag: latest Pulling repository docker.io/library/debian Error while pulling image: Get https://index.docker.io/v1/repositories/library/debian/images: dial tcp x.x.x.x:443: getsockopt: connection refused

I have tried numerous things I’ve found in the forums which suggest using screen to attach to the docker for mac vm and configuring the proxy and SSL. I’m also aware the latest beta13 update should take into account my Mac’s system proxy settings.

I have tried the following to no avail inside the VM:

  • Running export http_proxy=myproxy.mycompany.com:80 && export https_proxy=$http_proxy
  • Downloading my Corporate CA certificates and appending them to /etc/ssl/certs/ca-certificates.crt
  • Running ln -s /etc/ssl/certs/ca-certificates.crt /etc/docker/certs.d/mydomain.co
    m:5000/ca-certificates.crt

After trying each of these, I run a service docker restart inside the Docker for mac vm, and try to run the following command on my mac:

docker pull debian and get the same error:
$ docker pull debian Using default tag: latest Pulling repository docker.io/library/debian Error while pulling image: Get https://index.docker.io/v1/repositories/library/debian/images: dial tcp x.x.x.x:443: getsockopt: connection refused

When I do a curl https://google.com inside the docker for mac vm, I get back a satisfactory result.

I’m a bit stuck! Any ideas will help.

Information

  • the output of:
    • pinata diagnose -u on OSX

OS X: version 10.11.5 (build: 15F34) Docker.app: version v1.11.1-beta13 Running diagnostic tests: [OK] Moby booted [OK] driver.amd64-linux [OK] vmnetd [OK] osxfs [OK] db [OK] slirp [OK] menubar [OK] environment [OK] Docker [OK] VT-x Docker logs are being collected into /tmp/20160527-083330.tar.gz Most specific failure is: No error was detected Your unique id is: 74F0F1B4-0A11-4B4C-863C-0F4A4B73E97E Please quote this in all correspondence.

  • host distribution and version ( OSX 10.10.x, OSX 10.11.x, Windows, etc ) - OS X 10.11.5

Steps to reproduce the behavior

2 Likes