How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2 or Amazon Linux 2023?

4 minute read
1

I want to set up an HTTP proxy for Docker and the Amazon Elastic Container Service (Amazon ECS) container agent in Amazon Linux 2 or Amazon Linux 2023.

Resolution

To set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2 or Amazon Linux 2023, complete these steps.

Note: You can also set your environment variables during launch using Amazon Elastic Compute Cloud (Amazon EC2) user data with a user data script. For a user data script that works on all versions of Linux, see HTTP proxy configuration for Linux container instances.

If you're using Amazon Linux, see How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux?

Important: The Amazon Linux AMI (also called Amazon Linux 1) reached its end of life on December 31, 2023. It's a best practice to upgrade your applications to Amazon Linux 2023.

Store the IP address and proxy server port

To store the IP address and proxy server port, complete the following steps:

  1. Connect to the Amazon EC2 instance using SSH.
  2. As a root user, store the IP address and port of the proxy server for later use in environment variables. For example:
    export PROXY_SERVER_IP=x.x.x.x
    export PROXY_PORT=1234

Set up an HTTP proxy for the Docker daemon

To set up an HTTP proxy for the Docker daemon, complete the following steps:

  1. Run the following commands with sudo permissions:

    mkdir -p /etc/systemd/system/docker.service.d
    cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
    [Service]
    Environment="HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT"
    Environment="HTTPS_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT"
    Environment="NO_PROXY=169.254.169.254,169.254.170.2"
    EOF

    Note: HTTP_PROXY is the socket address (IPaddress:Port) of the HTTP proxy that's used to connect the ECS container agent to the internet.

    If the HTTP_PROXY variable is set, you must set the NO_PROXY variable to 169.254.169.254,169.254.170.2. This setting filters Amazon EC2 instance metadata, AWS Identity and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.

  2. To reload units because of docker.service changing on disk, run the following command:

    systemctl daemon-reload
  3. To restart Docker, run the following command:

    systemctl restart docker.service

    Note: The previous command stops all running containers, including the ecs-agent on the ECS container instance.

  4. To verify the HTTP proxy settings for Docker, run the following command:

    docker info | grep -i proxy

    Note: The command output shows the HTTP proxy and HTTPS proxy.

Set up an HTTP proxy for the container agent

To set up an HTTP proxy for the Docker daemon, complete the following steps:

  1. In your existing /etc/ecs/ecs.config file, include the proxy configuration using the HTTP_PROXY and NO_PROXY agent configuration parameters. For example:

    cat <<EOF > /etc/ecs/ecs.config
    HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
    NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
    EOF
  2. To apply the HTTP configurations from step 1 to the ecs-agent, run the following command:

    systemctl restart ecs

    Note: If you use an Amazon ECS optimized Amazon Machine Image (AMI), then the container agent runs through ecs-init by default.

  3. To verify the HTTP proxy settings for Docker and the container agent, run the following command:

    docker inspect ecs-agent | grep -i proxy

    Note: The proxy settings appear in the command output.

Set up an HTTP proxy for ecs-init

To set up an HTTP proxy for ecs-init, complete the following steps:

  1. Run the following commands with sudo permissions:

    mkdir -p /etc/systemd/system/ecs.service.d
    cat <<EOF > /etc/systemd/system/ecs.service.d/http-proxy.conf
    [Service]
    Environment="HTTPS_PROXY=$PROXY_SERVER_IP:$PROXY_PORT/"
    Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock"
    EOF
  2. To reload units because of docker.service changing on disk, run the following command:

    systemctl daemon-reload
  3. To apply the HTTP configurations from step 1 to the ecs-agent, run the following command:

    systemctl restart ecs

    Note: The configuration for both Docker and the container agent affects only the current running instance. To update all the instances in a cluster, create a launch configuration, and then use an Auto Scaling group to launch new instances.

Related information

Updating the Amazon ECS container agent

Bootstrapping container instances with Amazon EC2 user data

AWS OFFICIAL
AWS OFFICIALUpdated 6 months ago