I want to set up an HTTP proxy for Docker and the Amazon Elastic Container Service (Amazon ECS) container agent in Amazon Linux 2 or Amazon Linux 2023.
Resolution
To set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux 2 or Amazon Linux 2023, complete these steps.
Note: You can also set your environment variables during launch using Amazon Elastic Compute Cloud (Amazon EC2) user data with a user data script. For a user data script that works on all versions of Linux, see HTTP proxy configuration for Linux container instances.
If you're using Amazon Linux, see How do I set up an HTTP proxy for Docker and the Amazon ECS container agent in Amazon Linux?
Important: The Amazon Linux AMI (also called Amazon Linux 1) reached its end of life on December 31, 2023. It's a best practice to upgrade your applications to Amazon Linux 2023.
Store the IP address and proxy server port
To store the IP address and proxy server port, complete the following steps:
- Connect to the Amazon EC2 instance using SSH.
- As a root user, store the IP address and port of the proxy server for later use in environment variables. For example:
export PROXY_SERVER_IP=x.x.x.x
export PROXY_PORT=1234
Set up an HTTP proxy for the Docker daemon
To set up an HTTP proxy for the Docker daemon, complete the following steps:
-
Run the following commands with sudo permissions:
mkdir -p /etc/systemd/system/docker.service.d
cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT"
Environment="HTTPS_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT"
Environment="NO_PROXY=169.254.169.254,169.254.170.2"
EOF
Note: HTTP_PROXY is the socket address (IPaddress:Port) of the HTTP proxy that's used to connect the ECS container agent to the internet.
If the HTTP_PROXY variable is set, you must set the NO_PROXY variable to 169.254.169.254,169.254.170.2. This setting filters Amazon EC2 instance metadata, AWS Identity and Access Management (IAM) roles for tasks, and Docker daemon traffic from the proxy.
-
To reload units because of docker.service changing on disk, run the following command:
systemctl daemon-reload
-
To restart Docker, run the following command:
systemctl restart docker.service
Note: The previous command stops all running containers, including the ecs-agent on the ECS container instance.
-
To verify the HTTP proxy settings for Docker, run the following command:
docker info | grep -i proxy
Note: The command output shows the HTTP proxy and HTTPS proxy.
Set up an HTTP proxy for the container agent
To set up an HTTP proxy for the Docker daemon, complete the following steps:
-
In your existing /etc/ecs/ecs.config file, include the proxy configuration using the HTTP_PROXY and NO_PROXY agent configuration parameters. For example:
cat <<EOF > /etc/ecs/ecs.config
HTTP_PROXY=http://$PROXY_SERVER_IP:$PROXY_PORT
NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock
EOF
-
To apply the HTTP configurations from step 1 to the ecs-agent, run the following command:
systemctl restart ecs
Note: If you use an Amazon ECS optimized Amazon Machine Image (AMI), then the container agent runs through ecs-init by default.
-
To verify the HTTP proxy settings for Docker and the container agent, run the following command:
docker inspect ecs-agent | grep -i proxy
Note: The proxy settings appear in the command output.
Set up an HTTP proxy for ecs-init
To set up an HTTP proxy for ecs-init, complete the following steps:
-
Run the following commands with sudo permissions:
mkdir -p /etc/systemd/system/ecs.service.d
cat <<EOF > /etc/systemd/system/ecs.service.d/http-proxy.conf
[Service]
Environment="HTTPS_PROXY=$PROXY_SERVER_IP:$PROXY_PORT/"
Environment="NO_PROXY=169.254.169.254,169.254.170.2,/var/run/docker.sock"
EOF
-
To reload units because of docker.service changing on disk, run the following command:
systemctl daemon-reload
-
To apply the HTTP configurations from step 1 to the ecs-agent, run the following command:
systemctl restart ecs
Note: The configuration for both Docker and the container agent affects only the current running instance. To update all the instances in a cluster, create a launch configuration, and then use an Auto Scaling group to launch new instances.
Related information
Updating the Amazon ECS container agent
Bootstrapping container instances with Amazon EC2 user data