From 26aee2e64a20ac39d932c1cf39fb3316286ee6be Mon Sep 17 00:00:00 2001
From: Akos Dudas <akos.dudas@outlook.com>
Date: Wed, 23 Jun 2021 10:17:32 +0200
Subject: [PATCH] Instructions for Windows Docker Desktop (#95)

* Instructions for Windows Docker Desktop

* Typo in doc: add missing word
---
 Docker-Desktop-Windows.md | 66 +++++++++++++++++++++++++++++++++++++++
 README.md                 |  8 ++---
 2 files changed, 70 insertions(+), 4 deletions(-)
 create mode 100644 Docker-Desktop-Windows.md

diff --git a/Docker-Desktop-Windows.md b/Docker-Desktop-Windows.md
new file mode 100644
index 0000000..f733bf3
--- /dev/null
+++ b/Docker-Desktop-Windows.md
@@ -0,0 +1,66 @@
+# Configure Docker Desktop on Windows to use the proxy and trust its certificate
+
+1. Let's say you set up the proxy on host `192.168.66.72`. Get the certificate using a browser (go to <http://192.168.66.72:3128/ca.crt>) and save it as a file (e.g., to `d:\ca.crt`)
+
+1. Add the certificate to Windows:
+
+   1. Double click the certificate
+   1. Chose to _Install certificate..._, then click _Next_
+   1. Chose _Current user_, then click _Next_
+   1. Select option _Place all certificates in the following store_, click _browse_, and select _Trusted Root Certification Authorities_
+   1. Proceed with Ok and confirm to install the certificate
+
+   If you are not using the WSL2 backend for Docker, then restart Docker Desktop and skip the next step.
+
+1. If you are using WSL2 for Docker, then you need to add the certificate to WSL too:
+
+   1. Open a terminal
+
+   1. Check the name of the WSL distribution:
+
+      ```
+      PS C:\> wsl --list
+      Windows Subsystem for Linux Distributions:
+      docker-desktop (Default)
+      docker-desktop-data
+      ```
+
+      The distribution we are looking for is _docker-desktop_. If you installed another distribution, such as Ubuntu, and configured Docker to use that, and proceed with that distribution instead.
+
+   1. Get a shell into WSL
+
+      ```
+      PS C:\> wsl --distribution docker-desktop
+      XXXYYYZZZ:/tmp/docker-desktop-root/mnt/host/c#
+      ```
+
+   1. Copy the certificate into WSL and import it
+
+      Note: The directory and the command below are for the _docker-desktop_ WSL distribution. On other systems you might need to tweak the commands a little, but they seem to be the same for [Ubuntu](https://www.pmichaels.net/2020/12/29/add-certificate-into-wsl/) and [Debian](https://github.com/microsoft/WSL/issues/3161#issue-320777324) as well.
+
+      ```
+      XXXYYYZZZ:/tmp/docker-desktop-root/mnt/host/c# cp /mnt/host/d/ca.crt /usr/local/share/ca-certificates/
+      XXXYYYZZZ:/tmp/docker-desktop-root/mnt/host/c# update-ca-certificates
+      WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
+      ```
+
+      Don't mind the warning, the operation still succeeded.
+
+   1. We are done with WSL, you can `exit` this shell
+
+1. Configure the proxy in Docker Desktop:
+
+   1. Open Docker Desktop settings
+   1. Go to _Resources/Proxies_
+   1. Enable the proxy and set `http://192.168.66.72:3128` as both the HTTP and HTTPS URL.
+
+1. Done. Verify that pulling works:
+
+   ```
+   # execute this in a Windows shell, not in WSL
+   docker pull hello-world
+   ```
+
+   You can check the logs of the proxy to confirm that it was used.
+
+   If pulling does not work and complains about not trusting the certificate then Docker and/or the WSL distribution might need a restart. You might try restarting Docker, or you can restart Windows too to force WSL to restart.
diff --git a/README.md b/README.md
index a419e99..bef524a 100644
--- a/README.md
+++ b/README.md
@@ -256,9 +256,9 @@ docker run --rm --name docker_registry_proxy -it
 - If you authenticate to a private registry and pull through the proxy, those images will be served to any client that can reach the proxy, even without authentication. *beware*
 - Repeat, **this will make your private images very public if you're not careful**.
 - ~~**Currently you cannot push images while using the proxy** which is a shame. PRs welcome.~~ **SEE `ALLOW_PUSH` ENV FROM USAGE SECTION.**
-- Setting this on Linux is relatively easy. 
-  - On Mac and Windows the CA-certificate part will be very different but should work in principle.
-  - Please send PRs with instructions for Windows and Mac if you succeed!
+- Setting this on Linux is relatively easy.
+  - On Mac follow the instructions [here](Docker-for-Mac.md).
+  - On Windows follow the instructions [here](Docker-Desktop-Windows.md).
 
 ### Why not use Docker's own registry, which has a mirror feature?
 
@@ -280,7 +280,7 @@ Yeah. Docker Inc should do it. So should NPM, Inc. Wonder why they don't. 😼
 ### TODO:
 
 - [x] Basic Docker-for-Mac set-up instructions
-- [ ] Basic Docker-for-Windows set-up instructions. 
+- [x] Basic Docker-for-Windows set-up instructions. 
 - [ ] Test and make auth work with quay.io, unfortunately I don't have access to it (_hint, hint, quay_)
 - [x] Hide the mitmproxy building code under a Docker build ARG.
 - [ ] "Developer Office" proxy scenario, where many developers on a fast LAN share a proxy for bandwidth and speed savings (already works for pulls, but messes up pushes, which developers tend to use a lot)