docker-registry-proxy/Docker-Desktop-Windows.md

2.8 KiB

Configure Docker Desktop on Windows to use the proxy and trust its certificate

  1. Let's say you set up the proxy on host 192.168.66.72. Get the certificate using a browser (go to http://192.168.66.72:3128/ca.crt) and save it as a file (e.g., to d:\ca.crt)

  2. Add the certificate to Windows:

    1. Double click the certificate
    2. Chose to Install certificate..., then click Next
    3. Chose Current user, then click Next
    4. Select option Place all certificates in the following store, click browse, and select Trusted Root Certification Authorities
    5. Proceed with Ok and confirm to install the certificate

    If you are not using the WSL2 backend for Docker, then restart Docker Desktop and skip the next step.

  3. If you are using WSL2 for Docker, then you need to add the certificate to WSL too:

    1. Open a terminal

    2. Check the name of the WSL distribution:

      PS C:\> wsl --list
      Windows Subsystem for Linux Distributions:
      docker-desktop (Default)
      docker-desktop-data
      

      The distribution we are looking for is docker-desktop. If you installed another distribution, such as Ubuntu, and configured Docker to use that, and proceed with that distribution instead.

    3. Get a shell into WSL

      PS C:\> wsl --distribution docker-desktop
      XXXYYYZZZ:/tmp/docker-desktop-root/mnt/host/c#
      
    4. Copy the certificate into WSL and import it

      Note: The directory and the command below are for the docker-desktop WSL distribution. On other systems you might need to tweak the commands a little, but they seem to be the same for Ubuntu and Debian as well.

      XXXYYYZZZ:/tmp/docker-desktop-root/mnt/host/c# cp /mnt/host/d/ca.crt /usr/local/share/ca-certificates/
      XXXYYYZZZ:/tmp/docker-desktop-root/mnt/host/c# update-ca-certificates
      WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
      

      Don't mind the warning, the operation still succeeded.

    5. We are done with WSL, you can exit this shell

  4. Configure the proxy in Docker Desktop:

    1. Open Docker Desktop settings
    2. Go to Resources/Proxies
    3. Enable the proxy and set http://192.168.66.72:3128 as both the HTTP and HTTPS URL.
  5. Done. Verify that pulling works:

    # execute this in a Windows shell, not in WSL
    docker pull hello-world
    

    You can check the logs of the proxy to confirm that it was used.

    If pulling does not work and complains about not trusting the certificate then Docker and/or the WSL distribution might need a restart. You might try restarting Docker, or you can restart Windows too to force WSL to restart.