1

I have install docker on a windows 7 machine, if I connect to Internet outside my company network everything works fine, but when I connect to Internet from my company network, and try to pull a image from dockerhub, I just get the "docker: Network timed out while trying to connect to .... You may want to check your internet connection or if you are behind a proxy..". I have edited the /var/lib/boot2docker/profile file by adding following two lines

export "HTTP_PROXY=http://me:mypassword@proxyhost:proxyport"
export "HTTPS_PROXY=http://me:mypassword@proxyhost:proxyport"

rebooted the docker machine and try to pull an image and get the following error;

Error while pulling image: Get https://index.docker.io/v1/repositories/library/ubuntu/images: x509: certificate signed by unknown authority

edit: CA certification details

enter image description here

dursun
  • 1,861
  • 2
  • 21
  • 38
  • Do you have an internal CA which you need to trust manually first? – tpbowden Mar 31 '16 at 11:40
  • I do not have much knowledge about networking stuffi how can i understand whether I have an internal CA or not? – dursun Mar 31 '16 at 11:42
  • Try going to hub.docker.com behind the firewall, click the padlock in the top left (using Chome), select the connection tab, click the certificate information link and check who the issuer is. – tpbowden Mar 31 '16 at 11:57
  • I have just added the details, I think that means I have an internal CA, right? – dursun Mar 31 '16 at 12:08
  • Yeah thats right, you'll need to download and trust it on all your docker machines – tpbowden Mar 31 '16 at 12:14

1 Answers1

1

The problem is your corporate proxy is using it's own SSL certificate which Docker doesn't trust. What you're going to have to do is to download a copy of the CA certificate and trust it on any machines you want to use behind the firewall. Check this answer for how to trust a certificate:

Docker behind proxy that changes ssl certificate

Community
  • 1
  • 1
tpbowden
  • 2,040
  • 15
  • 22
  • I have copied the certifacate text into the /etc/ssl/certs/ca-certificates.crt file, and no change, And realized that when I restart the docker machine my modification on the "ca-certificates.crt " file is missing. is there any solution for that? – dursun Mar 31 '16 at 13:15
  • Try copying it to /var/lib/boot2docker/certs/ca.pem and restart, hopefully that will fix it. source : https://forums.docker.com/t/installing-custom-registry-certificates-with-docker-machine/2204 – tpbowden Mar 31 '16 at 14:02
  • I'm not sure then, it might be worth raising an issue on either docker machine or boot2docker – tpbowden Apr 01 '16 at 10:36