Configure VCHs to Use Proxy Servers

If access to the Internet or to your private image registries requires the use of a proxy server, you must configure a virtual container host (VCH) to connect to the proxy server when you deploy it. The proxy is used only when pulling images, and not for any other purpose.

IMPORTANT: Configuring a VCH to use a proxy server does not configure proxy support on the containers that this VCH runs. Container developers must configure proxy servers on containers when they create them.

You can add, reconfigure, or remove proxy servers after you have deployed a VCH by using the vic-machine configure --https-proxy and --http-proxy options. For information about adding, reconfiguring, or removing proxy servers, see Add, Configure, or Remove Proxy Servers in Configure Running Virtual Container Hosts.

• Options
  • HTTP Proxy
  • HTTPS Proxy
  • No Proxy
• What to Do Next
• Example vic-machine Command

Options

The sections in this topic each correspond to an entry in the Configure Networks page of the Create Virtual Container Host wizard, and to the corresponding vic-machine create options.

HTTP Proxy

The address of the HTTP proxy server through which the VCH accesses image registries when using HTTP.

Create VCH Wizard

Enter the IP address or FQDN of an HTTP proxy in the HTTP proxy text box, for example 192.168.3.1.

vic-machine Option

--http-proxy, no short name

Specify the address of the proxy server in the --http-proxy option, as either an FQDN or an IP address.

--http-proxy http://proxy.example.mycompany.org:80

HTTPS Proxy

The address of the HTTPS proxy server through which the VCH accesses image registries when using HTTPS.

Create VCH Wizard

Enter the IP address or FQDN of an HTTPS proxy in the HTTPS proxy text box, for example 192.168.3.1.

vic-machine Option

--https-proxy, no short name

Specify the address of the proxy server in the --https-proxy option, as either an FQDN or an IP address.

--https-proxy https://proxy.example.mycompany.org:443

No Proxy

If you configure proxies, you can provide a list of URLs to exclude from proxying.

Create VCH Wizard

This option is not available in the Create Virtual Container Host wizard.

vic-machine Option

--no-proxy, no short name

Specify any URLs to exclude from proxying in the --no-proxy option, as a comma-separated list of host names, domain names, or a mixture of both.

This option is available in vSphere Integrated Containers 1.4.3 and later.

--no-proxy localhost,.example.com

What to Do Next

If you are using the Create Virtual Container Host wizard, the bridge network and the public network are the only networks that it is mandatory to configure.

• To configure further advanced network settings, remain on the Configure Networks page, and see the following topics:
  • Configure the Client Network
  • Configure the Management Network
  • Configure Container Networks
• If you have finished configuring the network settings, click Next to configure VCH Security settings.

Example vic-machine Command

This example vic-machine create command deploys a VCH that accesses the network via an HTTPS proxy server and excludes the local host from proxying.

vic-machine-operating_system create
--target 'Administrator@vsphere.local':password@vcenter_server_address/dc1
--compute-resource cluster1
--image-store datastore1
--bridge-network vch1-bridge
--public-network vic-public
--https-proxy https://proxy.example.mycompany.org:443
--no-proxy localhost
--name vch1
--thumbprint certificate_thumbprint
--no-tlsverify