Pass proxy settings from host system for Windows containers

[slonopotamus]

Description

When running Linux containers, moby passes them proxy information in the form of HTTP_PROXY/HTTPS_PROXY/NO_PROXY env variables.

But on Windows, proxy is set up differently:

These settings can be accessed on the host:

PS C:\Users\Administrator> [System.Net.WebProxy]::GetDefaultProxy()


Address               : http://qweqwe:123/
BypassProxyOnLocal    : False
BypassList            : {^(?:.*://)?aaa(?::[0-9]{1,5})?$, ^(?:.*://)?bbb(?::[0-9]{1,5})?$,
                        ^(?:.*://)?zzz(?::[0-9]{1,5})?$}
Credentials           :
UseDefaultCredentials : False
BypassArrayList       : {^(?:.*://)?aaa(?::[0-9]{1,5})?$, ^(?:.*://)?bbb(?::[0-9]{1,5})?$,
                        ^(?:.*://)?zzz(?::[0-9]{1,5})?$}

But they are not available inside the container:

PS C:\Users\Administrator> docker run --rm -it mcr.microsoft.com/windows/servercore:ltsc2019 powershell "[System.Net.WebProxy]::GetDefaultProxy()"


Address               :
BypassProxyOnLocal    : False
BypassList            : {}
Credentials           :
UseDefaultCredentials : False
BypassArrayList       : {}

[slonopotamus]

Just in case, there is a powershell script that can be used to inject proxy settings into registry in container.

Code

<#
.SYNOPSIS
Generate DefaultConnectionSettings binary data

.DESCRIPTION
Generate DefaultConnectionSettings binary data for setting proxy configuration. Can be used to output directly to the registry in HKCU or HKLM, or can output to the console in a Group Policy Preferences Registry setting-friendly format.

.PARAMETER EnableAuto
Enable "Automatically Detect Settings" option

.PARAMETER EnablePAC
Enable "User Automatic Configuration Script" option

.PARAMETER EnableProxy
Enable "User a proxy server" option

.PARAMETER EnableLocal
Enable the "Bypass Proxy For Local Addresses" option

.PARAMETER PAC
PAC file URL

.PARAMETER Proxy
Proxy server and port in <server>:<port> format

.PARAMETER Bypass
Semi-colon-separated list of IPs, hosts, or domains, to bypass the proxy

.PARAMETER RegHive
Registry hive to write to; HKCU or HKLM. Defaults to HKCU.

.PARAMETER RegValue
Registry value to write to. Defaults to DefaultConnectionSettings

.PARAMETER IncludeWOW64
Also set WOW6432Node reg value for 32-bit applications on 64-bit Windows (HKLM only)

.PARAMETER OutReg
Output result directly to the registry. Can be used with OutConsole.

.PARAMETER OutConsole
Output result to the console in GPP-friendly format. Can be used with OutReg.

.EXAMPLE
PS> Set-ProxyBytes.ps1 -EnablePAC -PAC "https://wpad.contoso.com/proxy.pac" -OutConsole

.NOTES
    Author: Adam Beardwood
    Date: 2021-04-10
    Version History:
        v1.0 - Initial Release
#>

[cmdletbinding()]

Param(
    [Parameter(Mandatory=$false)][switch]$EnableAuto,
    [Parameter(Mandatory=$false)][switch]$EnablePAC,
    [Parameter(Mandatory=$false)][switch]$EnableProxy,
    [Parameter(Mandatory=$false)][switch]$EnableLocal,
    [Parameter(Mandatory=$false)][string]$PAC="",
    [Parameter(Mandatory=$false)][string]$Proxy="",
    [Parameter(Mandatory=$false)][string]$Bypass="",
    [Parameter(Mandatory=$false)][string]$RegHive="HKCU",
    [Parameter(Mandatory=$false)][string]$RegValue="DefaultConnectionSettings",
    [Parameter(Mandatory=$false)][switch]$IncludeWOW64,
    [Parameter(Mandatory=$false)][switch]$OutReg,
    [Parameter(Mandatory=$false)][switch]$OutConsole
)

if(!$OutConsole -and !$OutReg){
    write-output "ERROR: No output type specified. Please use -OutReg and/or -OutConsole"
    exit 1
}

#Static vars
$RegistryPath = "$($RegHive):\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
$WOW64RegistryPath = "$($RegHive):\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
$Revision = "02"
$LocalBypass = "<local>"

if((!$EnableProxy) -and (!$EnablePAC) -and (!$EnableAuto)){
    #Nothing
    $ProxyOptions = "01"
    $PAC = ""
    $Proxy = ""
    $Bypass = ""
    $LocalBypass = $false
}elseif(($EnableProxy) -and (!$EnablePAC) -and (!$EnableAuto)){
    #Proxy
    $ProxyOptions = "03"
    $PAC = ""
}elseif((!$EnableProxy) -and ($EnablePAC) -and (!$EnableAuto)){
    #PAC
    $ProxyOptions = "05"
    $Proxy = ""
    $Bypass = ""
    $LocalBypass = $false
}elseif(($EnableProxy) -and ($EnablePAC) -and (!$EnableAuto)){
    #Proxy + PAC
    $ProxyOptions = "07"
}elseif((!$EnableProxy) -and (!$EnablePAC) -and ($EnableAuto)){
    #Auto
    $ProxyOptions = "09"
    $PAC = ""
    $Proxy = ""
    $Bypass = ""
    $LocalBypass = $false
}elseif(($EnableProxy) -and (!$EnablePAC) -and ($EnableAuto)){
    #Proxy + Auto
    $ProxyOptions = "11"
    $PAC = ""
}elseif((!$EnableProxy) -and ($EnablePAC) -and ($EnableAuto)){
    #PAC + Auto
    $ProxyOptions = "13"
    $Proxy = ""
    $Bypass = ""
    $LocalBypass = $false
}elseif(($EnableProxy) -and ($EnablePAC) -and ($EnableAuto)){
    #All
    $ProxyOptions = "15"
}else{
    #Fallback
    write-output "Invalid options provided, aborting"
    exit 1
}

write-debug "Setting`nProxy Options: $ProxyOptions`nPAC: $PAC`nProxy: $Proxy`nBypass: $Bypass`nLocalBypass: $EnableLocal"

if($EnableLocal){
    $Bypass = "$LocalBypass;$Bypass"
}

$PacBytes = [system.Text.Encoding]::ASCII.GetBytes($PAC)
$ProxyBytes = [system.Text.Encoding]::ASCII.GetBytes($Proxy)
$BypassBytes = [system.Text.Encoding]::ASCII.GetBytes($Bypass)

$DefaultConnectionSettings = [byte[]]@(@(70, 0, 0, 0) + @($Revision, 0, 0, 0) + @($ProxyOptions, 0, 0, 0) + @($ProxyBytes.Length, 0, 0, 0) + $ProxyBytes + @($BypassBytes.Length, 0, 0, 0) + $BypassBytes + @($PacBytes.Length, 0, 0, 0) + $PacBytes + @(1..32 | % { 0 }))

if($OutReg){
    Set-ItemProperty -Path "$RegistryPath\Connections" -Name $RegValue -Value $DefaultConnectionSettings
}

if($OutReg -and $IncludeWOW64 -and ($RegHive -eq "HKLM")){
    Set-ItemProperty -Path "$WOW64RegistryPath\Connections" -Name $RegValue -Value $DefaultConnectionSettings
}

if($OutConsole){
    [System.BitConverter]::ToString($DefaultConnectionSettings) -replace "-"
}