Docker
- Last UpdatedJun 26, 2026
- 1 minute read
Set proxy variables on the container and use NO_PROXY to list hosts that must bypass
the proxy (local databases, brokers, internal APIs, etc.).
To trust a corporate proxy CA, either:
-
mount a trusted CA bundle from the host into the container, or
-
bake the CA into a custom image
services:
edgeNode:
container_name: crosser-edgeNode
restart: always
environment:
# --- Flows credentials (required) ---
- SecurityConfiguration__Credentials__NodeId=ENTER-YOUR-NODEID-HERE
- SecurityConfiguration__Credentials__AccessKey=ENTER-YOUR-ACCESS-KEY-HERE
# --- Proxy settings (OPTIONAL) ---
# Use http://user:pass@proxy.example.com:3128 if authentication is required.
- HTTP_PROXY=http://proxy.example.com:3128
- HTTPS_PROXY=http://proxy.example.com:3128
# Duplicate in lowercase for tools/libraries that only read one variant.
- http_proxy=http://proxy.example.com:3128
- https_proxy=http://proxy.example.com:3128
# Hosts that should BYPASS the proxy (comma-separated):
# include localhost, container service names, Docker host alias, and intranet domains.
- NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,edgeNode,*.local,db,influxdb,mosquitto,my-internal-api.corp.local
- no_proxy=localhost,127.0.0.1,::1,host.docker.internal,edgeNode,*.local,db,influxdb,mosquitto,my-internal-api.corp.local
ports:
- 9090:9090
- 9191:9191
- 1883:1883
volumes:
- "./data:/application/data"
# Map the Ubuntu host's trusted CA bundle into the container (READ-ONLY).
# Ensure your corporate/proxy root CA is installed on the host (see notes below).
- "/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro"
# Alternative: map the whole directory if preferred (comment the single-file line above)
# - "/etc/ssl/certs:/etc/ssl/certs:ro"
# - "/etc/ssl/certs/ca-certificates.crt:/etc/ssl/cert.pem:ro"
logging:
driver: json-file
options:
max-size: "50m"
max-file: "2"
Notes
Add your proxy CA to Ubuntu (host)
place proxy-root.crt in /usr/local/share/ca-certificates/ and run sudo update-ca-certificates. This updates /etc/ssl/certs/ca-certificates.crt, which the container mounts.
Local services in Compose
Add each service name you connect to (for example, db, mosquitto, influxdb) to NO_PROXY.
Docker host from Linux containers
if you call services on the Docker host, include host.docker.internal (on Linux you may need to add extra_hosts: - "host.docker.internal:host-gateway" and Docker 20.10+).