Home Explore Blog Models CI



docker
1st chunk of `content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md`
31f5918311e59cc03ef3ed88a4bd37e35aeb0523604aa10e000000010000087d
---
title: Air-gapped containers
description: Air-gapped containers - What it is, benefits, and how to configure it.
keywords: air gapped, security, Docker Desktop, configuration, proxy, network
aliases:
 - /desktop/hardened-desktop/settings-management/air-gapped-containers/
 - /desktop/hardened-desktop/air-gapped-containers/
---

{{< summary-bar feature_name="Air-gapped containers" >}}

Air-gapped containers let you restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from.

Docker Desktop can apply a custom set of proxy rules to network traffic from containers. The proxy can be configured to:

- Accept network connections
- Reject network connections
- Tunnel through an HTTP or SOCKS proxy

You can choose:

- Which outgoing TCP ports the policy applies to. For example, only certain ports, `80`, `443` or all with `*`.
- Whether to forward to a single HTTP or SOCKS proxy, or to have a policy per destination via a Proxy Auto-Configuration (PAC) file.

## Configuration

Assuming [enforced sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:

```json
{
  "configurationFileVersion": 2,
  "containersProxy": {
    "locked": true,
    "mode": "manual",
    "http": "",
    "https": "",
    "exclude": [],
    "pac": "http://192.168.1.16:62039/proxy.pac",
    "transparentPorts": "*"
  }
}
```

The `containersProxy` setting describes the policy which is applied to traffic from containers. The valid fields are:

- `locked`: If true, it is not possible for developers to override these settings. If false the settings are interpreted as default values which the developer can change.
- `mode`: Same meaning as with the existing `proxy` setting. Possible values are `system` and `manual`.
- `http`, `https`, `exclude`: Same meaning as with the `proxy` setting. Only takes effect if `mode` is set to `manual`.
- `pac` : URL for a PAC file. Only takes effect if `mode` is `manual`, and is considered higher priority than `http`, `https`, `exclude`.
Title: Air-Gapped Containers Configuration in Docker Desktop
Summary
This document describes how to configure air-gapped containers in Docker Desktop to restrict network access for enhanced security. It explains the benefits of using air-gapped containers and how to apply custom proxy rules to container network traffic, including accepting, rejecting, or tunneling connections. The configuration involves modifying the `admin-settings.json` file, specifying parameters such as `locked`, `mode`, `http`, `https`, `exclude`, `pac`, and `transparentPorts` to define the proxy policy applied to container traffic, assuming enforced sign-in and settings management are enabled.