- `example.com` matches `example.com` and `foo.example.com`, and
- `.example.com` matches only `foo.example.com`
- A single asterisk (`*`) indicates that no proxying should be done
- Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and
domain names (`foo.example.com:80`)
Example:
```systemd
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
```
4. Flush changes and restart Docker
```console
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
```
5. Verify that the configuration has been loaded and matches the changes you
made, for example:
```console
$ sudo systemctl show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:3128 HTTPS_PROXY=https://proxy.example.com:3129 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp
```
{{< /tab >}}
{{< tab name="Rootless mode" >}}
1. Create a systemd drop-in directory for the `docker` service:
```console
$ mkdir -p ~/.config/systemd/user/docker.service.d
```
2. Create a file named `~/.config/systemd/user/docker.service.d/http-proxy.conf`
that adds the `HTTP_PROXY` environment variable:
```systemd
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
```
If you are behind an HTTPS proxy server, set the `HTTPS_PROXY` environment
variable:
```systemd
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:3129"
```
Multiple environment variables can be set; to set both a non-HTTPS and a
HTTPs proxy;
```systemd
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"
```
> [!NOTE]
>
> Special characters in the proxy value, such as `#?!()[]{}`, must be double
> escaped using `%%`. For example:
>
> ```systemd
> [Service]
> Environment="HTTP_PROXY=http://domain%%5Cuser:complex%%23pass@proxy.example.com:3128/"
> ```
3. If you have internal Docker registries that you need to contact without
proxying, you can specify them via the `NO_PROXY` environment variable.
The `NO_PROXY` variable specifies a string that contains comma-separated
values for hosts that should be excluded from proxying. These are the options
you can specify to exclude hosts:
- IP address prefix (`1.2.3.4`)
- Domain name, or a special DNS label (`*`)
- A domain name matches that name and all subdomains. A domain name with a
leading "." matches subdomains only. For example, given the domains
`foo.example.com` and `example.com`:
- `example.com` matches `example.com` and `foo.example.com`, and
- `.example.com` matches only `foo.example.com`
- A single asterisk (`*`) indicates that no proxying should be done
- Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and
domain names (`foo.example.com:80`)
Example:
```systemd
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
```
4. Flush changes and restart Docker
```console
$ systemctl --user daemon-reload
$ systemctl --user restart docker
```
5. Verify that the configuration has been loaded and matches the changes you
made, for example:
```console
$ systemctl --user show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:3128 HTTPS_PROXY=https://proxy.example.com:3129 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp
```
{{< /tab >}}
{{< /tabs >}}