Home Explore Blog Models CI



docker
7th chunk of `content/manuals/desktop/settings-and-maintenance/settings.md`
8f76281262933f99eb6ddbb12844b2b78aec60ff1c4b08cc0000000100000fde
To set a different proxy for Docker Desktop, turn on **Manual proxy configuration** and enter a single
upstream proxy URL of the form `http://proxy:port` or `https://proxy:port`.

To prevent developers from accidentally changing the proxy settings, see
[Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md#what-features-can-i-configure-with-settings-management).

The HTTPS proxy settings used for scanning images are set using the `HTTPS_PROXY` environment variable.

> [!NOTE]
>
> If you are using a PAC file hosted on a web server, make sure to add the MIME type `application/x-ns-proxy-autoconfig` for the `.pac` file extension on the server or website. Without this configuration, the PAC file may not be parsed correctly.

> [!IMPORTANT]
> You cannot configure the proxy settings using the Docker daemon configuration
> file (`daemon.json`), and we recommend you do not configure the proxy
> settings via the Docker CLI configuration file (`config.json`).
>
> To manage proxy configurations for Docker Desktop, configure the settings in
> the Docker Desktop app or use [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).

#### Proxy authentication

##### Basic authentication

If your proxy uses Basic authentication, Docker Desktop prompts developers for a username and password and caches the credentials. All passwords are stored securely in the OS credential store. It will request re-authentication if that cache is removed.

It's recommended that you use an `https://` URL for HTTP/HTTPS proxies to protect passwords during network transit. Docker Desktop also supports TLS 1.3 for communication with proxies.

##### Kerberos and NTLM authentication

> [!NOTE]
>
> Available for Docker Business subscribers with Docker Desktop for Windows version 4.30 and later.

Developers are no longer interrupted by prompts for proxy credentials as authentication is centralized. This also reduces the risk of account lockouts due to incorrect sign in attempts.

If your proxy offers multiple authentication schemes in 407 (Proxy Authentication Required) response, Docker Desktop by default selects the Basic authentication scheme.

For Docker Desktop version 4.30 to 4.31: 

To enable Kerberos or NTLM proxy authentication, no additional configuration is needed beyond specifying the proxy IP address and port.

For Docker Desktop version 4.32 and later: 

To enable Kerberos or NTLM proxy authentication you must pass the `--proxy-enable-kerberosntlm` installer flag during installation via the command line, and ensure your proxy server is properly configured for Kerberos or NTLM authentication.

### Network

> [!NOTE]
>
> On Windows, the **Network** tab isn't available in the Windows container mode because
> Windows manages networking.

Docker Desktop uses a private IPv4 network for internal services such as a DNS server and an HTTP proxy. In case Docker Desktop's choice of subnet clashes with IPs in your environment, you can specify a custom subnet using the **Network** setting.

On Windows and Mac, you can also set the default networking mode and DNS resolution behavior. For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).

On Mac, you can also select the **Use kernel networking for UDP** setting. This lets you use a more efficient kernel networking path for UDP. This may not be compatible with your VPN software.

### WSL Integration

On Windows in WSL 2 mode, you can configure which WSL 2 distributions will have the Docker
WSL integration.

By default, the integration is enabled on your default WSL distribution.
To change your default WSL distribution, run `wsl --set-default <distribution name>`. (For example,
to set Ubuntu as your default WSL distribution, run `wsl --set-default ubuntu`).

You can also select any additional distributions you would like to enable the WSL 2 integration on.

For more details on configuring Docker Desktop to use WSL 2, see
Title: Docker Desktop Proxy Authentication and Network Configuration
Summary
Docker Desktop allows manual proxy configuration via URL input (http://proxy:port or https://proxy:port), with options to prevent accidental changes through Settings Management. HTTPS_PROXY variable manages HTTPS proxy for image scanning. Basic proxy authentication prompts for username/password, securely cached, with HTTPS recommended. Docker Business subscribers can use Kerberos/NTLM authentication via installer flag. The Network section configures private IPv4 subnet, default networking mode, and DNS resolution (Windows/Mac). Mac also has 'Use kernel networking for UDP' option. WSL integration allows Docker use in WSL 2 distributions; default integration is enabled, but can be customized.