Use a web proxy¶
Mirantis Secure Registry makes outgoing connections to check for new versions, automatically renew its license, and update its vulnerability database. If MSR can’t access the internet, then you’ll have to manually apply updates.
One option to keep your environment secure while still allowing MSR access to the internet is to use a web proxy. If you have an HTTP or HTTPS proxy, you can configure MSR to use it. To avoid downtime you should do this configuration outside business peak hours.
As an administrator, log into a node where MSR is deployed, and run:
docker run -it --rm \ mirantis/dtr:2.9.9 reconfigure \ --http-proxy http://<domain>:<port> \ --https-proxy https://<doman>:<port> \ --ucp-insecure-tls
To confirm how MSR is configured, check the Settings page on the web UI.
If by chance the web proxy requires authentication you can submit the username and password, in the command, as shown below:
docker run -it --rm \ mirantis/dtr:2.9.9 reconfigure \ --http-proxy username:password@<domain>:<port> \ --https-proxy username:password@<doman>:<port> \ --ucp-insecure-tls
MSR will hide the password portion of the URL, when it is displayed in the MSR UI.