Skip to content

admin: add proxy for config profiles #23517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 9, 2025
+20 −1
Merged

admin: add proxy for config profiles #23517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
63fca65
admin: add proxy for config profiles
Xeeynamo Oct 7, 2025
e41a80d
edits and version addition
aevesdocker Oct 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion content/manuals/enterprise/security/enforce-sign-in/methods.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,21 @@ Deploy the registry key across your organization using Group Policy:

{{< summary-bar feature_name="Config profiles" >}}

Configuration profiles provide the most secure enforcement method for macOS because they're protected by Apple's System Integrity Protection.
Configuration profiles provide the most secure enforcement method for macOS, as they're protected by Apple's System Integrity Protection.

The payload is a dictionary of key-values. Docker Desktop supports the following keys:

- `allowedOrgs`: Sets a list of organizations in one single string, where each organization is separated by a semi-colon.

In Docker Desktop version 4.48 and later, the following keys are also supported:

- `overrideProxyHTTP`: Sets the URL of the HTTP proxy that must be used for outgoing HTTP requests.
- `overrideProxyHTTPS`: Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests.
- `overrideProxyExclude`: Bypasses proxy settings for the specified hosts and domains. Uses a comma-separated list.
- `overrideProxyPAC`: Sets the file path where the PAC file is located. It has precedence over the remote PAC file on the selected proxy.
- `overrideProxyEmbeddedPAC`: Sets the content of an in-memory PAC file. It has precedence over `overrideProxyPAC`.

Overriding at least one of the proxy settings via Configuration profiles will automatically lock the settings as they're managed by macOS.

1. Create a file named `docker.mobileconfig` with this content:
```xml
Expand All @@ -104,6 +118,10 @@ Configuration profiles provide the most secure enforcement method for macOS beca
<string>Your Company Name</string>
<key>allowedOrgs</key>
<string>first_org;second_org</string>
<key>overrideProxyHTTP</key>
<string>http://company.proxy:80</string>
<key>overrideProxyHTTPS</key>
<string>https://company.proxy:443</string>
</dict>
</array>
<key>PayloadType</key>
Expand Down
1 change: 1 addition & 0 deletions content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ When multiple policies exist, Docker Desktop applies them in this order:
1. User-specific policies: Highest priority
1. Organization default policy: Applied when no user-specific policy exists
1. Local `admin-settings.json` file: Lowest priority, overridden by Admin Console policies
1. [Configuration profiles](/manuals/enterprise/security/enforce-sign-in/methods.md#configuration-profiles-method-mac-only): Super-set of Docker Admin Console policies. Available with Docker Desktop version 4.48 and later.

## Set up Settings Management

Expand Down