diff --git a/_data/toc.yaml b/_data/toc.yaml
index 0640664856..e0f13f9e19 100644
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@@ -1940,6 +1940,8 @@ manuals:
             title: Chain multiple caches
         - path: /datacenter/dtr/2.3/guides/admin/configure/garbage-collection/
           title: Garbage collection
+        - path: /datacenter/dtr/2.3/guides/admin/configure/use-a-web-proxy/
+          title: Use a web proxy
       - sectiontitle: Manage users
         section:
         - path: /datacenter/dtr/2.3/guides/admin/manage-users/
diff --git a/datacenter/dtr/2.3/guides/admin/configure/use-a-web-proxy.md b/datacenter/dtr/2.3/guides/admin/configure/use-a-web-proxy.md
new file mode 100644
index 0000000000..5b60e8703b
--- /dev/null
+++ b/datacenter/dtr/2.3/guides/admin/configure/use-a-web-proxy.md
@@ -0,0 +1,33 @@
+---
+title: Use a web proxy
+description: Learn how to configure Docker Content Trust to use a web proxy to
+  reach external services.
+keywords: dtr, configure, http, proxy
+---
+
+Docker Trusted Registry makes outgoing connections to check for new versions,
+automatically renew its license, and update its vulnerability database.
+If DTR can't access the internet, then you'll have to manually apply updates.
+
+One option to keep your environment secure while still allowing DTR access to
+the internet is to use a web proxy. If you have an HTTP or HTTPS proxy, you
+can configure DTR to use it. To avoid downtime you should do this configuration
+outside business peak hours.
+
+As an administrator, log into a node where DTR is deployed, and run:
+
+```
+docker run -it --rm \
+  {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} reconfigure \
+  --http-proxy http://<domain>:<port> \
+  --https-proxy https://<doman>:<port> \
+  --ucp-insecure-tls
+```
+
+To confirm how DTR is configured, check the **Settings** page on the web UI.
+
+![DTR settings](../../images/use-a-web-proxy-1.png){: .with-border}
+
+## Where to go next
+
+* [Configure garbage collection](garbage-collection.md)
diff --git a/datacenter/dtr/2.3/guides/images/use-a-web-proxy-1.png b/datacenter/dtr/2.3/guides/images/use-a-web-proxy-1.png
new file mode 100644
index 0000000000..008e1fb55c
Binary files /dev/null and b/datacenter/dtr/2.3/guides/images/use-a-web-proxy-1.png differ