Working with Proxies

[edit on GitHub]

In an environment that requires proxies to reach the Internet, many Chef commands will not work until they are configured correctly. To configure Chef to work in an environment that requires proxies, set the http_proxy, https_proxy, ftp_proxy, and/or no_proxy environment variables to specify the proxy settings using a lowercase value.

Microsoft Windows

To determine the current proxy server on the Microsoft Windows platform:

  1. Open Internet Properties.
  2. Open Connections.
  3. Open LAN settings.
  4. View the Proxy server setting. If this setting is blank, then a proxy server may not be available.

To configure proxy settings in Microsoft Windows:

  1. Open System Properties.
  2. Open Environment Variables.
  3. Open System variables.
  4. Set http_proxy and https_proxy to the location of your proxy server. This value MUST be lowercase.

Linux

To determine the current proxy server on the macOS and Linux platforms, check the environment variables. Run the following:

env | grep -i http_proxy

If an environment variable is set, it MUST be lowercase. If it is not, add a lowercase version of that proxy variable to the shell (e.g. ~/.bashrc) using one (or more) the following commands.

For HTTP:

export http_proxy=http://myproxy.com:3168

For HTTPS:

export https_proxy=http://myproxy.com:3168

For FTP:

export ftp_proxy=ftp://myproxy.com:3168

Proxy Settings

Proxy settings are defined in configuration files for the chef-client and for knife and may be specified for HTTP, HTTPS, and FTP.

HTTP

Use the following settings in the client.rb or config.rb files for environments that use an HTTP proxy:

Setting Description
http_proxy The proxy server for HTTP connections. Default value: nil.
http_proxy_pass The password for the proxy server when the proxy server is using an HTTP connection. Default value: nil.
http_proxy_user The user name for the proxy server when the proxy server is using an HTTP connection. Default value: nil.

HTTPS

Use the following settings in the client.rb or config.rb files for environments that use an HTTPS proxy:

Setting Description
https_proxy The proxy server for HTTPS connections. Default value: nil.
https_proxy_pass The password for the proxy server when the proxy server is using an HTTPS connection. Default value: nil.
https_proxy_user The user name for the proxy server when the proxy server is using an HTTPS connection. Default value: nil.

FTP

Use the following settings in the client.rb or config.rb files for environments that use an FTP proxy:

Setting Description
ftp_proxy The proxy server for FTP connections.
ftp_proxy_pass The password for the proxy server when the proxy server is using an FTP connection. Default value: nil.
ftp_proxy_user The user name for the proxy server when the proxy server is using an FTP connection. Default value: nil.

No Proxy

The no_proxy setting is used to specify addresses for which the proxy should not be used. This can be a single address or a comma-separated list of addresses.

Example:

no_proxy 'test.example.com,test.example2.com,test.example3.com'

Note

Wildcard matching may be used in the no_proxy list—such as no_proxy '*.*.example.*'—however, many situations require hostnames to be specified explicitly (i.e. “without wildcards”).

Environment Variables

Consider the following for situations where environment variables are used to set the proxy:

  • Proxy settings may not be honored by all applications. For example, proxy settings may be ignored by the underlying application when specifying a ftp source with a remote_file resource. Consider a workaround. For example, in this situation try doing a wget with an ftp URL instead.
  • Proxy settings may be honored inconsistently by applications. For example, the behavior of the no_proxy setting may not work with certain applications when wildcards are specified. Consider specifying the hostnames without using wildcards.

ENV

If http_proxy, https_proxy, ftp_proxy, or no_proxy is set in the client.rb file and is not already set in the ENV, the chef-client will configure the ENV variable based on these (and related) settings. For example:

http_proxy 'http://proxy.example.org:8080'
http_proxy_user 'myself'
http_proxy_pass 'Password1'

Or an alternative way to define the proxy (if the previous version does not work):

http_proxy 'http://myself:Password1@proxy.example.org:8080'

will be set to:

ENV['http_proxy'] = 'http://myself:Password1@proxy.example.org:8080'