Working with Proxies
In an environment that requires proxies to reach the Internet, many Chef
commands won’t work until they’re configured correctly. To configure
Chef to work in an environment that requires proxies, set the
http_proxy
, https_proxy
, ftp_proxy
, and/or no_proxy
environment
variables to specify the proxy settings using a lowercase value.
Windows
To determine the current proxy server on the Windows platform:
- Open Internet Properties.
- Open Connections.
- Open LAN settings.
- View the Proxy server setting. If this setting is blank, then a proxy server may not be available.
To configure proxy settings in Windows:
- Open System Properties.
- Open Environment Variables.
- Open System variables.
- Set
http_proxy
andhttps_proxy
to the location of your proxy server. This value MUST be lowercase.
Linux
To determine the current proxy server on the macOS and Linux platforms, check the environment variables. Run the following:
env | grep -i http_proxy
If an environment variable is set, it MUST be lowercase. If it’s
not, add a lowercase version of that proxy variable to the shell (for example
~/.bashrc
) using one (or more) the following commands.
For HTTP:
export http_proxy=http://myproxy.com:3168
For HTTPS:
export https_proxy=http://myproxy.com:3168
For FTP:
export ftp_proxy=ftp://myproxy.com:3168
Proxy Settings
Proxy settings are defined in configuration files for Chef Infra Client and for knife and may be specified for HTTP, HTTPS, and FTP.
HTTP
Use the following settings in the client.rb or config.rb files for environments that use an HTTP proxy:
Setting | Description |
---|---|
http_proxy | The proxy server for HTTP connections. Default value: nil . |
http_proxy_pass | The password for the proxy server when the proxy server is using an HTTP connection. Default value: nil . |
http_proxy_user | The user name for the proxy server when the proxy server is using an HTTP connection. Default value: nil . |
HTTPS
Use the following settings in the client.rb or config.rb files for environments that use an HTTPS proxy:
Setting | Description |
---|---|
https_proxy | The proxy server for HTTPS connections. Default value: nil . |
https_proxy_pass | The password for the proxy server when the proxy server is using an HTTPS connection. Default value: nil . |
https_proxy_user | The user name for the proxy server when the proxy server is using an HTTPS connection. Default value: nil . |
FTP
Use the following settings in the client.rb or config.rb files for environments that use an FTP proxy:
Setting | Description |
---|---|
ftp_proxy | The proxy server for FTP connections. |
ftp_proxy_pass | The password for the proxy server when the proxy server is using an FTP connection. Default value: nil . |
ftp_proxy_user | The user name for the proxy server when the proxy server is using an FTP connection. Default value: nil . |
No Proxy
The no_proxy
setting is used to specify addresses for which the proxy
shouldn’t be used. This can be a single address or a comma-separated
list of addresses.
Example:
no_proxy 'test.example.com,test.example2.com,test.example3.com'
Note
no_proxy
list—such as
no_proxy '*.*.example.*'
—however, many situations require hostnames
to be specified explicitly (that’s, “without wildcards”).Environment Variables
Consider the following for situations where environment variables are used to set the proxy:
- Proxy settings may not be honored by all applications. For example,
proxy settings may be ignored by the underlying application when
specifying a
ftp
source with aremote_file
resource. Consider a workaround. For example, in this situation try doing awget
with anftp
URL instead. - Proxy settings may be honored inconsistently by applications. For
example, the behavior of the
no_proxy
setting may not work with certain applications when wildcards are specified. Consider specifying the hostnames without using wildcards.
ENV
If http_proxy
, https_proxy
, ftp_proxy
, or no_proxy
is set in the
client.rb file but not set in the ENV
, Chef Infra Client will
configure the ENV
variable based on these (and related) settings. For
example:
http_proxy 'http://proxy.example.org:8080'
http_proxy_user 'myself'
http_proxy_pass 'Password1'
Or an alternative way to define the proxy (if the previous version does not work):
http_proxy 'http://myself:Password1@proxy.example.org:8080'
will be set to:
ENV['http_proxy'] = 'http://myself:Password1@proxy.example.org:8080'