Skip to main content

HTTP Proxy

GitGuardian allows you to configure an HTTP proxy for outgoing traffic from the application.

This includes traffic to services like Replicated, Docker, messaging integrations, and other external connections. For more details, refer to our Network Requirements page.

caution
  • You must add 127.0.0.1,10.0.0.0/8 to the list of proxy exceptions NO_PROXY to permit the local and internal cluster traffic through the proxy (replace 10.0.0.0/8 with your internal subnet).
  • Verify the proxy FQDNs are resolvable and reachable within your Kubernetes cluster.
  • Specifying password in proxy URLs is supported.
  • GitGuardian can be deployed with both HTTP and HTTPS proxies. For the HTTPS proxy, it may be necessary to add a Certificate Authority (CA) so that the proxy's SSL certificate is trusted. This process ensures secure and reliable communication between the application and the proxy. For more information, please refer to the custom CA section.

Helm-based installation

To configure a proxy for outgoing HTTP(s) traffic, update your Helm values file accordingly. If you are using a custom Certificate Authority (CA), ensure it is configured both under replicated.privateCASecret and within the application configuration under tls.customCa. For more details, refer to the Custom CA documentation.

info

From 2025.5.0 version, proxy urls are always stored as Secret.

Using an existing secret

info

The secret must be present before the installation of GitGuardian.

The following example will set the HTTP_PROXY value from the http key of the proxy-secret Kubernetes Secret.

proxy:
  noProxyHostNames:
    - 127.0.0.1
    - 10.0.0.0/8
  existingSecret: 'proxy-secret'
  existingSecretKeys:
    httpProxyUrl: 'http'
    httpsProxyUrl: 'https'

replicated:
  privateCASecret: # optional if you are using a custom CA
    name: custom-ca-secret-name
    key: 'custom-ca.pem'
  extraEnv:
    - name: HTTP_PROXY
      valueFrom:
        secretKeyRef:
          name: 'proxy-secret'
          key: 'http'
    - name: HTTPS_PROXY
      valueFrom:
        secretKeyRef:
          name: 'proxy-secret'
          key: 'https'

Using inline values

info

When using this method, GitGuardian chart will handle the Kubernetes Secret containing proxy urls for you.

proxy:
  httpProxyUrl: 'http://proxy:8080'
  httpsProxyUrl: 'http://proxy:8080'
  noProxyHostNames:
    - 127.0.0.1
    - 10.0.0.0/8

KOTS-based installation

In the KOTS Admin Console, you can configure the URL(s) for the outgoing HTTP(s) traffic to your proxy server:

Services and components

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status