Configure a proxy server

GitGuardian provides the option to use a proxy server for outgoing traffic from the application.

caution

• You must add 127.0.0.1,10.0.0.0/8 to the list of proxy exceptions to permit the local and internal cluster traffic through the proxy (replace 10.0.0.0/8 with your internal subnet).
• Verify the proxy FQDNs are resolvable and reachable within your Kubernetes cluster.
• Specifying password in proxy URLs is not supported.
• GitGuardian can be deployed with both HTTP and HTTPS proxies. For the HTTPS proxy, it may be necessary to add a Certificate Authority (CA) so that the proxy's SSL certificate is trusted. This process ensures secure and reliable communication between the application and the proxy. For more information, please refer to the custom CA section.

KOTS-based installation

In the KOTS Admin Console, you can configure the URL(s) for the outgoing HTTP(s) traffic to your proxy server:

Helm-based installation

Update your values file to use a proxy for the outgoing HTTP(s) traffic.

proxy:
  httpProxyUrl: "http://proxy:8080"
  httpsProxyUrl: "http://proxy:8080"
  noProxyHostNames:
    - 127.0.0.1
    - 10.0.0.0/8

replicated:
  extraEnv:
    - name: HTTP_PROXY
      value: "http://proxy:8080"
    - name: HTTPS_PROXY
      value: "http://proxy:8080"
    - name: NO_PROXY
      value: "127.0.0.1,10.0.0.0/8"

caution

If you're using a custom CA, the Replicated SDK won't automatically trust it. To fix this when connecting through an HTTP proxy, make sure to set isAirgap to true in your replicated config:

replicated:
  isAirgap: true 

Was this page helpful?