Configure a proxy server
GitGuardian provides the option to use a proxy server for outgoing traffic from the application.
caution
- You must add
127.0.0.1,10.0.0.0/8
to the list of proxy exceptions to permit the local and internal cluster traffic through the proxy (replace10.0.0.0/8
with your internal subnet). - Verify the proxy FQDNs are resolvable and reachable within your Kubernetes cluster.
- Specifying password in proxy URLs is not supported.
- GitGuardian can be deployed with both HTTP and HTTPS proxies. For the HTTPS proxy, it may be necessary to add a Certificate Authority (CA) so that the proxy's SSL certificate is trusted. This process ensures secure and reliable communication between the application and the proxy. For more information, please refer to the custom CA section.
KOTS-based installation
In the KOTS Admin Console, you can configure the URL(s) for the outgoing HTTP(s) traffic to your proxy server:
Helm-based installation
Update your values file to use a proxy for the outgoing HTTP(s) traffic.
proxy:
httpProxyUrl: "http://proxy:8080"
httpsProxyUrl: "http://proxy:8080"
noProxyHostNames:
- 127.0.0.1
- 10.0.0.0/8
replicated:
extraEnv:
- name: HTTP_PROXY
value: "http://proxy:8080"
- name: HTTPS_PROXY
value: "http://proxy:8080"
- name: NO_PROXY
value: "127.0.0.1,10.0.0.0/8"
caution
If you're using a custom CA, the Replicated SDK won't automatically trust it. To fix this when connecting through an HTTP proxy, make sure to set isAirgap
to true
in your replicated config:
replicated:
isAirgap: true