HTTP Proxy

GitGuardian allows you to configure an HTTP proxy for outgoing traffic from the application.

This includes traffic to services like Replicated, Docker, messaging integrations, and other external connections. For more details, refer to our Network Requirements page.

caution

• You must add 127.0.0.1,10.0.0.0/8 to the list of proxy exceptions NO_PROXY to permit the local and internal cluster traffic through the proxy (replace 10.0.0.0/8 with your internal subnet).
• Verify the proxy FQDNs are resolvable and reachable within your Kubernetes cluster.
• Specifying password in proxy URLs is supported.
• GitGuardian can be deployed with both HTTP and HTTPS proxies. For the HTTPS proxy, it may be necessary to add a Certificate Authority (CA) so that the proxy's SSL certificate is trusted. This process ensures secure and reliable communication between the application and the proxy. For more information, please refer to the custom CA section.

Helm-based installation

To configure a proxy for outgoing HTTP(s) traffic, update your Helm values file accordingly. If you are using a custom Certificate Authority (CA), ensure it is configured both under replicated.privateCASecret and within the application configuration under tls.customCa. For more details, refer to the Custom CA documentation.

proxy:
  httpProxyUrl: 'http://proxy:8080'
  httpsProxyUrl: 'http://proxy:8080'
  noProxyHostNames:
    - 127.0.0.1
    - 10.0.0.0/8

replicated:
  privateCASecret: # optional if you are using a custom CA
    name: custom-ca-secret-name
    key: 'custom-ca.pem'
  extraEnv:
    - name: HTTP_PROXY
      value: 'http://proxy:8080'
    - name: HTTPS_PROXY
      value: 'http://proxy:8080'
    - name: NO_PROXY
      value: '127.0.0.1,10.0.0.0/8'

KOTS-based installation

In the KOTS Admin Console, you can configure the URL(s) for the outgoing HTTP(s) traffic to your proxy server: