Configuring proxies

You can work around limited internet access by configuring proxies at various points in your infrastructure, depending on your connectivity limitations.

The examples provided here assume an unauthenticated proxy running at proxy.example.vlan on port 8080.

Downloading agent installation packages through a proxy

If your primary server doesn't have internet access, it can't download agent installation packages. If you want to use package management to install agents, set up a proxy and specify its connection details so pe_repo can access agent tarballs.

In the pe_repo class of the PE Master node group, specify values for pe_repo::http_proxy_host and pe_repo::http_proxy_port settings.

If you want to specify these settings in pe.conf, add the following to your pe.conf file with your desired parameters:
"pe_repo::http_proxy_host": "proxy.example.vlan",
"pe_repo::http_proxy_port": 8080
Tip: To test proxy connections to pe_repo, run:
proxy_uri='http://proxy.example.vlan:8080'
uri='https://pm.puppetlabs.com'

curl --proxy "$proxy_uri" --head "$uri"

See Usage notes for curl examples for information about forming curl commands.

Setting a proxy for agent traffic

General proxy settings in puppet.conf manage HTTP connections that are directly initiated by the agent.

To configure agents to communicate through a proxy using pe.conf, specify values for the http_proxy_host and http_proxy_port settings in /etc/puppetlabs/puppet/puppet.conf. For example:
http_proxy_host = proxy.example.vlan
http_proxy_port = 8080

For more information about HTTP proxy host options, including no_proxy, see the http_proxy_host entry in the Puppet Configuration Reference.

Setting a proxy for Code Manager traffic

Code Manager has its own set of proxy configuration options you can use to set a proxy for connections to the Git server or the Forge. These settings are unaffected by the proxy settings in puppet.conf because Code Manager is run by Puppet Server.

Note: To set a proxy for Code Manager connections, you must use an HTTP URL for your r10k remote and for all Puppetfile module entries.

Use a proxy for all HTTP connections, including Git and the Forge, when configuring Code Manager.

To use Hiera to configure Code Manager to use a proxy, add the following code to your default .yaml. Replace the example with your proxy name.
puppet_enterprise::profile::master::r10k_proxy: "http://proxy.example.vlan:8080"
Tip: To test proxy connections to Git or the Forge, run one of these commands:
proxy_uri='http://proxy.example.vlan:8080'
uri='https://github.com'

curl --proxy "$proxy_uri" --head "$uri"
proxy_uri='http://proxy.example.vlan:8080'
uri='https://forgeapi.puppet.com'

curl --proxy "$proxy_uri" --head "$uri"

See Usage notes for curl examples for information about forming curl commands.

For detailed information about configuring proxies for Code Manager traffic, see Managing code with Code Manager.