Configure proxies

If you have components with limited (or no) internet access, you can configure proxies at various points in your infrastructure, depending on your connectivity limitations.

The examples provided here assume an unauthenticated proxy running at proxy.example.vlan on port 8080.

Download agent installation packages through a proxy

If your Puppet Enterprise (PE) primary server is airgapped, it can't download agent installation packages. If you want to use package management to install agents, set up a proxy and specify its connection details in the pe_repo class.

You must specify pe_repo::http_proxy_host and pe_repo::http_proxy_port in the PE Master node group's pe_repo class. You can do this in the PE console, the primary server's pe.conf file, or Hiera.

To do this in the console, go to Node Groups > PE Master > Classes, locate the pe_repo class, and set the pe_repo::http_proxy_host and pe_repo::http_proxy_port parameters.

To do this in the pe.conf file, add the following lines to the primary server's pe.conf file. Make sure to use values specific to your proxy.
"pe_repo::http_proxy_host": "proxy.example.vlan",
"pe_repo::http_proxy_port": 8080
Tip: You can use this curl command to test the proxy's connection to the pe_repo:
proxy_uri='http://<HTTP_PROXY_HOST>:<HTTP_PROXY_PORT>'
uri='https://pm.puppetlabs.com'

curl --proxy "$proxy_uri" --head "$uri"

For general information about forming curl commands, authentication in commands, and Windows modifications, go to Using example commands.

Set a proxy for agent traffic

General proxy settings in an agent node's puppet.conf file are used to manage HTTP connections directly initiated by the agent node.

To configure agents to communicate through a proxy, you must set the http_proxy_host and http_proxy_port settings in the agent node's puppet.conf file.
  1. On the agent node, open the puppet.conf file, which is located at: /etc/puppetlabs/puppet/puppet.conf
  2. Add the following lines to the file, with values specific to your proxy:
    http_proxy_host = proxy.example.vlan
    http_proxy_port = 8080

For more information about HTTP proxy host options, including no_proxy, go to the http_proxy_host entry in the Puppet Configuration Reference.

Tip: You can Configure PXP agent parameters to set proxies for PXP agents.

Set proxies for Code Manager traffic

Code Manager has proxy configuration options you can use to set proxies for connections to your Git server, the Forge, specific Git repositories, or all Code Manager operations over HTTP(S) transports.

Because Code Manager is run by Puppet Server, Code Manager's proxy settings aren't affected by proxy settings in puppet.conf (such as those to Set a proxy for agent traffic).

There are several levels and varieties of Code Manager proxy settings. You can:
  • Set the r10k_proxy parameter in the base Code Manager settings, for example:
    puppet_enterprise::profile::master::r10k_proxy: "http://proxy.example.vlan:8080"
    Restriction: If you set the r10k_proxy parameter, you must use an HTTP URL for the r10k_remote parameter and all Puppetfile module entries.

    The r10k_remote parameter is set when you Enable Code Manager. For information about Puppetfile module entries, refer to Managing modules with a Puppetfile.

  • Customize Code Manager configuration in Hiera to set a global proxy for all HTTP(S) operations, specific proxies for Git and Forge operations, or specific proxies for individual Git repositories.

    You can use these settings in combination to override other proxy settings. For example, you can specify a global proxy and a different proxy for Forge operations.