HTTP Proxy missing NO_PROXY support

[DAVe3283]

I am running Proxmox (and everything else) behind a HTTP MitM proxy.

I have set /etc/environment appropriately:

all_proxy="http://proxy-web.example.com:80"
ALL_PROXY="http://proxy-web.example.com:80"
http_proxy="http://proxy-web.example.com:80"
HTTP_PROXY="http://proxy-web.example.com:80"
https_proxy="http://proxy-web.example.com:80"
HTTPS_PROXY="http://proxy-web.example.com:80"
no_proxy="localhost,127.0.0.1,.example.com"
NO_PROXY="localhost,127.0.0.1,.example.com"

This works fine when running stuff in the terminal, but updating does not work from the GUI. I tried setting Datacenter → Options → HTTP proxy, but since I am using a combination of the default Debian repositories for the base OS and Proxmox Offline Mirror for the Proxmox sources (hosted internally, pmxmirror.example.com) then the update still fails, since the GUI does not have a way to set NO_PROXY, and tries to access pmxmirror.example.com via the proxy, which fails, since that host is not resolvable from the public internet.

How do I add a NO_PROXY value to the GUI operations? I am somewhat surprised if I am the first person to encounter this, as most large enterprise networks have a similar setup of inspecting all external traffic but allowing direct internal access by bypassing the proxy.

 

[dcsapak]

it seems this is currently not implemented (yet), see e.g. https://bugzilla.proxmox.com/show_bug.cgi?id=5420 for a related issue, maybe add your comment there, so we can see the demand of such a thing

 

[Jay38842]

@dcsapak How can we get some priority on this. It looks like there is a long list of requests for the support of HTTPS and NO_PROXY variables dating back to 2021. https://forum.proxmox.com/threads/proxmox-proxy-configuration-ignored.105159/ https://bugzilla.proxmox.com/show_bug.cgi?id=3716 https://forum.proxmox.com/threads/proxy-settings-gui-does-not-work-in-shell.131948/

The fact that you can't use the Query URL and download the image from the URL using an https method is not only insecure but probably a big non-starter for a lot of power users looking at proxmox for enterprise solutions now that VMWare is on its way out.

Linux proxy variables have existed for a long time. Proxmox needs to really look at this functionality and support https wherever needed. even if its not in the gui it should support it through a manual modification in the datacenter.cfg.

I'm just a little disheartened that this simple feature doesn't already exist. Its a bit unprofessional that its been asked for several times and still starved for implementation, to be frank. Please get this to the right people and get it highly prioritized. I'd even be willing to work on it with someone if I they want.

 

[dcsapak]

the easiest way to determine demand for us is when people open a bug and comment there (as i already wrote), not all developers see all forum threads, but most are aware of high activity bugs. It seems the OP of this thread did also not leave a comment on the linked bug, so I'd encourage you to do that.
While i agree that this feature would make sense to have, we only have limited developer resources and have to prioritize based on user feedback (thus the link to bugzilla)

The fact that you can't use the Query URL and download the image from the URL using an https method is not only insecure but probably a big non-starter for a lot of power users looking at proxmox for enterprise solutions now that VMWare is on its way out.

I'm not sure what exactly you mean here? Download via https should work, but it's just honoring the proxy set in the datacenter options instead of the *_PROXY variables.
in the worst case you can download the iso via ssh/curl/wget (it's just a debian underneath after all) or download it to your workstation and use the pve web ui to upload it there

Hope this helps !

 

[Jay38842]

Hi Dominik,
Thanks for your response. The https download works when proxmox is not installed behind a proxy environment. However that is rarely the case in corporate/enterprise networks. If you click the query url button in Proxmox when behind a proxy, for something like the following:
https://cloud-images.ubuntu.com/releases/noble/release/ubuntu-24.04-server-cloudimg-amd64.img
The connection will timeout because network traffic will not be allowed out. Pve does not seem to respect the hosts /etc/environment file so we need another way to configure a proxy. Since the datacenter.cfg file supports an HTTP proxy then presumably it should be able to support an HTTPS proxy as well. Other users might also need a NO_PROXY so I think this should be implemented at the same time.