I'm trying to create an S3-backed datastore on PBS 4.2.0-1 against AWS S3 (ca-central-1). The PBS host has no direct internet egress — all outbound HTTPS must go through a HTTP proxy. From the shell, curl through the proxy reaches S3 cleanly (TLS 1.3 handshake completes, S3 returns expected responses), so the network path itself is fine. The problem is that the PBS daemon does not appear to use the proxy when talking to S3.
S3 endpoint config (/etc/proxmox-backup/s3.cfg, redacted):
s3-endpoint: <endpoint-id>
access-key <AKIA...>
endpoint s3.ca-central-1.amazonaws.com
path-style true
region ca-central-1
secret-key <XXXXXXXXXXX>
Error:
# proxmox-backup-manager datastore create <store> /mnt/<cache> --backend type=s3,client=<endpoint-id>,bucket=<bucket>
Error: failed to access bucket: client error (Connect):
error connecting to https://s3.ca-central-1.amazonaws.com/ -
tcp connect error: deadline has elapsed
Same error from proxmox-backup-manager s3 check <endpoint-id> <bucket>.
proxmox-backup-manager s3 endpoint update --help lists no --proxy option. Available options are: --access-key, --endpoint, --port, --region, --fingerprint, --path-style, --rate-in/out, --burst-in/out, --put-rate-limit, --provider-quirks, --secret-key.
Is HTTP proxy support for the S3 backend in PBS 4.2.0-1, or is it planned for a later 4.2.x point release? The release notes I read suggested 4.2 added proxy support for S3, but the CLI schema in this build doesn't expose it.
S3 endpoint config (/etc/proxmox-backup/s3.cfg, redacted):
s3-endpoint: <endpoint-id>
access-key <AKIA...>
endpoint s3.ca-central-1.amazonaws.com
path-style true
region ca-central-1
secret-key <XXXXXXXXXXX>
Error:
# proxmox-backup-manager datastore create <store> /mnt/<cache> --backend type=s3,client=<endpoint-id>,bucket=<bucket>
Error: failed to access bucket: client error (Connect):
error connecting to https://s3.ca-central-1.amazonaws.com/ -
tcp connect error: deadline has elapsed
Same error from proxmox-backup-manager s3 check <endpoint-id> <bucket>.
proxmox-backup-manager s3 endpoint update --help lists no --proxy option. Available options are: --access-key, --endpoint, --port, --region, --fingerprint, --path-style, --rate-in/out, --burst-in/out, --put-rate-limit, --provider-quirks, --secret-key.
Is HTTP proxy support for the S3 backend in PBS 4.2.0-1, or is it planned for a later 4.2.x point release? The release notes I read suggested 4.2 added proxy support for S3, but the CLI schema in this build doesn't expose it.