Chapter 4. Running Red Hat Developer Hub behind a corporate proxy
In a network restricted environment, configure Red Hat Developer Hub to use your proxy to access remote network resources.
You can run the Developer Hub application behind a corporate proxy by setting any of the following environment variables before starting the application:
HTTP_PROXY
- Denotes the proxy to use for HTTP requests.
HTTPS_PROXY
- Denotes the proxy to use for HTTPS requests.
NO_PROXY
- Set the environment variable to bypass the proxy for certain domains. The variable value is a comma-separated list of hostnames or IP addresses that can be accessed without the proxy, even if one is specified.
4.1. Understanding the NO_PROXY
exclusion rules
NO_PROXY
is a comma or space-separated list of hostnames or IP addresses, with optional port numbers. If the input URL matches any of the entries listed in NO_PROXY
, a direct request fetches that URL, for example, bypassing the proxy settings.
The default value for NO_PROXY
in RHDH is localhost,127.0.0.1
. If you want to override it, include at least localhost
or localhost:7007
in the list. Otherwise, the RHDH backend might fail.
Matching follows the rules below:
-
NO_PROXY=*
will bypass the proxy for all requests. -
Space and commas might separate the entries in the
NO_PROXY
list. For example,NO_PROXY="localhost,example.com"
, orNO_PROXY="localhost example.com"
, orNO_PROXY="localhost, example.com"
would have the same effect. -
If
NO_PROXY
contains no entries, configuring theHTTP(S)_PROXY
settings makes the backend send all requests through the proxy. -
The backend does not perform a DNS lookup to determine if a request should bypass the proxy or not. For example, if DNS resolves
example.com
to1.2.3.4
, settingNO_PROXY=1.2.3.4
has no effect on requests sent toexample.com
. Only requests sent to the IP address1.2.3.4
bypass the proxy. -
If you add a port after the hostname or IP address, the request must match both the host/IP and port to bypass the proxy. For example,
NO_PROXY=example.com:1234
would bypass the proxy for requests tohttp(s)://example.com:1234
, but not for requests on other ports, likehttp(s)://example.com
. -
If you do not specify a port after the hostname or IP address, all requests to that host/IP address will bypass the proxy regardless of the port. For example,
NO_PROXY=localhost
would bypass the proxy for requests sent to URLs likehttp(s)://localhost:7077
andhttp(s)://localhost:8888
. -
IP Address blocks in CIDR notation will not work. So setting
NO_PROXY=10.11.0.0/16
will not have any effect, even if the backend sends a request to an IP address in that block. -
Supports only IPv4 addresses. IPv6 addresses like
::1
will not work. -
Generally, the proxy is only bypassed if the hostname is an exact match for an entry in the
NO_PROXY
list. The only exceptions are entries that start with a dot (.
) or with a wildcard (*
). In such a case, bypass the proxy if the hostname ends with the entry.
List the domain and the wildcard domain if you want to exclude a given domain and all its subdomains. For example, you would set NO_PROXY=example.com,.example.com
to bypass the proxy for requests sent to http(s)://example.com
and http(s)://subdomain.example.com
.
4.2. Configuring proxy information in Operator deployment
For Operator-based deployment, the approach you use for proxy configuration is based on your role:
- As a cluster administrator with access to the Operator namespace, you can configure the proxy variables in the Operator’s default ConfigMap file. This configuration applies the proxy settings to all the users of the Operator.
- As a developer, you can configure the proxy variables in a custom resource (CR) file. This configuration applies the proxy settings to the RHDH application created from that CR.
Prerequisites
- You have installed the Red Hat Developer Hub application.
Procedure
Perform one of the following steps based on your role:
As an administrator, set the proxy information in the Operator’s default ConfigMap file:
-
Search for a ConfigMap file named
backstage-default-config
in the default namespacerhdh-operator
and open it. -
Find the
deployment.yaml
key. Set the value of the
HTTP_PROXY
,HTTPS_PROXY
, andNO_PROXY
environment variables in theDeployment
spec as shown in the following example:Example: Setting proxy variables in a ConfigMap file
# Other fields omitted deployment.yaml: |- apiVersion: apps/v1 kind: Deployment spec: template: spec: # Other fields omitted initContainers: - name: install-dynamic-plugins # command omitted env: - name: NPM_CONFIG_USERCONFIG value: /opt/app-root/src/.npmrc.dynamic-plugins - name: HTTP_PROXY value: 'http://10.10.10.105:3128' - name: HTTPS_PROXY value: 'http://10.10.10.106:3128' - name: NO_PROXY value: 'localhost,example.org' # Other fields omitted containers: - name: backstage-backend # Other fields omitted env: - name: APP_CONFIG_backend_listen_port value: "7007" - name: HTTP_PROXY value: 'http://10.10.10.105:3128' - name: HTTPS_PROXY value: 'http://10.10.10.106:3128' - name: NO_PROXY value: 'localhost,example.org'
-
Search for a ConfigMap file named
As a developer, set the proxy information in your custom resource (CR) file as shown in the following example:
Example: Setting proxy variables in a CR file
spec: # Other fields omitted application: extraEnvs: envs: - name: HTTP_PROXY value: 'http://10.10.10.105:3128' - name: HTTPS_PROXY value: 'http://10.10.10.106:3128' - name: NO_PROXY value: 'localhost,example.org'
- Save the configuration changes.
4.3. Configuring proxy information in Helm deployment
For Helm-based deployment, either a developer or a cluster administrator with permissions to create resources in the cluster can configure the proxy variables in a values.yaml
Helm configuration file.
Prerequisites
- You have installed the Red Hat Developer Hub application.
Procedure
Set the proxy information in your Helm configuration file:
upstream: backstage: extraEnvVars: - name: HTTP_PROXY value: '<http_proxy_url>' - name: HTTPS_PROXY value: '<https_proxy_url>' - name: NO_PROXY value: '<no_proxy_settings>'
Where,
<http_proxy_url>
- Denotes a variable that you must replace with the HTTP proxy URL.
<https_proxy_url>
- Denotes a variable that you must replace with the HTTPS proxy URL.
<no_proxy_settings>
Denotes a variable that you must replace with comma-separated URLs, which you want to exclude from proxying, for example,
foo.com,baz.com
.Example: Setting proxy variables using Helm Chart
upstream: backstage: extraEnvVars: - name: HTTP_PROXY value: 'http://10.10.10.105:3128' - name: HTTPS_PROXY value: 'http://10.10.10.106:3128' - name: NO_PROXY value: 'localhost,example.org'
- Save the configuration changes.