Configuring proxies

You can work around limited internet access by configuring proxies at various points in your infrastructure, depending on your connectivity limitations.

The examples provided here assume an unauthenticated proxy running at proxy.example.vlan on port 8080.

Downloading agent installation packages through a proxy

If your Puppet Enterprise (PE) primary server is airgapped, it can't download agent installation packages. If you want to use package management to install agents, set up a proxy and specify its connection details in the pe_repo class.

You must specify pe_repo::http_proxy_host and pe_repo::http_proxy_port in the PE Master node group's pe_repo class. You can do this in the PE console, the primary server's pe.conf file, or Hiera.

To do this in the console, go to Node Groups > PE Master > Classes, locate the pe_repo class, and set the pe_repo::http_proxy_host and pe_repo::http_proxy_port parameters.

To do this in the pe.conf file, add the following lines to the primary server's pe.conf file. Make sure to use values specific to your proxy.
"pe_repo::http_proxy_host": "proxy.example.vlan",
"pe_repo::http_proxy_port": 8080
Tip: To test the proxy's connection to the pe_repo, run:
proxy_uri='http://<HTTP_PROXY_HOST>:<HTTP_PROXY_PORT>'
uri='https://pm.puppetlabs.com'

curl --proxy "$proxy_uri" --head "$uri"

For general information about forming curl commands, authentication in commands, and Windows modifications, go to Using example commands.

Setting a proxy for agent traffic

General proxy settings in puppet.conf manage HTTP connections directly initiated by the agent node.

To configure agents to communicate through a proxy, you must set the http_proxy_host and http_proxy_port settings in the agent node's puppet.conf file.
  1. On the agent node, open the puppet.conf file at /etc/puppetlabs/puppet/puppet.conf.
  2. Add these lines to the file, making sure to use values specific to your proxy:
    http_proxy_host = proxy.example.vlan
    http_proxy_port = 8080

For more information about HTTP proxy host options, including no_proxy, go to the http_proxy_host entry in the Puppet Configuration Reference.

Setting a proxy for Code Manager traffic

Code Manager has its own set of proxy configuration options you can use to set a proxy for connections to the Git server or the Forge. These settings are unaffected by the proxy settings in puppet.conf because Code Manager is run by Puppet Server.

Restriction: To set a proxy for Code Manager connections, you must use an HTTP URL for your r10k remote and all Puppetfile module entries.

You can set a proxy for all HTTP connections (including Git and the Forge) when configuring Code Manager. For detailed information about configuring proxies for Code Manager traffic, go to Managing code with Code Manager.

To use Hiera to configure a Code Manager proxy, add the following code to your default yaml file. Replace the example with your proxy's HTTP URL.
puppet_enterprise::profile::master::r10k_proxy: "http://proxy.example.vlan:8080"
Tip: Use these commands to test proxy connections to Git and the Forge. Replace the example with your proxy's HTTP URL.
proxy_uri='http://proxy.example.vlan:8080'
uri='https://github.com'

curl --proxy "$proxy_uri" --head "$uri"
proxy_uri='http://proxy.example.vlan:8080'
uri='https://forgeapi.puppet.com'

curl --proxy "$proxy_uri" --head "$uri"

For general information about forming curl commands, authentication in commands, and Windows modifications, go to Using example commands.