Skip to content

Document the proxy and certificates settings

Current situation

It is common for deployments to be in contexts where proxies are defined. There is no precise documentation of what is used or not used.

Desired outcome

A clear documentation of what is used, what can be configured, and how.

Analysis

The python part relies on the requests library. This library uses the 'common' environment variables:

  • http_proxy
  • https_proxy
  • no_proxy
  • curl_ca_bundle

The java part relies on a jvm cacerts (/etc/ssl/certs/java/cacerts for a debian distribution, may change per distribution). We can refer to a pkcs12 truststore by adding to the _JAVA_OPTIONS environment variable the following:

-Djavax.net.ssl.trustStore=/path/to/pkcs12 -Djavax.net.ssl.trustStorePassword=<hush, don't tell anyone>

If the truststore is a legacy one (jks format), you can add -Djavax.net.ssl.trustStoreType=jks.

For proxies, you can add the following to _JAVA_OPTIONS:

-Dhttp.proxyHost=<hostname> -Dhttp.proxyPort=<port> -Dhttps.proxyHost=<hostname> -Dhttps.proxyPort=<port>

If needed, the proxy credentials can be provided by adding the following: -Dhttp.proxyUser=<login> -Dhttp.proxyPassword=<hush don't tell anyone> -Dhttps.proxyUser=<login> -Dhttps.proxyPassword=<hush don't tell anyone>

Solution

We should document this.

Edited by Martin Lafaix