How to configure Concourse with an HTTP/HTTPS proxy
Concourse workers require an HTTP/HTTPS proxy to access external artifacts from the internet.
Deploy Concourse workers with appropriate proxy configuration for the
- name: worker ... jobs: - name: groundcrew release: concourse properties: http_proxy_url: <http_proxy_url>:<http_proxy_port> https_proxy_url: <https_proxy_url>:<http_proxy_port> no_proxy: - localhost - 127.0.0.1 - mydomain.com - 10.190
Documentation on accepted groundcrew job's parameters: https://bosh.io/jobs/groundcrew?source=github.com/concourse/concourse#p=http_proxy_url
In order to verify if the proxy configuration was applied after redeploying Concourse with the updates above, intercept the container of a pipeline task and check its environment variables (
env command). It should contain the corresponding
no_proxy variables along with their configured values from the Concourse deployment manifest.
The garden job has similar parameters which may or may not need to be set.
Note: no_proxy is not always supported for CIDRs. Some libraries will support it and some will not. You can however add IP ranges by doing the following:
10.190 -> will match 10.190.0.0 - the equivalent of 10.190.0.0/16
- Problem: Even with proxy config, connectivity fails with a message similar to
Cloning into /tmp/git-resource-repo-cache\... fatal: unable to access ... : Failed to connect to <proxy_ip> port 1080: Connection timed out
Possible root cause: socks proxy may be running on a non-standard port.
Potential solution: explicitly declare the proxy port number in the deployment manifest (even for http and port 80) and re-deploy Concourse.
... properties: http_proxy_url: http://10.160.0.29:80 https_proxy_url: http://10.160.0.29:80 ...