HTTP Proxy

This document describes how to configure Supervisely to use HTTP proxy. This is useful if your network requires all outgoing traffic to go through a proxy server.

Configuring Host and Docker to use HTTP proxy

Since there is no standard way to configure an HTTP proxy for every application, we need to make sure that both the host and Docker are configured to use the proxy.

The host configuration is usually configured via environment variables via /etc/environment file. Here is an example:

http_proxy="http://proxy_server_ip:proxy_port"
https_proxy="http://proxy_server_ip:proxy_port"
no_proxy="localhost,other_private_addresses"

To configure Docker client to use HTTP proxy, you need to set the variables for dockerd service.

Create a folder in the systemd folder:

sudo mkdir /etc/systemd/system/docker.service.d

Create a file /etc/systemd/system/docker.service.d/http-proxy.conf with the following content:

[Service]
Environment="HTTP_PROXY=http://proxy_server_ip:proxy_port"
Environment="HTTPS_PROXY=http://proxy_server_ip:proxy_port"
Environment="NO_PROXY=localhost,other_private_addresses"

Apply configuration and restart docker service:

sudo systemctl daemon-reload
sudo systemctl restart docker

if the method above doesn't work, or you don't use systemd, please check out the official documentation

HTTP proxy

To configure Supervisely to use HTTP proxy, you need to set the following variables in the .env file in the sudo supervisely where folder:

SLY_HTTPS_PROXY=
SLY_HTTP_PROXY=
SLY_NO_PROXY=

By default Supervisely Agents use the same proxy settings as the Supervisely instance. If you want to use different proxy settings you can configure them in the advanced settings of the Instructions dialog window on the Team Cluster page. Don't forget to redeploy the Agent after changing the settings.

HTTPS proxy with a custom CA certificate

In case you're using an HTTPS proxy with a custom CA certificate, you need to add the CA certificate to the trusted store on the server.

Copy the CA certificate to the following folder:

/usr/local/share/ca-certificates/

After that run the following command:

sudo update-ca-certificates

That will concatenate all certificates to /etc/ssl/certs/ca-certificates.crt which we can then use for Supervisely.

Now we need to let Supervisely know where to find the CA certificate.

Cd to the Supervisely workdir:

cd `sudo supervisely where`

Create a docker-compose.override.yml if it doesn't exist or merge it with the existing one:

services:
  api:
    environment:
      NODE_EXTRA_CA_CERTS: '/usr/local/share/ca-certificates/'
    volumes:
      - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro
  api-public:
    environment:
      NODE_EXTRA_CA_CERTS: '/usr/local/share/ca-certificates/'
    volumes:
      - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro
  http-storage:
    environment:
      NODE_EXTRA_CA_CERTS: '/usr/local/share/ca-certificates/'
    volumes:
      - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro
  migrator:
    environment:
      NODE_EXTRA_CA_CERTS: '/usr/local/share/ca-certificates/'
    volumes:
      - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro
  worker-general:
    environment:
      NODE_EXTRA_CA_CERTS: '/usr/local/share/ca-certificates/'
    volumes:
      - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro

Deploy the changes:

sudo supervisely up -d

Supervisely Agent can be configured to use the CA certificate by editing "Agent host CA cert path" in the advanced settings. You can find advanced settings in the Instructions dialog window on the Team Cluster page. Don't forget to redeploy the Agent after changing the settings.

PreviousFirewall NextOffline usage

Last updated 2 years ago

hashtagConfiguring Host and Docker to use HTTP proxy

hashtagHTTP proxy

hashtagHTTPS proxy with a custom CA certificate

Configuring Host and Docker to use HTTP proxy

HTTP proxy

HTTPS proxy with a custom CA certificate