HTTP Proxy

Many environments require using an HTTP proxy in order to establish communication with hosts on the Internet. Depending on the configuration of the proxy server, it may allow access to the FMOS package repository.

To configure the system to use a proxy server, the proxy URL of the server must be set in the HTTPS proxy environment variable in the Server Control Panel (SCP > OS > Proxy).

Only proxy servers that support HTTP CONNECT will work. Proxies that require TLS decryption (also called “SSL bumping”) will not work. This is because the FMOS package repository uses TLS mutual authentication to prevent man-in-the-middle attacks. Since decrypting proxies are a form of man-in-the-middle attack, they cannot work by definition. If fmos enable-updates fails with an error like “certificate issuer is not recognized,” it is likely the proxy is doing TLS decryption.

To add an HTTP proxy, complete the following steps.

1. On the toolbar, click OS > Proxy.
2. Enable the Default Proxy field and enter the proxy URL.
3. Enable the HTTP Proxy and/or HTTPS Proxy fields and enter the proxy URL to use for each connection type that will be used.
4. Enable the No Proxy For field and enter host names to which direct connections should be made without using the proxy set for the specific protocol.

The list should be comma separate.

7. When finished, click Stage Changes.
8. If no other changes are being made, click Apply Configuration.