Overview
The `NO_PROXY` environment variable is used to specify hosts that should bypass proxy settings when making network connections. In Netpicker deployments, this setting is particularly important for ensuring proper communication between the agent and API services in containerized environments.
Problem Description
When deploying Netpicker using Docker in environments with proxy configurations, the agent may fail to connect to the API service, resulting in:
– “Agent not connected” message in the GUI
– HTTP 407 (Proxy Authentication Required) errors in agent logs
– Repeated connection failures between agent and API websocket endpoints
Example Error Logs
“`
2025-07-03 09:51:45,010 [-][ERROR] agent:37: proxy rejected connection: HTTP 407
NoneType: None
2025-07-03 09:51:45,011 [cmd_handler][INFO] agent:143: Agent endpoint = {‘uri’: ‘ws://api:8000/api/v1/agents/ws’, ‘additional_headers’: {‘x-client-id’: ‘DrkSpy@agent’}}
“`
Solution
Add the `NO_PROXY` environment variable to the agent service configuration to bypass proxy settings for internal service communication.
Configuration
Docker Compose Configuration
Add the `NO_PROXY` environment variable to your agent service in `docker-compose.yml`:
“`yaml
agent:
hostname: agent
image: “netpicker/agent:2.3.2”
container_name: agent
labels:
netpicker.io: service
service.netpicker.io: agent
environment:
<<: *tag-params
AGENT_ID: DrkSpy
NO_PROXY: api
“`
Environment Variable Options
The `NO_PROXY` variable accepts several formats:
Single Host
“`yaml
NO_PROXY: api
“`
Multiple Hosts (comma-separated)
“`yaml
NO_PROXY: api,db,redis
“`
With Port Numbers
“`yaml
NO_PROXY: api:8000,db:5432
“`
IP Addresses and Domains
“`yaml
NO_PROXY: localhost,127.0.0.1,api,*.local
“`
When to Use NO_PROXY
Configure `NO_PROXY` when:
1. **Corporate Network Environment**: Your organization uses a corporate proxy for internet access
2. **Docker Network Issues**: Internal container-to-container communication is being routed through proxy
3. **HTTP 407 Errors**: Agent logs show proxy authentication errors
4. **Agent Connection Failures**: GUI shows “Agent not connected” despite containers running healthy
Troubleshooting
1. Verify Container Network
First, check that all containers are running and healthy:
“`bash
docker ps
“`
Look for containers with `(healthy)` status.
2. Check Agent Logs
Review agent logs for proxy-related errors:
“`bash
docker logs agent
“`
Look for:
– `proxy rejected connection: HTTP 407`
– Connection timeout errors
– WebSocket connection failures
3. Test Internal Connectivity
Test if the agent can reach the API service:
“`bash
# Execute shell in agent container
docker exec -it agent /bin/bash
# Test connectivity to API service
curl -v http://api:8000/health
“`
4. Network Configuration
Verify Docker network configuration:
“`bash
# List Docker networks
docker network ls
# Inspect the network used by your containers
docker network inspect <network_name>
“`
Advanced Configuration
Complete NO_PROXY Example
For comprehensive proxy bypass in complex environments:
“`yaml
agent:
hostname: agent
image: ‘netpicker/agent:2.3.2’
container_name: agent
environment:
AGENT_ID: DrkSpy
NO_PROXY: api,db,redis,gitd,gitdctrl,kibbitzer,celery,localhost,127.0.0.1,*.local
HTTP_PROXY: http://your-proxy:8080
HTTPS_PROXY: http://your-proxy:8080
“`
Environment-Specific Settings
Development Environment
“`yaml
NO_PROXY: localhost,127.0.0.1,api,db,redis
“`
Production Environment
“`yaml
NO_PROXY: api,db,redis,gitd,gitdctrl,kibbitzer,celery,internal-service.company.com
“`
Best Practices
1. **Minimal Configuration**: Only bypass proxy for services that need direct communication
2. **Internal Services**: Always include internal service names in NO_PROXY
3. **localhost/127.0.0.1**: Include local addresses to prevent proxy loops
4. **Testing**: Verify configuration in development environment before production deployment
5. **Documentation**: Document any environment-specific proxy requirements
## Related Configuration
### Other Proxy Environment Variables
When configuring NO_PROXY, you may also need to set:
“`yaml
HTTP_PROXY: http://proxy.company.com:8080
HTTPS_PROXY: http://proxy.company.com:8080
FTP_PROXY: http://proxy.company.com:8080
“`
### Service Dependencies
Ensure NO_PROXY includes all services that the agent needs to communicate with:
– `api` – Main API service
– `db` – Database service (if direct connection needed)
– `redis` – Redis cache service
– `gitd` – Git daemon service
– `gitdctrl` – Git daemon control service
## Troubleshooting Checklist
– [ ] All containers are running and healthy
– [ ] Agent logs show connection attempts to correct endpoints
– [ ] NO_PROXY includes all required internal services
– [ ] Network connectivity between containers is working
– [ ] Proxy settings are correctly configured for external access
– [ ] Agent container can resolve service names (DNS)
## References
– [Docker Compose Environment Variables](https://docs.docker.com/compose/environment-variables/)
– [Python Requests Proxy Documentation](https://requests.readthedocs.io/en/latest/user/advanced/#proxies)
– [HTTP Proxy Environment Variables](https://docs.docker.com/network/proxy/)