If you have an HTTP proxy, you will need to configure the runner to use it when downloading and uploading artifacts. We recommend using the library hpagent
for this:
-
yarn add hpagent
-
Create a new file
custom-proxy-config.js
-
Customise your proxy using the HPAgent however you like:
const { HttpsProxyAgent } = require('hpagent'); const proxyConfig = (nxDefaultConfig) => ({ ...nxDefaultConfig, proxy: false, httpsAgent: new HttpsProxyAgent({ proxy: 'https://your-customproxy.com:4042', // <-- your custom proxy url ca: [""], // <-- optional path to a certificate authority rejectUnauthorized: false // <-- set this to false if you want to ignore invalid certificate warnings - ⚠️ Not Recommended }) }); module.exports = { nxCloudProxyConfig: proxyConfig, fileServerProxyConfig: proxyConfig }
-
Point the runner to your custom configuration:
"tasksRunnerOptions": { "default": { "runner": "nx-cloud", "options": { "accessToken": "…..", "cacheableOperations": [ …. ], "url": "….", "customProxyConfigPath": "./custom-proxy-config.js" // <--- here } } },
If you have an internal cluster but are using an external S3 bucket, then your proxy might block connections from the NxAPI to your S3 bucket. The same issue will happen with connection to your Github/Gitlab instance.
For that, you can try forcing the connection to bypass the proxy by setting the NO_PROXY=amazonaws.com,your-github-instance.com
env var on your
NxAPI pods.
If you need the calls to go through a proxy, you can define this at the root of your helm-values.yaml
:
vcsHttpsProxy: 'http://your-proxy.com:80'
If you have set-up your NxCloud cluster with a self-signed certificate you can use the same strategy as in the case of running behind a proxy, but this time you can use node:https
. Change the contents of the custom-proxy-config.js
file detailed above to the following:
const https = require('node:https');
const selfSignedConfig = (nxDefaultConfig) => ({
...nxDefaultConfig,
proxy: false,
httpsAgent: new https.Agent({
ca: "./path/to/your/certificate.pem", // <-- path to the self-signed certificate
})
});
module.exports = {
nxCloudProxyConfig: selfSignedConfig,
fileServerProxyConfig: selfSignedConfig,
}
If you are using a self-hosted service such as Gitlab or Github and securing connections to them with a self-signed certificate, you will need to provide the extra certificates to the Nx Cloud pods:
-
Upload your cert as a ConfigMap
kubectl create configmap self-signed-certs --from-file=self-signed-cert.crt=./cert.pem
-
Point your Helm values to the config map:
selfSignedCertConfigMap: 'self-signed-certs'