-
Notifications
You must be signed in to change notification settings - Fork 914
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to run uv behind a corporate proxy? #1474
Comments
Run into the same problem here, both those variables are not respected by EDIT: I see the discussion is already open in #1339 |
#1339 seems like a near-duplicate but I think it's important to distinguish "treat this host as trusted" and "verify the trustworthiness of this host, but using a user-specified certificate". For a corporate environment the latter option is much prefereable as we'd rather not compromise on security. Having said that, resolving #1339 would allow corporate users to at least try |
This might have a much simpler solution - basically, if you changed your https://github.com/seanmonstar/reqwest/blob/master/Cargo.toml#L44 |
I actually made this exact change in #609 but it didn't get merged, we'll reconsider. |
This would be very useful for me too. We don't have a proxy that intercepts HTTPS, but we do use an internal index with a certificate signed by our internal CA. Having to specify |
Closes #1474 Using the `rustls-tls-native-roots` feature > `rustls-tls`: Enables TLS functionality provided by rustls. Equivalent to rustls-tls-webpki-roots. > > `rustls-tls-webpki-roots`: Enables TLS functionality provided by rustls, while using root certificates from the webpki-roots crate. > > `rustls-tls-native-roots`: Enables TLS functionality provided by rustls, while using root certificates from the rustls-native-certs crate. Additional context: - seanmonstar/reqwest#1554 - encode/httpx#302 - [Should I use the native certs or webpki-roots?](https://github.com/rustls/rustls-native-certs#should-i-use-this-or-webpki-roots) Prior discussion at #609
I'm still facing the same issue on version 0.1.11 Corporate network with ssl inspection firewall, custom ca on every site. Root certificate is trusted by windows, and environment variables REQUESTS_CA_BUNDLE and SSL_CERT_FILE are setup. Python requests work fine. Pip install as well. uv fails with error below.
|
in WSL, running windows-certs-2-wsl, export SSL_CERT_DIR=/etc/ssl/certs
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt did the trick. |
Following as I am in a similar boat :-/ On mac with apple silicon behind proxy. Tried running |
@a087861 try using the |
@zanieb that worked like a charm - thanks! |
Concernthis might work for linux based systems (including wsl) but in Windows it greatly depends on several preconditions (such as the selected shell). How i bypassed the issueIn my case i was able to install packages using the following on Windows 10 using git-bash as my shell of choice. export HTTPS_PROXY=<company-proxy-here>
uv add --allow-insecure-host pypi.org --allow-insecure-host files.pythonhosted.org <package_name> Suggested Permanent SolutionIMO a great flag addition similar to the Not sure how difficult this is to add. export HTTPS_PROXY=<company-proxy-here>
uv add --custom-ca-file <path to company internal root ca cert or bundle of certs> <package_name> UpdateAs @zanieb mentioned there is already an env variable in place to provide the desired functionality. export HTTPS_PROXY=<company-proxy-here>
export SSL_CERT_FILE=<path to company internal root ca cert or bundle of certs>
uv add <package_name> Thanks @zanieb for pointing this out. |
You can use the standard |
Our corporate proxy inspects traffic and thus inserts its own certificate that has to be configured to trust across applications on the system. I do this by setting
REQUESTS_CA_BUNDLE
andSSL_CERT_FILE
, etc. It seems thatuv
doesn't respect either of those. Is there another environment variable that it takes into account?The text was updated successfully, but these errors were encountered: