In general, the proxy-related environment variables will look like this:

HTTP_PROXY=10.1.2.3:8080
HTTPS_PROXY=10.1.2.3:8080
NO_PROXY=10.4.5.6,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local

The first two define which IP to connect through for HTTP and HTTPS requests. The third one defines which IPs, CIDRs or hostnames are exempt from all other proxy settings. Exceptions are required to allow communication with services running on the server or on the local network.

Configure Rancher

If it’s a new cluster, it’s fastest to do this first (after creating the registration command).

DO NOT enter “Agent Environment Variables” on the Import screen before the registration command is created. Otherwise, the variables cannot be changed in the future without deleting and re-registering the cluster.

Enter them on the Cluster management page instead, after creating the reg. command:

1. Go to the Rancher dashboard Cluster Management > Clusters and click Edit Config for the desired cluster:

2. Open Advanced Options:

3. Configure the following Agent Environment Variables and press Save:

HTTP_PROXY: $PROXY_IP
HTTPS_PROXY: $PROXY_IP
NO_PROXY: $NODE_IP,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local

Configure VM environment

1. Set the variables for the shell - used by most commands ran in CLI:

   1. Check variables with set | grep -i _proxy. Make sure they’re all UPPERCASE, no lowercase variables, and all must have the correct values. The expected output is as the example on the top.

   2. If they are already set correctly, make sure they’re only set once, otherwise one may override the other. It could be in any of these files:

      1. ~/.profile (per user setting)

      2. /etc/profile.d/*

      3. /etc/profile (rare and not best practice)

      4. /etc/environment
         If in doubt, delete any *_proxy variables from these files, then restart the shell (disconnect and reconnect) and go to step 1.a.

   3. If they have not yet been set correctly, open the file (e.g. /etc/environment) and set them:

      export HTTP_PROXY='$PROXY_IP' export HTTPS_PROXY='$PROXY_IP' export NO_PROXY='$NODE_IP,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local'

   4. If any changes were made in 1.c, make sure they were applied. Restart the shell (disconnect and reconnect) and go to 1.a.
      

2. Set the variables for the K3s service - used for rancher connection and fetching container images (for product updates):

   1. Open /etc/systemd/system/k3s.service.env and make sure it has the correct values:

      K3S_KUBECONFIG_MODE='644' http_proxy='$PROXY_IP' https_proxy='$PROXY_IP' no_proxy='10.4.5.6,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local'

   2. If K3s is (re)installed now, this should be set already.
      

3. Restart k3s service:
   If changes were made in step 2, make sure changes are propagated everywhere, kill all containers before restarting them with the service restart:
   /usr/local/bin/k3s-killall.sh (DO NOT confuse this with k3s-uninstall.sh - that will remove all customer data)
   systemctl restart k3s.service
   

4. If the cluster was registered before, re-register it. The “Reconnecting without new registration” section should suffice: Re-register cluster in Rancher

Configure Data Sources

If applicable*, proxy settings for connectors are configured from the dashboard (after the product has been installed) under Administration > Data Sources > Global Settings.

*The proxy setting - as of platform 2.1.3352 (26 Jun 2025) - enables the proxy for ALL data sources.
For example, if the proxy is configured to allow Sharepoint Online scans, connections will go through the proxy even for scans of local SMB servers.
It’s not yet possible to customize which connectors should use the proxy and which ones to connect directly.