Official NixOS Wiki

Enterprise: Difference between revisions

← Older editNewer edit →
imported>Makefu
VisualWikitext
imported>Bobvanderlinden
No edit summary
imported>Makefu
Document handling of tls intercepting proxies
Line 34: Line 34:


== TLS Intercepting Proxy ==
== TLS Intercepting Proxy ==
 
TLS-Intercepting proxies will intercept each and every TLS connection and replace the original certificate with it's own to be able to introspect the traffic. This of course creates validation issues with the "official" ca-certificate project.
As of right now there currently does not seem to be a way to install nix packages via an intercepting proxy which replaces the ''original'' TLS certificate with the certificate created by the intercepting proxy, see [https://github.com/NixOS/nix/issues/1896 nix issue #1896].
Since [https://github.com/NixOS/nix/issues/1896 nix pr #2181] you are able to set your intercepting Proxy certificate via <code>NIX_SSL_CERT_FILE</code> to a file on your system which contains the root and intermediate certificates of your proxy.
See also [https://nixos.org/nix/manual/#sec-nix-ssl-cert-file the appropriate section in the nix manual]


The proxy itself can be set via the environment variables <code>HTTP_PROXY</code> and <code>HTTPS_PROXY</code>.
The proxy itself can be set via the environment variables <code>HTTP_PROXY</code> and <code>HTTPS_PROXY</code>.
Retrieved from "https://wiki.nixos.org/wiki/Enterprise"