Skip to content

Using a Proxy with Private Locations

Configuring a Proxy

As the Private Location redirects traffic between two endpoints, it does not listen to the classic environment variables HTTP_PROXY, HTTPS_PROXY, and NO_PROXY.

When configuring a proxy, you first need to check where you want the proxy to be used:

  • You may only want to use the proxy to connect to the Escape Platform (escape-cli to Internet), for that you want to configure the ESCAPE_FRONTEND_PROXY_URL environment variable.
  • You may want to use the proxy to connect to your internal services (escape-cli to your API), for that you want to configure the ESCAPE_BACKEND_PROXY_URL environment variable.

Supported Proxy Protocols

Private Locations support the following proxy protocols for both frontend and backend connections:

  • HTTP - Standard HTTP proxy
  • HTTPS - Secure HTTP proxy with TLS
  • SOCKS5 - SOCKS5 proxy protocol

This includes support for Web Application Firewalls (WAF) and enterprise proxy infrastructure that use these protocols.

WAF and Enterprise Proxy Compatibility

Private Locations are fully compatible with deployments behind Web Application Firewalls (WAF) and enterprise proxy infrastructure. The flexible proxy configuration allows the Private Location to route traffic through security layers while maintaining secure connectivity to both the Escape platform and internal services.

Example: Using Helm

With the following values.yaml file, you will add a proxy to your Helm deployment:

container:
  env:
    - name: ESCAPE_FRONTEND_PROXY_URL # Deployment -> Proxy -> Internet -> Escape Platform
      value: http://user:pass@my-proxy.server.tld:1234
    - name: ESCAPE_BACKEND_PROXY_URL # Deployment -> Proxy -> Your API
      value: http://user:pass@my-proxy.server.tld:1234

You can update your Helm deployment with the following command:

helm upgrade --install escape-private-location escape-cli/private-location --values values.yaml --set ESCAPE_API_KEY="${ESCAPE_API_KEY}"