Errors when edit proxy settings in VCSA 6.7

When needed, you can configure a proxy server to automatically download VCSA updates in Appliance Management Interface (VAMI) [Port 5480] under Networking –> Proxy Settings. You have the options to configure proxy for HTTP, HTTPS and FTP.

When set a proxy server in VAMI, you could see these errors:

Error 1 (Syntax error)


[HTTP Error in method invocation expected string or bytes-like object]

Problem: You have to put protocol in front.
Solution: Instead of eg.: proxy_address set http://proxy_address

Error 2 (not reachable)


[HTTP Proxy server unreachable.]

Problem: Set address cannot be “ping”. So either ICMP or Echo request/reply is blocked by firewall.
Solution: Let ICMP traffic pass the firewall.

Notes for proxy settings in VCSA 6.7

  • What works: enable Echo request/reply, set proxy and deny Echo request/reply again.
  • IMHO it is not necessary to block ICMP/ping wherever possible. There are other ways to check available services behind an IP-address. ICMP furthermore eg. can  send control-messages for too long packages, which can be very useful. This does not work, when ICMP is blocked.
  • When user authentication is necessary, password is saved in clear-text in /etc/sysconfig/proxy.
  • Alternatively to setup proxy in GUI, configure proxy settings in /etc/sysconfig/proxy. To save user and password, use this syntax: HTTP_PROXY="http://user:password@proxy_address:80/"
  • When you try to setup proxy in API-Explorer: https://vcsa_address/apiexplorer/#/networking_proxy_ you will also get an error when server is not ping-able.
  • In VCSA 6.5 there was a bug when using HTTPS-proxy (here). This bug seems to be fixed in 6.7.
  • According to appliance configuration guide (here, page 36), you can use API commands within VCSA to configure proxy settings. This seems to be a copy/paste error in documentation because these commands do not work anymore.

Leave a Reply

Your email address will not be published. Required fields are marked *