# Proxy Configuration Configure Vrex to work with corporate proxy servers Vrex uses WinHTTP for network requests. If your organization uses a proxy server, you'll need to configure the system proxy for Vrex to connect. ## Understanding Proxy Types ### Browser Proxy vs System Proxy - **Browser proxy:** Configured in Chrome/Edge settings - **System proxy (WinHTTP):** Configured at the OS level Vrex uses **WinHTTP**, not browser settings. Configure the system proxy even if your browser works fine. ### Proxy Auto-Discovery Windows can auto-discover proxy settings via: - **WPAD (Web Proxy Auto-Discovery)** - **PAC files (Proxy Auto-Config)** - **Manual configuration** ## Configuring WinHTTP Proxy ### Method 1: Import from IE/Edge Import your browser's proxy settings to WinHTTP: ```powershell netsh winhttp import proxy source=ie ``` ### Method 2: Manual Configuration Set the proxy directly: ```powershell netsh winhttp set proxy proxy-server="proxy.company.com:8080" ``` With bypass list (for internal domains): ```powershell netsh winhttp set proxy proxy-server="proxy.company.com:8080" bypass-list="*.internal.com;localhost" ``` ### Method 3: PAC File If your organization uses a PAC file: ```powershell netsh winhttp set proxy proxy-server="http://pac.company.com/proxy.pac" ``` ## Verifying Configuration ### Check Current Settings ```powershell netsh winhttp show proxy ``` Expected output: ``` Current WinHTTP proxy settings: Proxy Server(s) : proxy.company.com:8080 Bypass List : *.internal.com;localhost ``` ### Test Connectivity Test that Vrex endpoints are reachable: ```powershell # Test core API Invoke-WebRequest -Uri "https://api.vrex.no" -UseBasicParsing # Test authentication Invoke-WebRequest -Uri "https://auth.vrex.no" -UseBasicParsing # Test CDN Invoke-WebRequest -Uri "https://cdn.vrex.no" -UseBasicParsing ``` ## SSL Inspection Many proxies perform SSL inspection (man-in-the-middle). This can cause issues with Vrex. ### Symptoms - Certificate errors - "Cannot establish trust" messages - Connections fail after initial handshake ### Solution 1. **Install proxy root certificate** in Windows certificate store 2. **Or** bypass SSL inspection for Vrex domains (recommended) ### Bypass List for SSL Inspection Add these domains to your proxy's bypass/allow list: ``` *.vrex.no *.auth0.com *.amazonaws.com *.cloudfront.net *.innoactive.io ``` ## Certificate Revocation Vrex checks certificate validity via CRL and OCSP. If these checks fail, connections are rejected. ### Common Issues - Proxy blocks CRL/OCSP endpoints - Revocation check timeout - "Unable to check certificate revocation" error ### Solution Allow access to CA revocation endpoints: ``` *.digicert.com *.sectigo.com *.globalsign.com ocsp.pki.goog ``` ## Troubleshooting Proxy Issues ### "Cannot check access" Error 1. Verify WinHTTP proxy is set correctly 2. Test connectivity to api.vrex.no 3. Check SSL inspection bypass ### Authentication Required Some proxies require credentials. Vrex uses Windows credentials automatically via NTLM/Kerberos. If using basic auth: 1. Pre-authenticate in browser 2. Ensure credentials are cached 3. Or configure proxy-less access for Vrex domains ### Slow Connections SSL inspection adds latency. Bypass inspection for Vrex domains for better performance. ## Resetting Configuration To clear proxy settings: ```powershell netsh winhttp reset proxy ``` ## Diagnostic Script Run this to test all endpoints: ```powershell $endpoints = @( "https://api.vrex.no", "https://auth.vrex.no", "https://cdn.vrex.no", "https://vrex-releases.s3.eu-north-1.amazonaws.com" ) Write-Host "Testing Vrex endpoints through proxy..." -ForegroundColor Cyan Write-Host "Current proxy settings:" netsh winhttp show proxy foreach ($url in $endpoints) { try { $response = Invoke-WebRequest -Uri $url -UseBasicParsing -TimeoutSec 10 Write-Host "✓ $url - OK ($($response.StatusCode))" -ForegroundColor Green } catch { Write-Host "✗ $url - FAILED" -ForegroundColor Red Write-Host " Error: $($_.Exception.Message)" -ForegroundColor Yellow } } ```