Summary
The Proxmox packer plugin does not respect HTTPS_PROXY / HTTP_PROXY environment variables when connecting to the Proxmox API. This makes it impossible to use the plugin in environments where the Proxmox server is only reachable through an HTTP proxy (e.g., on-prem Proxmox behind a VPN proxy from a cloud-hosted CI runner).
Root Cause
In builder/proxmox/common/client.go, newProxmoxClient() calls proxmox.NewClient() with an empty proxy string:
client, err := proxmox.NewClient(strings.TrimSuffix(config.proxmoxURL.String(), "/"), nil, "", tlsConfig, "", int(config.TaskTimeout.Seconds()))
The upstream Telmate library (proxmox-api-go) then creates an http.Transport with Proxy: nil when the proxy string is empty:
// proxmox/session.go in NewSession()
if proxyString == "" {
tr := &http.Transport{
TLSClientConfig: tls,
DisableCompression: true,
Proxy: nil, // explicitly disables proxy
}Setting Proxy: nil explicitly disables Go's default proxy behavior (http.ProxyFromEnvironment), which means HTTPS_PROXY, HTTP_PROXY, and NO_PROXY environment variables are completely ignored.
Expected Behavior
When no explicit proxy is configured, the plugin should respect standard proxy environment variables (HTTPS_PROXY, HTTP_PROXY, NO_PROXY) by using http.ProxyFromEnvironment as the proxy function on the HTTP transport.
Proposed Fix
Two options (either would work):
Option A — Fix in packer-plugin-proxmox: create an http.Client with http.ProxyFromEnvironment and pass it to proxmox.NewClient() instead of nil:
tr := &http.Transport{
TLSClientConfig: tlsConfig,
Proxy: http.ProxyFromEnvironment,
}
hclient := &http.Client{Transport: tr}
client, err := proxmox.NewClient(..., hclient, "", tlsConfig, "", ...)Option B — Fix in Telmate/proxmox-api-go: change the default Proxy from nil to http.ProxyFromEnvironment when no proxy string is provided.
Environment
- packer-plugin-proxmox v1.2.3
- Running in Kubernetes (EKS) with an HTTP proxy for VPN access to on-prem Proxmox
HTTPS_PROXY is set and works correctly with curl and other Go HTTP clients
Summary
The Proxmox packer plugin does not respect
HTTPS_PROXY/HTTP_PROXYenvironment variables when connecting to the Proxmox API. This makes it impossible to use the plugin in environments where the Proxmox server is only reachable through an HTTP proxy (e.g., on-prem Proxmox behind a VPN proxy from a cloud-hosted CI runner).Root Cause
In
builder/proxmox/common/client.go,newProxmoxClient()callsproxmox.NewClient()with an empty proxy string:The upstream Telmate library (
proxmox-api-go) then creates anhttp.TransportwithProxy: nilwhen the proxy string is empty:Setting
Proxy: nilexplicitly disables Go's default proxy behavior (http.ProxyFromEnvironment), which meansHTTPS_PROXY,HTTP_PROXY, andNO_PROXYenvironment variables are completely ignored.Expected Behavior
When no explicit proxy is configured, the plugin should respect standard proxy environment variables (
HTTPS_PROXY,HTTP_PROXY,NO_PROXY) by usinghttp.ProxyFromEnvironmentas the proxy function on the HTTP transport.Proposed Fix
Two options (either would work):
Option A — Fix in packer-plugin-proxmox: create an
http.Clientwithhttp.ProxyFromEnvironmentand pass it toproxmox.NewClient()instead ofnil:Option B — Fix in Telmate/proxmox-api-go: change the default
Proxyfromniltohttp.ProxyFromEnvironmentwhen no proxy string is provided.Environment
HTTPS_PROXYis set and works correctly with curl and other Go HTTP clients