Identity service does not handle no_proxy environment variable

[absolutebandit]

I'm trying to configure IoT Edge 1.4 for a client where we need the IoT Edge services to communicate all outbound traffic through a proxy except traffic to IP addresses on the clients private network where the IoT Hub and Container Registry are exposed.

It explains here how to configure the aziot-identityd service:
https://learn.microsoft.com/en-us/azure/iot-edge/how-to-configure-proxy-support?view=iotedge-1.4#linux

In addition to the configuration described above to set "https_proxy" we have added a "no_proxy" env var for the traffic to the private network. But I think the service still tries to use the proxy to communicate with the IoT Hub.

Here's our latest attempt at configuring the aziot-identityd service:

[Service]
Environment="HTTP_PROXY=http://example:1234"
Environment="HTTPS_PROXY=http://example:1234"
Environment="NO_PROXY=azurecr.io,azure-devices.net"

When we configure the docker daemon service with this exact configuration it seems to use both the HTTPS_PROXY and the NO_PROXY evironment variables.

Am I right in thinking you don't support the "no_proxy" var yet in this service? I've never looked at this "rust" before so forgive me if I'm wrong but it looks like you only support "https_proxy" here?

iot-identity-service/http-common/src/proxy.rs

Line 274 in d0a1035

.or_else(|| env::var("HTTPS_PROXY").ok())

Is it possible to configure the services to only use the proxy for certain IP address ranges/hosts/domains?

[arsing]

Am I right in thinking you don't support the "no_proxy" var yet in this service?

Yes.

Is it possible to configure the services to only use the proxy for certain IP address ranges/hosts/domains?

Not with the code as currently written.

If your proxy supports it, you could do the configuration of different routes in the proxy itself.

[absolutebandit]

Thanks for your prompt reply.