Using a proxy server with self-hosted runners

You can configure self-hosted runners to use a proxy server to communicate with GitHub AE.

Warning: Self-hosted runners are long-lived, and any compromise to the host machine could leak secrets or credentials or enable other attacks. For more information about the risks of using self-hosted runners, see "Security hardening for GitHub Actions." For more information about the management of access to GitHub Actions for your enterprise, see "Enforcing GitHub Actions policies for your enterprise."

Configuring a proxy server using environment variables

If you need a self-hosted runner to communicate via a proxy server, the self-hosted runner application uses proxy configurations set in the following environment variables:

  • https_proxy: Proxy URL for HTTPS traffic. You can also include basic authentication credentials, if required. For example:
    • http://proxy.local
    • http://username:password@proxy.local
  • http_proxy: Proxy URL for HTTP traffic. You can also include basic authentication credentials, if required. For example:
    • http://proxy.local
    • http://username:password@proxy.local
  • no_proxy: Comma separated list of hosts that should not use a proxy. Only hostnames are allowed in no_proxy, you cannot use IP addresses. For example:

The proxy environment variables are read when the self-hosted runner application starts, so you must set the environment variables before configuring or starting the self-hosted runner application. If your proxy configuration changes, you must restart the self-hosted runner application.

On Windows machines, the proxy environment variable names are not case-sensitive. On Linux and macOS machines, we recommend that you use all lowercase environment variables. If you have an environment variable in both lowercase and uppercase on Linux or macOS, for example https_proxy and HTTPS_PROXY, the self-hosted runner application uses the lowercase environment variable.

The connection between self-hosted runners and GitHub AE is over HTTP (port 80) and HTTPS (port 443).

Using a .env file to set the proxy configuration

If setting environment variables is not practical, you can set the proxy configuration variables in a file named .env in the self-hosted runner application directory. For example, this might be necessary if you want to configure the runner application as a service under a system account. When the runner application starts, it reads the variables set in .env for the proxy configuration.

An example .env proxy configuration is shown below:


Setting proxy configuration for Docker containers

If you use Docker container actions or service containers in your workflows, you might also need to configure Docker to use your proxy server in addition to setting the above environment variables.

For information on the required Docker configuration, see "Configure Docker to use a proxy server" in the Docker documentation.

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.