Corporate Firewalls
If you're behind a corporate firewall that performs TLS inspection (MITM), you might see certificate errors. In this case, you can:
Recommended: Add your corporate CA certificate to the container's trusted certificates
Last Resort: Set
allowInsecureTLS: true
in your config or use theALLOW_INSECURE_TLS=true
environment variable:
Option A: Config file
agent:
communicator:
allowInsecureTLS: true # WARNING: Only use if corporate firewall blocks secure connections
Option B: Environment variable
docker run -e ALLOW_INSECURE_TLS=true umh-core:latest
⚠️ Security Warning: The allowInsecureTLS
option disables certificate validation. Only use this if:
You're behind a corporate firewall that you trust
You cannot add your corporate CA certificate
You understand the security implications
Proxy Configuration
If your network requires a proxy, add these environment variables to your Docker run command:
-e HTTP_PROXY=http://proxy.company.com:8080 \
-e HTTPS_PROXY=https://proxy.company.com:8080 \
-e NO_PROXY=localhost,127.0.0.1,.local
Supported proxy environment variables: HTTP_PROXY
, HTTPS_PROXY
, NO_PROXY
(and their lowercase variants).
For authenticated proxies, include credentials in the URL:
-e HTTP_PROXY=http://username:[email protected]:8080
Supported proxy types: HTTP and HTTPS.
Common Configuration
In most corporate environments, proxy usage and TLS interception go together. If you need to configure a proxy, you'll likely also need to add your corporate CA certificate to handle TLS inspection. See both sections above for complete configuration.
Last updated