[TFE] Authenticated proxy fails when using special characters

Avatar
Paul Boekschoten
  • Updated

Problem

When using an authenticated proxy with a password that contains special characters in Terraform Enterprise, functionality that requires internet access may fail. For example, Terraform runs that need to download providers from the public registry might fail with the following error.

│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider
│ hashicorp/null: could not connect to registry.terraform.io: failed to
│ request discovery document: Get
│ "https://registry.terraform.io/.well-known/terraform.json":
│ proxyconnect
│ tcp: dial tcp: lookup http on 172.31.0.2:53: no such host

In the proxy logs, you may see an authentication error similar to the following output.

44.33.22.11:55405: GET http://11.22.33.44:8080/ << 407 Proxy Authentication Required 129b

Prerequisites

  • Terraform Enterprise
  • An authenticated proxy server
  • A proxy username or password containing special characters (e.g., #, @, $)

Cause

Special characters in the proxy connection string are not automatically URL-encoded by Terraform Enterprise. This causes the proxy server to misinterpret the credentials, leading to authentication failures.

Solutions

There are two approaches to resolve this issue.

Solution 1: Remove special characters

The most direct solution is to change the proxy credentials to remove any special characters from the username and password.

Solution 2: URL-encode special characters

If you cannot change the credentials, you must manually URL-encode the special characters in your proxy username or password before adding them to the Terraform Enterprise configuration.

For example, consider a proxy with the username proxytest and the password proxy#pass. The password contains a # character, which must be encoded.

After URL-encoding, the # becomes %23, and the password becomes proxy%23pass.

Update your Terraform Enterprise configuration with the encoded password.

http_proxy: "http://proxytest:proxy%23pass@proxyhost:8080"
https_proxy: "http://proxytest:proxy%23pass@proxyhost:8080"
no_proxy: "127.0.0.1,localhost,<your_tfe_host>,"

Outcome

After applying one of the solutions, Terraform Enterprise will be able to authenticate with the proxy server successfully.

Additional Information

Articles in this section

See more

Related articles