We're testing out deploying Defend to our fleet but are running into an issue where the endpoint service isn't honoring the HTTP_PROXY or HTTPS_PROXY environment variables, which for us is needed to push documents into Elasticsearch and for connecting to the artifacts repo. We use the environment variables rather than different Fleet policies due to the large number of differing environments/proxy URLs we need to configure.
For the elastic-agent
service we use a systemd drop-in file to set the environment variables to our proxy which works well, but the same applied to the ElasticEndpoint
service doesn't.
$ systemctl show ElasticEndpoint | grep _PROXY
Environment=HTTP_PROXY=<proxy url> HTTPS_PROXY=<proxy url>
I've verified doing a manual curl without the proxy environment variables times out, but with the proxy environment variables set works as expected. In the endpoint logs I can see it trying to connect to the security artifacts repo but it hitting the timeout.
{"@timestamp":"2023-03-07T22:44:50.81539563Z","agent":{"id":"13bf9c3e-0efb-4c64-b604-97a6992c81c6","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"info","origin":{"file":{"line":1814,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:1814 Checking if new global artifacts manifest is available","process":{"pid":6701,"thread":{"id":6731}}}
{"@timestamp":"2023-03-07T22:47:01.695039657Z","agent":{"id":"13bf9c3e-0efb-4c64-b604-97a6992c81c6","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":327,"name":"Http.cpp"}}},"message":"Http.cpp:327 CURL error 28: Timeout was reached [Failed to connect to artifacts.security.elastic.co port 443 after 130875 ms: Connection timed out]","process":{"pid":6701,"thread":{"id":6731}}}
Is there another way I can set the proxy environment variables for the service to use that I might be missing? I couldn't find a repo for this code to dig deeper either so I'm assuming it's closed-source.