Kibana 9.1.5 behind Squid Proxy - Unable to get indices metadata configuration: AxiosError

Elastic Stack Kibana
1

Hello,

We are running an on-premises Elastic Stack (v9.1.5) on Ubuntu 24. Our Kibana nodes are configured to use an internal Squid proxy for all outbound traffic.

We are seeing persistent errors in kibana.log from services like indicesMetadata and securitySolution trying to download security artifacts.

1. The Error in Kibana Log

The Kibana log shows a 502 error from Axios:
{"error":{"message":"Request failed with status code 502","name":"AxiosError","stack":"AxiosError: Request failed with status code 502\n at settle (/opt/share/kibana/node_modules/axios/dist/node/axios.cjs:2099:12)\n ...","config":{"...","timeout":10000,"...","method":"get","url":"``https://artifacts.security.elastic.co/downloads/kibana/manifest/artifacts-9.1.5.zip"},"code":"ERR_BAD_RESPONSE","status":502},"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.11.0"},"@timestamp":"2025-11-04T09:54:47.794+00:00","message":"Failed`` to get indices metadata configuration: AxiosError: Request failed with status code 502","log":{"level":"ERROR","logger":"plugins.indicesMetadata.ConfigurationService"}, ...}

The Squid access.log shows a strange proxy method (sending GET with a full HTTPS URL) instead of the CONNECT method.

The Failing Kibana Request (Note the GET https://...):
1762288557.720 129 <private-ip> TCP_MISS_ABORTED/502 3517 GET ``https://artifacts.security.elastic.co/downloads/kibana/manifest/artifacts-9.1.5.zip`` - HIER_DIRECT/34.120.127.130 text/html

However, a manual curl from the exact same Kibana machine, running as a user with the proxy variables set, works perfectly.

The Successful curl Request (Note the CONNECT):
1762268665.582 120 <private-ip> TCP_TUNNEL/200 8468 CONNECT ``artifacts.security.elastic.co:443`` - HIER_DIRECT/34.120.127.130 -

2. Troubleshooting Already Performed

We have already done the following to try to fix the issue:

  1. Set Environment Variables: We created a systemd override file (/etc/systemd/system/kibana.service.d/override.conf) to ensure the Kibana service has the correct HTTP_PROXY/HTTPS_PROXY/NO_PROXY environment variables.

  2. Disabled IPv6 : We disabled IPv6 on the Squid proxy server (at the OS level) to prevent any IPv6/IPv4 fallback issues.

  3. Ensure Fleet use a Proxy: We set xpack.fleet.registryProxyUrl: "http://<IP>:3128" in kibana.yml.

Any help to solve this would be highly appreciated !

Thank you.