Behind a proxy
If your VM or bare-metal instance accesses the internet through an HTTP/HTTPS proxy, you need to configure the proxy at boot time before the NOVA installation begins.
This article applies to VM and bare-metal installations only. Cloud instances are managed by Wandelbots and do not require proxy configuration.
Configure the whitelist
Ensure the proxy allows the outbound HTTPS access to the following domains:
| Category | Domain | Purpose |
|---|---|---|
| NOVA installer | get.wandelbots.io | NOVA installer |
galaxy.ansible.com | Ansible roles and collections | |
*.amazonaws.com | Ansible Galaxy storage | |
*.github.com | Installer sources | |
release-assets.githubusercontent.com | GitHub releases | |
| Wandelbots Portal | portal.wandelbots.io | Device activation and licensing |
api.portal.wandelbots.io | Portal API | |
auth.portal.wandelbots.io | Portal authentication | |
| Container registries | wandelbots.azurecr.io | NOVA images and app installs |
*.blob.core.windows.net | Azure blob storage | |
auth.docker.io | Docker Hub authentication | |
registry-1.docker.io | Docker Hub registry | |
production.cloudflare.docker.com | Docker Hub CDN | |
*.r2.cloudflarestorage.com | Cloudflare R2 storage | |
| OS package repositories | *.almalinux.org | AlmaLinux packages |
*.fedoraproject.org | EPEL packages | |
| NOVA runtime services | api.cryptlex.com, api.eu.cryptlex.com | License validation |
eu.i.posthog.com | Analytics | |
standards-oui.ieee.org | MAC address lookup | |
www.google.com | Connectivity check |
Domains prefixed with *. indicate that all subdomains must be allowed.
Proxy URL format
http://[user:password@]host:port- Use the
http://scheme even when the proxy handles HTTPS traffic, unless the proxy itself requires a TLS connection. - URL-encode special characters in credentials, e.g.,
@→%40,#→%23.
Set the proxy
via boot parameter
Set the proxy directly in the boot menu.
This is the simplest method and takes precedence over the ISO configuration file.
UEFI boot (GRUB)
- In the boot menu, highlight Install Wandelbots NOVA.
- Press E to edit the boot entry.
- Find the line starting with
linuxefiand append the proxy parameter:inst.proxy=http://proxyuser:proxypassword@10.1.2.3:3128 - Press Ctrl+X or F10 to boot.
To exclude hosts from the proxy, append inst.no_proxy to the same boot line:
no_proxy=localhost,127.0.0.1,.example.comvia ISO configuration file
- Embed the proxy settings in
wandelbots.cfginside the NOVA ISO image.
This is useful when you install on multiple machines with the same proxy. - Add or uncomment the following lines in
wandelbots.cfg:PROXY_URL="http://proxyuser:proxypassword@10.1.2.3:3128" NO_PROXY="localhost,127.0.0.1,.local,.cluster.local" - Rebuild the ISO with the updated file. Boot parameters override these values if both are provided.
The proxy configuration is automatically persisted to the installed system. No additional proxy setup is needed after the installation completes.
Troubleshooting
Installation hangs while downloading packages
The proxy cannot reach the AlmaLinux repositories.
Verify that *.almalinux.org and *.fedoraproject.org are allowed in the whitelist above.
NOVA installer fails on first boot
The proxy cannot reach get.wandelbots.io or related installer domains.
Check /etc/wandelbots/proxy.env and verify the NOVA installer domains in the whitelist above.
Device activation fails
The proxy cannot reach the Wandelbots Portal.
Verify that portal.wandelbots.io, api.portal.wandelbots.io,
and auth.portal.wandelbots.io are allowed in the whitelist above.
Container images fail to pull
The proxy cannot reach the container registry domains.
Verify that wandelbots.azurecr.io and the Docker Hub domains are allowed in the whitelist above.