Proxy - Zscaler

If an application you're using doesn't connect to the Internet (e.g. Python, Git, Docker, Ruby...), even though it requires Internet access, please refer to the publisher's documentation.

In most cases, an option in the application allows you to set a proxy server.

You can find the certificat file on "MACSOFTWARE" and "PCSOFTWARE".

https://institutcurie.sharepoint.com/sites/dsi-wiki/SiteAssets/Pages/public/Proxy_Firefox/ZscalerRootCertificate-2048-SHA256.crt

PIP

On macOS and Linux platforms

Download the certificate bundle in CRT format.

Create a new directory and move the bundle to the new location using the following Bash commands:

mkdir ~/ca_certs
mv ~/Downloads/custom-ca-bundle.crt ~/ca_certs

Add the custom certificate using the following Bash command:

pip config set global.cert ~/ca_certs

On Windows platform

Download the certificate bundle in PEM format.

Create a new directory and move the bundle to C:\ drive.

Add the certificate to the trust store using the following commands on PowerShell:

mv $env:HOMEPATH\Downloads\custom-ca-bundle.crt $env:APPDATA

pip config set global.cert $env:APPDATA\custom-ca-bundle.pem

Requests

Requests automatically search for any valid certificate in the REQUESTS_CA_BUNDLE environment variable.

To configure the REQUESTS_CA_BUNDLE environment variable:

On macOS, run the following Bash command:

echo "export REQUESTS_CA_BUNDLE=<Path to Certificate>/ca-bundle.crt" >> $HOME/.bash_profile

On Linux, run the following Bash command:

echo "export REQUESTS_CA_BUNDLE=<Path to Certificate>/ca-bundle.pem" >> $HOME/.bashrc

On Windows, run the following PowerShell command:

[System.Environment]::SetEnvironmentVariable("REQUESTS_CA_BUNDLE", "<Path to Certificate>\ca-bundle.crt", "Machine")

Pip.conf

Finally, it is important to add these lines to the pip.conf file:

From macOS, create the pip.conf file here:

/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/pip

And add the following lines

cert =The full path to the location of the certificate on your computer
trusted-host = pypi.org files.pythonhosted.org pypi.python.org
proxy = wpad.curie.fr:443

From Windows, in the existing pip.conf file or create it here:

%APPDATA%\roaming\pip

cert =The full path to the location of the certificate on your computer
trusted-host = pypi.org files.pythonhosted.org pypi.python.org
proxy = wpad.curie.fr:443

You can add proxy configurations for the Docker client using a JSON configuration file, located in ~/.docker/config.json.

Builds and containers use the configuration specified in this file.

{
 "proxies": {
   "default": {
     "httpProxy": "http://wpad.curie.fr:80",
     "httpsProxy": "https://wpad.curie.fr:443",
     "noProxy": "127.0.0.0/8"
   }
 }
}

The configuration becomes active after saving the file, you don't need to restart Docker

Proxy server = wpad.curie.fr

Proxy port = 443

Similarly, some applications (in terminal mode) may require you to set the proxy. To do this, from the terminal, you must force:

export https_proxy=https://wpad.curie.fr:443
export http_proxy=http://wpad.curie.fr:80