microsoft
autoProxy=true not creating https / no_proxy variables (as reported in #11551 )
Windows Version
Microsoft Windows [Version 10.0.22631.4602]
WSL Version
2.3.26.0
Are you using WSL 1 or WSL 2?
- [x] WSL 2
- [ ] WSL 1
Kernel Version
5.15.167.4-1
Distro Version
No response
Other Software
Repro Steps
- Configure .wslconf with
[wsl2]
autoProxy=true
-
run wsl
-
check environment variables
Expected Behavior
WSL to configure http and https proxy variables as stated here: WSL Troubleshoot
When enabled, the following apply to proxy settings on your Linux distributions: The Linux environment variable, HTTP_PROXY, is set to the one or more HTTP proxies found installed in the Windows HTTP proxy configuration. The Linux environment variable, HTTPS_PROXY, is set to the one or more HTTPS proxies found installed in the Windows HTTP proxy configuration. The Linux environment variable, NO_PROXY, is set to bypass any HTTP/S proxies found in the Windows configuration targets. Every environment variable, except WSL_PAC_URL, is set to both lower case and upper case. For example: HTTP_PROXY and http_proxy.
Actual Behavior
Only http_proxy, HTTP_PROXY and WSL_PAC_URL are being created on wsl.
env | grep -i http
http_proxy=http://example.com:3128
HTTP_PROXY=http://example.com:3128
WSL_PAC_URL=http://example.com/wpad.dat
Diagnostic Logs
will be sent by email
Logs are required for review from WSL team
If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.
How to collect WSL logs
Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:
Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1
The script will output the path of the log file once done.
If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here
Once completed please upload the output files to this Github issue.
Click here for more info on logging If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.
View similar issues
Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!
Open similar issues:
- windows11 wsl2,The WSL_PAC_URL configuration does not take effect (#11998), similarity score: 0.71
Closed similar issues:
- autoProxy=true doesn't work for multiple users via su or ssh (#10820), similarity score: 0.75
- autoProxy seems to be true by default, which conflicts with the documentation (#11055), similarity score: 0.75
- autoProxy=true doesn't works well on WSL2 preview 2.0.3.0 (#10583), similarity score: 0.74
- autoProxy doesn't work with proxy requiring Kerberos / NTLM authentication (#10804), similarity score: 0.71
Note: You can give me feedback by thumbs upping or thumbs downing this comment.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Diagnostic information
Found '/emailed-logs', adding tag 'emailed-logs'
Hi there. WinHTTP is not reporting that there's an HTTPS proxy:
63 30348.15140 2025-01-15T16:36:38.257 [Microsoft.Windows.Lxss.Manager] s_GetProxySettingsExCallback-Results: pcwszProxy=http://outproxy2.pnet.ch:3128 pcwszSecureProxy= pcwszAutoconfigUrl=http://wpad.pnet.ch/wpad.dat cProxyBypasses=0
64 30348.07960 2025-01-15T16:36:38.257 [Microsoft.Windows.Lxss.Manager] OnProxyRequestComplete: newProxySettings=Proxy: http://outproxy2.pnet.ch:3128, SecureProxy: , PacUrl: http://wpad.pnet.ch/wpad.dat, ProxyBypasses:
How was the HTTPS proxy set?
good point about WSL_PAC_URL also not being set in lower-case. I forget the Linux rules and appcompat on this variable - we'll take a look.
Following up on WSL_PAC_URL:
that's a new environment variable we created with WSL2 - so we did not have compat reasons to create it both lower-case and upper-case. That will always be created as this one string.
Hello, we are running into the same issue. In our company network we use a wpad.dat file to set the Proxy for outgoing internet traffic. AutoProxy only fills http_proxy and HTTP_PROXY. A Fix or workaround to set the https_proxy globally would be greatly appreciated
Thanks.
@z3non , can you please capture a full network trace where we can see what WinHTTP is seeing in the pac file?
https://github.com/microsoft/WSL/blob/master/diagnostics/collect-networking-logs.ps1
Thanks!
Diagnostic information
Found '/emailed-logs', adding tag 'emailed-logs'
Hi @keith-horton , I sent the networking logs via email. Regarding your question about how the HTTPS proxy was set I am still waiting for feedback from our system management team. I checked our pac file in the meantime. There we use the "PROXY" keyword, so no distinction between HTTPS/HTTP in the findProxyForUrl() function:
proxy[0] = "PROXY outproxy1.example.com:3128"; proxy[1] = "PROXY outproxy2.example.com:3128"; proxy[2] = "PROXY outproxy3.example.com:3128"; proxy[3] = "PROXY outproxy4.example.com:3128";
Thanks! I followed up with our HTTP experts who implement WinHTTP proxy support. They stated that in the PAC file the https proxy should be given with “HTTPS” keyword. Something like proxy[0] = "HTTPS outproxy1.example.com:443".
Can you verify that works if the PAC file is updated to specify HTTPS?
The wikipedia description of the PAC format reads as follows:
By default, the PROXY keyword means that a proxy corresponding to the protocol of the original request, be it http, https, or ftp, is used.
I couldn't find anything more authoritative than this definition on wikipedia. Assuming this reflects the industry agreed semantics of this format the entries using the "PROXY" keyword should be sufficient to indicate also the HTTPS proxy. Do your http experts have a different opinion on this or a more up2date definition of the PAC format?
@z3non , thanks for more context. I'll share this with them and get back to you.
@z3non , I followed up. We have some work on our side to better document our support (we need to update https://learn.microsoft.com/en-us/windows/win32/winhttp/winhttp-autoproxy-support ).
The feedback was that the single PROXY keyword doesn't designate what protocol is intended (PAC files originally supported only HTTP protocol - so PROXY was inferred to that - as secure proxies are a more recent addition).
I would recommend specifying the protocol in your PAC file.
Thanks!
I created a script that you can run once logged in I could not get the environment variables to load when running this from root so you have to run it sudo -E ./autoproy.sh
#!/bin/bash
#check_status=$( env | grep "proxy" )
check_status=$HTTP_PROXY
echo $check_status
http="http"
if [[ $check_status == *"$http"* ]];
then
echo "proy on"
cp proxyon /etc/environment
else
echo "proxy off"
cp proxyoff /etc/environment
fi
You must have a wpad (autoproxy server on network ) running and your Windows 11 getting your settings correctly also your WSL must show the proxy info when you run
echo $HTTP_PROXY"
after that you can simply adapt the /etc/environment have a copy of the old one with no proxy for when your on a network without a proxy and $HTTP_PROXY shows nothing and another for your proxy you use
Example:
proxy on
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
export http_proxy=http://192.168.1.1:3128
export https_proxy=http://192.168.1.1:3128
and one without
proxy off
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
#export http_proxy=http://192.168.1.1:3128
#export https_proxy=http://192.168.1.1:3128
I also attempted to just add the $HTTP_PROXY variable into /etc/environment again it will not use it with export it wants a string.
Just an idea and more info on the actutal problem,
/etc/environment is not adding any autoproxy info everything else does in WSL.
My basic script just replaces the /etc/enviroment with a proxy copy as needed.
again it must be run with the -E to keep the user enironment's auto proxy settings for the if else conditional checks
so to run the script I created the file edited it with chmod and crown and run it like this when I need it.
sudo -E ./autoproxy.sh
crude but a temp fix. I wanted to use an @reboot crontab with it again that requires the user environment and sudo to do the copy over.
Any other ideas for a longterm automatic fix?
What I would like to do is just use the output from echo $HTTP_PROXY that is auto populated with WSL and just place it into /etc/environment
like this
better /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
export http_proxy=$HTTP_PROXY
export https_proxy=$HTTP_PROXY
but it wont recognize the system variable that is already generated with auto proxy enabled and populated by way of wpad on the host Windows 11 machine for some reason.
@z3non , I followed up. We have some work on our side to better document our support (we need to update https://learn.microsoft.com/en-us/windows/win32/winhttp/winhttp-autoproxy-support ).
The feedback was that the single PROXY keyword doesn't designate what protocol is intended (PAC files originally supported only HTTP protocol - so PROXY was inferred to that - as secure proxies are a more recent addition).
I would recommend specifying the protocol in your PAC file.
Thanks!
We have tried to do a return "PROXY 192.168.1.1:3128; HTTPS 192.168.1.1:3128" in the PAC file.
Unfortunately this leads to the HTTPS_* environment variables being set by WSL in the wrong way
$ env | grep -i proxy
https_proxy=https://192.168.1.1:3128
HTTPS_PROXY=https://192.168.1.1:3128
HTTP_PROXY=http://192.168.1.1:3128
http_proxy=http://192.168.1.1:3128
$ curl https://www.google.de
curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
The proxy itself does not use https - but something inside of WSL decides to use a https:// url to reach the proxy where a http:// url is required for it to work:
$ export HTTPS_PROXY=http://192.168.1.1:3128; export https_proxy=http://192.168.1.1:3128
$ curl https://www.google.de
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
I followed up with the HTTP owners. This was their response:
No this won't work. In the script "HTTPS 192.168.1.1:3128” means - use proxy that has a URL https://192.168.1.1:3128/. The "HTTPS" script directive makes the proxy itself HTTPS.
If they want to have the same proxy for https://contoso.com or http://contoso.com, they need to just specify "PROXY 192.168.1.1:3128"
If they want to have different proxies for https and http schemas, they need to parse the URL argument in the script and return the appropriate proxy. As the PAC script always resolves one URL at a time, it cannot return different proxies for different schemes in one call.
If WSL PAC configuration doesn't let them use different proxies for different schemas, then they can use the Static Configuration, where the config string can specify a proxy per schema ; "http=http://192.168.1.1:3128;https=http://192.168.1.2:3128"
That is why I did the static ENV settings for it. But if it works as auto inside of Windows 11 and the WPAD is working why does that not auto come down into WSL that was my major issue with this.