Configuring Cloud SDK for use behind a proxy/firewall

If you are behind a corporate proxy or firewall, the gcloud command-line tool might not be able to access the internet with its default settings.

Installing Cloud SDK

The interactive Cloud SDK installers download components from the internet as part of the installation process, which might not work correctly if you're behind a proxy or firewall.

For a simpler installation process when proxy configuration is necessary, use one of the self-contained versioned archives to install the Cloud SDK. All previous versions of the Cloud SDK are also available to download from the downloads archive.

Proxy configuration

After you have the Cloud SDK installed, proxy settings can be configured using Cloud SDK properties by running gcloud config. For more information on what Cloud SDK properties are and how to use them, refer to the properties page.

To start, set the type of proxy you are using and the address and port on which to reach it:

```posix-terminal
gcloud config set proxy/type [PROXY_TYPE]
gcloud config set proxy/address [PROXY_IP_ADDRESS]
gcloud config set proxy/port [PROXY_PORT]
```
  • Cloud SDK supports the following values for PROXY_TYPE: http, http_no_tunnel, socks4, socks5
  • PROXY_IP_ADDRESS is the hostname or IP address of where the proxy can be reached.
  • PROXY_PORT is the port the proxy is running on (e.g. 8080).

For an authenticated proxy, you will need to set your proxy username and password using properties as follows:

```posix-terminal
gcloud config set proxy/username [USERNAME]
gcloud config set proxy/password [PASSWORD]
```

Alternatively, to avoid having the proxy credentials recorded in any logs (such as shell history or gcloud tool logs) or in the gcloud tool configuration file, you can set the properties using environment variables, as shown in the following sample:

```posix-terminal
export CLOUDSDK_PROXY_USERNAME [USERNAME]
export CLOUDSDK_PROXY_PASSWORD [PASSWORD]
```

The gcloud tool won't store these values. This way, the credentials can be stored in an encrypted file locally, or they can be stored in a secure network location and retrieved when necessary.

If you are behind a proxy and you receive SSL handshake errors, it's likely that your proxy is a man-in-the-middle proxy which uses a custom CA. You need to set the following property to point to your custom CA file:

```posix-terminal
gcloud config set core/custom_ca_certs_file [PATH_TO_CUSTOM_CA]
```

For a full description of related properties, run gcloud topic configurations or gcloud config set and look for proxy under the Available properties section.