How can I use snapcraft with the Snap Store Proxy


I have setup the ‘snap-store-proxy’ by following the getting started in the docs:

I now want to create an Ubuntu Core image by working through this proxy. When I try to do a ‘snapcraft login’, the connection always goes over the original URL, not the proxy URL. I want to remove any direct connections to the store from the workflow and do everything via the proxy because I am in a company network with ssl man in the middle interception. Does anybody know if snapcraft can work with the ‘snap-store-proxy’? If so, how do I have to configure it so it uses the proxy url?

Thanks very much!

I am confused as what you try to achieve.

Do you want to create a ubuntu core image as base for a server? I never did that but I do not think snap/snapcraft helps with that.

Or you trying to host a proprietary snap? I might be mistaken but I think the store proxy does not provide the means to only locally store a snap. I think the intended workflow is to add your snap to the store and one can proxy that. In this case might be more suited to your needs.

The setup to run your own in-house store via the air-gapped proxy with the ability to self-sign in-house built snaps comes as part of the SmartStart product.

If you already have a commercial engagement, please talk to your field engineer she/he should be able to help with your issue …

If you do not yet, feel free to PM me your email address and I can get you in contact with sales.

Thanks for you replies. I will try to clarify again:

I am just trying to build an Ubuntu Core image without accessing the store directly. I want to access it via the proxy. The reason for this is because I am essentially in an air-gapped environment (because of ssl interception). I don’t want to store any snaps in-house or anything like this. I just want to use the proxy as a proxy to access the store when building an Ubuntu Core image.

The question is now for me: how do I tell snapcraft to do the login and build via the proxy and not via the store directly?

Thanks very much!

I dont think you can proxy the SSO communication to authenticate your user but you should be able to use the snapd proxy settings for everything else (ubuntu-image just uses snapd in the backend) …

Hi, it looks like you might be looking for a way of instructing snapcraft and or snapd to use the intercepting https proxy (and trusting its CA certificate), and not using the snap-store-proxy? If you used the snap-store-proxy, the communication between the snap-store-proxy and the online store would need to still happen via the intercepting https proxy I assume? If yes, then it doesn’t make much sense to use the snap-store-proxy.

Both snapcraft and snapd can be instructed to use an https proxy for outgoing communication. In addition to the system proxy.https option @ogra linked to, would need to be used to configure the intercepting proxy’s certificate.

For snapcraft the standard https_proxy env var in tandem with REQUESTS_CA_BUNDLE=<path-to-ca-certs-file> should do the trick.

So again, so far it sounds like snap-store-proxy is not necessary for your use case unless we’re missing some more information/requirements.


Thanks for your detailed answer. I had gotten snapd and the snap-store-proxy to access the store by providing the self signed cert. snapcraft is what I was having trouble with so I figured I would just run everything over the snap-store-proxy.

Somehow I was unable to find the info about the REQUESTS_CA_BUNDLE env var… I will give that a try and then my issue will probably be solved :slight_smile:

Thanks very much everybody!