Unknown proxy scheme `https'

zebahmad · March 19, 2017, 6:37am

Hi there,

I am setting up chef (chef client / chefDK on local workstation) for the first time. I am not able to run my knife commands due to some errors with https proxy. Sorry for the long post, I’m totally new to ruby/chef and wanted to provide any info that would be needed for triage.

I’m trying this from Mac.

STACK TRACE
knife client list
mysystemname:chef-repo zahmad$ knife client list
ERROR: SSL Validation failure connecting to host: api.chef.io - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use knife ssl check to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
knife ssl fetch to make knife trust the server’s certificates.

Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to - SSL_connect returned=1 errno=0 state=error: certificate verify failed

With -VV parameter, the details error is shown as:
ERROR: SSL Validation failure connecting to host: api.chef.io - SSL_connect returned=1 errno=0 state=error: certificate verify failed
/opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/http.rb:412:in rescue in retrying_http_errors': SSL Error connecting to <remotechefserver> - SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError) from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/http.rb:369:inretrying_http_errors’
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/http.rb:333:in `send_http_request’

ssl check command
So then I tried the ssl check command:
mysystemname:chef-repo zahmad$ knife ssl check -VV
INFO: Using configuration from /Users/zahmad/chef-repo/.chef/config.rb
DEBUG: Checking SSL cert on
Connecting to host api.chef.io:443
/opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/proxifier-1.0.3/lib/proxifier.rb:20:in rescue in Proxy': unknown proxy schemehttps’ (ArgumentError)
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/proxifier-1.0.3/lib/proxifier.rb:17:in Proxy' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/mixin/proxified_socket.rb:34:inproxified_socket’
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/knife/ssl_check.rb:80:in verify_peer_socket' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/knife/ssl_check.rb:130:inverify_cert’
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/knife/ssl_check.rb:249:in run' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/knife.rb:443:inblock in run_with_pretty_exceptions’
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/local_mode.rb:44:in with_server_connectivity' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/knife.rb:442:inrun_with_pretty_exceptions’
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/knife.rb:219:in run' from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/lib/chef/application/knife.rb:156:inrun’
from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-12.18.31/bin/knife:25:in <top (required)>' from /usr/local/bin/knife:57:inload’
from /usr/local/bin/knife:57:in `’

My ENV variables
I have included below entries in my .bash_profile:
export http_proxy="http://myproxyserver:80"
export http_proxy_user "zahmad"
export http_proxy_pass "mypassword"
export https_proxy="https://myproxyserver:443"
export https_proxy_user "zahmad"
export https_proxy_pass "mypassword"
I also tried removing https:// http:// also, but each time the error is “unknown proxy scheme https'" or "unknown proxy schememyproxyserver’”.

If I give IP in the ENV variable without http:// or https:// the error is:
DEBUG: Checking SSL cert on
Connecting to host api.chef.io:443
/opt/chefdk/embedded/lib/ruby/2.3.0/uri/rfc3986_parser.rb:67:in split': bad URI(is not URI?): <myipaddress>:443 (URI::InvalidURIError) from /opt/chefdk/embedded/lib/ruby/2.3.0/uri/rfc3986_parser.rb:73:inparse’
from /opt/chefdk/embedded/lib/ruby/2.3.0/uri/common.rb:227:in `parse’

My chef version
WM-C02RP194G8WP:/ zahmad$ chef --version
Chef Development Kit Version: 1.2.22
chef-client version: 12.18.31

My chef configs
I tried adding proxy configs to config.rb but it seems to be getting picked from ENV and not the config.rb. So have removed all proxy configs in here.

Kindly help!

Regards,
Zeba

zebahmad · March 19, 2017, 1:33pm

Figured out the solution for this. It seems proxifier.rb dynamically looks for a class with name formed by prepending the “scheme”. In my case, it was looking for HTTPSProxy, whereas the proxifier’s proxy list only contained HTTPProxy class (from http.rb)
/opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/proxifier-1.0.3/lib/proxifier/proxies/http.rb

The solution was to replace in my ENV properties,
export https_proxy="https://myproxy:443"
with
export https_proxy=“http://myproxy:443”

Topic		Replies	Views
Proxy setting for knife ssl check Chef Infra (archive)	0	1159	August 2, 2016
Knife ssl check error? Chef Infra (archive)	1	1263	December 31, 2016
Knife list client: SSL Validation failure connecting to host Chef Infra (archive)	7	9860	April 19, 2016
Kitchen-Verify causing SSL: certificate verification failure Chef Infra (archive)	3	3194	April 14, 2016
Just ran chef-server-ctl reconfigure by mistake and now CHEF is broken :-( Chef Infra (archive)	2	918	August 18, 2016

Unknown proxy scheme `https'

Related topics