> ## Documentation Index > Fetch the complete documentation index at: https://docs.sawmills.ai/llms.txt > Use this file to discover all available pages before exploring further. # Configure Outbound Proxy for Remote Operator and Collector > Configure HTTP/HTTPS outbound proxy settings for the Sawmills Remote Operator and Collector using Helm values for HTTP_PROXY, HTTPS_PROXY, and NO_PROXY. The Remote Operator maintains a bidirectional gRPC session with `controller.sawmills.ai` and can emit Prometheus remote-write traffic. The Sawmills Collector sends telemetry data to Sawmills services. Some customers must route every outbound internet connection through an egress proxy. This guide explains how to enable that flow while keeping TLS endpoints pointed at Sawmills services. ## Prerequisites * Remote Operator chart version `2.0.9` or later (proxy values are not present in older releases). See [GitHub releases](https://github.com/Sawmills/helm-charts/tags) for the latest version. * Sawmills Collector chart version `2.8.3` or later with proxy support. See [GitHub releases](https://github.com/Sawmills/helm-charts/tags) for the latest version. * An HTTP/HTTPS CONNECT proxy reachable from the cluster, including credentials if the proxy requires authentication. * Access to update Helm values (either `values.yaml` or CLI `--set` flags). ## Configure proxy values via Helm Both charts expose a `proxy` block that maps directly to the pod environment variables `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`. The configuration structure is identical for both components. ### Remote Operator configuration Populate the proxy fields in your Remote Operator values file: ```yaml theme={null} proxy: http: http://user:pass@corp-proxy.example.com:3128 https: http://user:pass@corp-proxy.example.com:3128 noProxy: - kubernetes.default.svc - 10.0.0.0/8 - 169.254.169.254 ``` Then upgrade the release: ```bash theme={null} helm upgrade --install sawmills-remote-operator oci://public.ecr.aws/s7a5m1b4/sawmills-remote-operator-chart \ --namespace sawmills \ --values values.yaml ``` The operator keeps the TLS Server Name set to `controller.sawmills.ai`, so the proxy only tunnels the TCP stream while the certificate remains valid. ### Sawmills Collector configuration For the Sawmills Collector, configure the proxy in the same way. If you're managing the collector via the Remote Operator, add the proxy configuration under `managedChartsValues` (the legacy key `managedCharts` still works as an alias): ```yaml theme={null} managedChartsValues: sawmills-collector: proxy: http: http://user:pass@corp-proxy.example.com:3128 https: http://user:pass@corp-proxy.example.com:3128 noProxy: - kubernetes.default.svc - 10.0.0.0/8 - 169.254.169.254 ``` If you're installing the collector chart directly, add the proxy block to the collector's values file: ```yaml theme={null} proxy: http: http://user:pass@corp-proxy.example.com:3128 https: http://user:pass@corp-proxy.example.com:3128 noProxy: - kubernetes.default.svc - 10.0.0.0/8 - 169.254.169.254 ``` The collector keeps TLS Server Names set to Sawmills service endpoints, so the proxy only tunnels the TCP stream while certificates remain valid. ### CLI-only configuration You can also pass the values without editing a file. For the Remote Operator: ```bash theme={null} helm upgrade --install sawmills-remote-operator oci://public.ecr.aws/s7a5m1b4/sawmills-remote-operator-chart \ --namespace sawmills \ --set proxy.http="http://$USER:$HOSTNAME@proxy.corp:32281" \ --set proxy.https="http://$USER:$HOSTNAME@proxy.corp:32281" \ --set proxy.noProxy[0]="kubernetes.default.svc" \ --set proxy.noProxy[1]="10.4.0.0/16" ``` For the Sawmills Collector (when managed by Remote Operator): ```bash theme={null} helm upgrade --install sawmills-remote-operator oci://public.ecr.aws/s7a5m1b4/sawmills-remote-operator-chart \ --namespace sawmills \ --set managedChartsValues.sawmills-collector.proxy.http="http://$USER:$HOSTNAME@proxy.corp:32281" \ --set managedChartsValues.sawmills-collector.proxy.https="http://$USER:$HOSTNAME@proxy.corp:32281" \ --set managedChartsValues.sawmills-collector.proxy.noProxy[0]="kubernetes.default.svc" \ --set managedChartsValues.sawmills-collector.proxy.noProxy[1]="10.4.0.0/16" ``` ### NO\_PROXY formatting rules `proxy.noProxy` accepts either: * A YAML list (recommended) that will be joined with commas, or * A raw comma-separated string. Include every cluster-local CIDR, service DNS name, or metadata endpoint you want to bypass the proxy. Both components only proxy traffic bound for Sawmills services; Kubernetes API calls stay inside the cluster regardless of this list. ## Observing proxy configuration ### Remote Operator When proxy variables are detected, the Remote Operator logs a single informational line similar to: ``` info component=remote-operator http_proxy=http://redacted:redacted@corp-proxy:3128 no_proxy=kubernetes.default.svc,10.0.0.0/8 msg="Detected outbound proxy configuration for Sawmills traffic" ``` ### Sawmills Collector The Sawmills Collector uses the proxy environment variables automatically when present. To verify the configuration, check that the environment variables are set in the pod: ```bash theme={null} kubectl exec -n sawmills deployment/sawmills-collector -- env | grep -i proxy ``` Credentials are redacted in logs. If you do not see the expected behavior, verify that the Helm values rendered into the pod (use `kubectl describe deployment` or `kubectl exec env`).