diff --git a/packages/web/astro.config.mjs b/packages/web/astro.config.mjs index 1e112b170..d75686a8e 100644 --- a/packages/web/astro.config.mjs +++ b/packages/web/astro.config.mjs @@ -54,6 +54,7 @@ export default defineConfig({ "", "config", "providers", + "network", "enterprise", "troubleshooting", "1-0", diff --git a/packages/web/src/content/docs/network.mdx b/packages/web/src/content/docs/network.mdx new file mode 100644 index 000000000..2fcfd9f65 --- /dev/null +++ b/packages/web/src/content/docs/network.mdx @@ -0,0 +1,57 @@ +--- +title: Network +description: Configure proxies and custom certificates. +--- + +OpenCode supports standard proxy environment variables and custom certificates for enterprise network environments. + +--- + +## Proxy + +OpenCode respects standard proxy environment variables. + +```bash +# HTTPS proxy (recommended) +export HTTPS_PROXY=https://proxy.example.com:8080 + +# HTTP proxy (if HTTPS not available) +export HTTP_PROXY=http://proxy.example.com:8080 + +# Bypass proxy for local server (required) +export NO_PROXY=localhost,127.0.0.1 +``` + +:::caution +The TUI communicates with a local HTTP server. You must bypass the proxy for this connection to prevent routing loops. +::: + +You can configure the server's port and hostname using [CLI flags](/docs/cli#run). + +--- + +### Authenticate + +If your proxy requires basic authentication, include credentials in the URL. + +```bash +export HTTPS_PROXY=http://username:password@proxy.example.com:8080 +``` + +:::caution +Avoid hardcoding passwords. Use environment variables or secure credential storage. +::: + +For proxies requiring advanced authentication like NTLM or Kerberos, consider using an LLM Gateway that supports your authentication method. + +--- + +## Custom certificates + +If your enterprise uses custom CAs for HTTPS connections, configure OpenCode to trust them. + +```bash +export NODE_EXTRA_CA_CERTS=/path/to/ca-cert.pem +``` + +This works for both proxy connections and direct API access.