Mender-gateway behind proxy in isolated network

General Discussions
1

Hi,

in our setup we are using mender on customer sites within a private network: device A (mender-client) → device B (mender-client and mender-gateway) → vpn → http-proxy → eu.hosted.mender.io. Device B is showing up at mender. Device A not.

When no proxy is configured on the gateway (in a test environment) everything works as expected. Whenn adding the proxy by dropin for systemd only device B connects. On device B I get the following error in the log of mender-gateway:

Feb 10 15:44:54 cl-imx8-supervision-stationary-0001c03cae8e mender-gateway[8385]: time=“2026-02-10T15:44:54Z” level=info msg=“Starting HTTPS server…” caller=“server.(*Server).Run@server.go:96”
Feb 10 15:46:20 cl-imx8-supervision-stationary-0001c03cae8e mender-gateway[8385]: 2026/02/10 15:46:20 http: proxy error: dial tcp: lookup eu.hosted.mender.io: Temporary failure in name resolution
Feb 10 15:46:20 cl-imx8-supervision-stationary-0001c03cae8e mender-gateway[8385]: time=“2026-02-10T15:46:20Z” level=error byteswritten=0 caller=“http.NewRouter.AccesslogMiddleware.func2.1@middleware.go:151” method=POST path=/api/devices/v1/authentication/auth_requests request_id=eaa0b34a-828b-44f5-bc04-7ee080ac188b responsetime=28026060us status=502 ts=“2026-02-10T15:45:52Z” type=HTTP/1.1 useragent=
F

This is the gateway config:

{“HTTPS”: {“Enabled”: true,“Listen”: “:443”,“ServerCertificate”: “/etc/mender/server.crt”,“ServerKey”: “/etc/mender/server.key”,“MinimumTLSVersion”: “1.2”},

        "Features": {
            "ArtifactsProxy": {
                "Enabled": true,
                "GatewayURL": "https://172.31.84.111",
                "DomainWhitelist": [
                    "eu.hosted.mender.io",
                    "c271964d41749feb10da762816c952ee.r2.cloudflarestorage.com",
                    "hosted.mender.io",
                    "s3.amazonaws.com"]
            },
            "DeviceSystem": {
                "Enabled": false,
                "SystemID": "REPLACE_WITH_YOUR_UNIQUE_SYSTEM_ID"
            }
        },
        "UpstreamServer": {
            "URL": "https://eu.hosted.mender.io",
            "CACertificate": "/etc/ssl/certs/ca-certificates.crt",
            "InsecureSkipVerify": false
        }

}

We do not have a DNS server in that setup. The dropin configuration was added to mender.authd, mender-updated, mender-configure and mender-gateway an looks like this:

/etc/systemd/system/mender-authd.service.d/proxy.conf

[Service]
Environment=“HTTP_PROXY=http://x.x.0.1:8080
Environment=“HTTPS_PROXY=http://x.x.0.1:8080
Environment=“NO_PROXY=localhost 127.0.0.1”

Any hints?

Thanks!

Nils