Proxy options support

[KiruyaMomochi]

Description of the new feature/enhancement

Something like:

winget install git.git --proxy="http://127.0.0.1:2345"

This will make winget download git through the proxy server.

[jantari]

Possible proxy configuration options are:

• Environment variables ( e.g. WINGET_PROXY_URL)
• Auto-detecting settings from inetcpl.cpl aka IE
• command line arguments
• config file
• registry config separate from IE. This would tie in nicely with ADMX (group policy) templates down the road

[zuozishi]

1080端口，老局域网用户了

[timiil]

please consider also proxy the download link inside the package , for example ,

winget install kodi --proxy http://xxx/

please also proxy the download link 'https://mirrors.kodi.tv/releases/windows/win64/kodi-18.7-Leia-x64.exe' which insided the installation package.

[faustool]

Possible proxy configuration options are:

• Environment variables ( e.g. WINGET_PROXY_URL)
• Auto-detecting settings from inetcpl.cpl aka IE
• command line arguments
• config file
• registry config separate from IE. This would tie in nicely with ADMX (group policy) templates down the road

I would recommend standard variables like HTTP_PROXY or HTTPS_PROXY

[t-mxcom]

When adding proxy support, please do not forget supporting proxies that require NTLM-authentication!!! In an enterprise environment where the workstations are joined to a domain, and the users use domain accounts, entering a password should not be necessary! (Windows Integrated Authentication)

Thank you!

[klesh]

Any plan regarding this feature?

[sharpninja]

Really need this!

[HydrogenDeuterium]

Need this too!

[hxse]

Need it!

[sourcedelica]

Surprised this wasn't a 1.0 feature.

[kybom]

Need it!

[qiyuey]

Need it!

[fMichaleczek]

Need it.

1.0 without proxy support ... lol

[liuilin]

+1

[logique233]

Need it

[UM-RMeeker]

Need this as well.

[Mindzy]

Also need for winget upgrade

[zhaofeng-shu33]

Need it

[d0zingcat]

Why not try set http_proxy=http://localhost:7890 and set https_proxy=http://localhost:7890?

[michaelrinderle]

@d0zingcat because its not socks5.

[d0zingcat]

@d0zingcat because its not socks5.

Maybe you could use Privoxy(windows)/polipo(macOS) to parse socks5 to http?

[ngalioth]

Really need it, especially for people having trouble connect to the default registry.

[michaelrinderle]

not that its an equivalent but even spotify can run over socks5. it would be nice to run winget through tor like all my other package managers to curb targeted injection attacks.

[ykgw-liuxin]

Need it!

[YuanfengZhang]

Absly need it.

[gerroon]

15k stars and no proxy support? I thought this was a joke. This is bloody needed

[Dragon1573]

This feature is so important that many users want it! Can't wait for it.

I'm current using a proxy application (CFW) on my own device. I really want winget.exe can automatically detect system proxy settings, so I can only change the proxy state of CFW for managing almost every other applications on the device.

[eternalphane]

@Dragon1573 Actually winget can detect system proxy at current. You just need to disable the Delivery Optimization service by setting network.downloader to wininet.

P.S. The documentation says that Delivery Optimization will make use of the system proxy, however it's not working on my machine. So you're better off disabling it.

[Dragon1573]

@eternalphane That's nice! I'm currently using wininet as the network.downloader. Now I switch my network topology, from using a localhost proxy with CFW to using a LAN proxy with CFA (Clash for Android). I launch the CFA on my phone and provide WIFI connection and proxy service for the laptop. I'm using that proxy as a system proxy and everything works fine.

Thank you!

---

CFW provide Service Mode and TUN Mode for users, winget.exe will rarely encounter a network error with TUN Mode enabled. Maybe disable this mode is better ...

[gaozhe3321]

Need it!

[neoribs]

Need it

[SignFinder]

Need it

[ChesterZengJian]

Need it

[lo-w]

need it BR//lo

[cgfork]

+1

[AndrewLauu]

need it. any progress for 2 ys?

[biaocy]

System-wide proxy actually works. Windows version: Win 10 22H2 (19045.2251) Powershell version: 7.3.1

[toshiya14]

Need it.

[char-46]

Need it.

[gerroon]

The whole point of asking for a custom proxy support is to make sure one is not using systemwide proxy. The systemwide proxy opens connections to everything else o the system.

[walkonbothsides]

Need it!

[NJCCJohnWatson]

We need it ! not that messive .env etc

[altiris4ever]

As a workaround i use: "bitsadmin /util /setieproxy localsystem MANUAL_PROXY " https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/bitsadmin-util-and-setieproxy

[denelon]

All,

Please be respectful of others who are watching this Issue. Every comment is sent out as an e-mail to every user watching this Issue. Adding comments like "Need it" or "+1" is just causing more noise. We track relative priority by the number of 👍 on the original post for the Issue. I've hid the majority of these comments, as they do not add to the scope of the issue or offer support for others who also want this feature and are essentially "subscribed" because they have added their 👍.

This issue is now high on the backlog. We have several security concerns we have to address in order to enable this feature. As soon as we have a design that is acceptable for our security requirements, we will look to sequence this work for engineering.

You can see how we prioritize work on the Roadmap.

[itodouble]

Is there any plan that can be used ?

[char-46]

It's been more than three years since this issue was created, and we see that this issue has a linked PR #1776, which solves some problems. After that PR, this issue was added to the milestones: v1.3-Client, v1.4-Client, v1.5-Client and now v.Next-Client. As the differences between commits increase due to the development of master branches, merge PR has become a challenge by now. Moreover, according to RoadMap, this issue is already the issue with the largest number of 👍 among milestone: v.Next-Client. Can we first merge this PR as an experimental feature, and then gradually fix it according to the new problems we encounter?

[denelon]

We have to adhere to our internal security standards which is why that PR hasn't been merged. We're working on getting the documentation together for our security review, and then we'll be able to either start from that PR or create a new one with the approved method. It will initially start out as an experimental feature in a preview and then it can be made stable feature in the next stable release.

I've changed how we're tracking work across milestones to avoid the constant movement. We've had several other high-priority features and bug fixes in progress, but this has made it to the top of the list for asks from the community.

[denelon]

Hey everyone, I know it's been a long time coming, but we have had our initial security review. We will be submitting a specification document and will work on final review and then we can get into implementation.

• We will need GPO (Group Policy Objects) for enterprise control of WinGet with respect to proxy support.
• Specifying a default proxy for WinGet will require administrative permissions.
• The CLI will not require administrative permissions to pass "--proxy " (will not override GPO).

I want to thank @eternalphane for the draft PR:

• https://github.com/microsoft/winget-cli/pull/1776

[tlsalex]

waiting for the good news

[cuellartech]

Hey everyone, I know it's been a long time coming, but we have had our initial security review. We will be submitting a specification document and will work on final review and then we can get into implementation.

• We will need GPO (Group Policy Objects) for enterprise control of WinGet with respect to proxy support.
• Specifying a default proxy for WinGet will require administrative permissions.
• The CLI will not require administrative permissions to pass "--proxy " (will not override GPO).

I want to thank @eternalphane for the draft PR:

• Add basic proxy support #1776

You mention a GPO. Is there a plan to also include Intune, using a configuration policy, as a means for enterprise control?

We have many workstations that are not domain joined, only Entra joined, that have no GPOs and no intention of introducing any.