Network Connections (proxies, certificates)
Copilot4Eclipse communicates with GitHub Copilot servers over SSL/TLS encrypted network connections. In this guide we introduce how to configure Eclipse network proxy and certificate validation settings for your network.
Only HTTP proxies are supported at this time, i.e., the URL to a network proxy must start with http://.
1. Eclipse Network Connection Preferences
Copilot4Eclipse uses the Eclipse Network Connection preferences when creating internet connections to GitHub Copilot Services. You can access the Eclipse Network Connection preferences by selecting:
Copilot menu > Preferences > General > Network Connections.
The following table defines the Copilot4Eclipse network connection strategies associated with the Eclipse network connection providers.
| Eclipse Active Provider | Copilot4Eclipse Connection Strategy |
|---|---|
| Direct | Connect directly to the internet; no proxy involved |
| Native | Consult the OS for auto-configured proxy settings. Use the Environment Variable Method to manually define proxy settings in cases where the OS level settings are not available or to override of native settings. |
| Manual | Connect to the internet through a proxy using Manual proxy settings |
When modifying network settings, always restart Eclipse to ensure that changes are properly applied.
2. Specify Proxy Settings using an Environment Variable
Proxy connection details can be provided externally using an environment variable. Two benefits for using this method are:
- An environment variable provides a single point of configuration for all of your Copilot4Eclipse installations
- Copilot4Eclipse uses the same environment variables recognized by GitHub Copilot plugins, e.g., IntelliJ, Visual Studio Code.
The following environment variables are recognized by Copilot4Eclipse when configuring a proxy connection. The environment variables are shown from highest to lowest priority:
- HTTPS_PROXY
- HTTP_PROXY
- https_proxy
- http_proxy
The Eclipse network settings must be set to either "native" or "direct" mode for an environment variable to take effect.
The format of a proxy connection string is:
HTTPS_PROXY=http://userid:password@ipaddr:port
Omit the userid:password segment when the proxy does not require authentication.
Following are OS-specific examples for setting the HTTPS_PROXY envar.
- Windows
- Mac
- Linux
- Run "cmd" to open a command shell
- Enter the following snippet customized with your proxy connection details:
setx HTTPS_PROXY http://userid:password@ip:port
- If Eclipse is running, restart it from a new command prompt.
- In your shell configuration file such as .bash_profile add the following snippet customized with your proxy connection details:
export HTTPS_PROXY=http://userid:password@ip:port
- If Eclipse is running, restart it from a new terminal window.
- In your shell configuration file such as .bashrc add the following snippet customized with your proxy connection details:
export HTTPS_PROXY=http://userid:password@yourproxy.domain.com
- If Eclipse is running, restart it from a new terminal window.
3. Eclipse Manual Proxy Settings
When in Manual connection mode, Copilot4Eclipse uses the settings shown below to connect to your proxy.
4. Working with Certificates
As part of the connection process to GitHub Copilot servers, Copilot4Eclipse checks the server's certificate to ensure it is issued by a trusted certificate authority (CA). In cases where a server certificate can not be verified (e.g., self-signed certificate), Copilot4Eclipse will reject the connection as unsecure and terminate it. Options for dealing with an untrusted certificate are:
- relax certificate checking
- trust the certificate authority that created the questionable certificate
4.1 Relax Certificate Checking
If Copilot4Eclipse is unable to connect due to a self-signed certificate error, consider relaxing certificate checking.
- In the Copilot4Eclipse > Network Monitoring preferences, disable the "Strict SSL certificate checking" setting.
- Restart Eclipse and verify that Copilot4Eclipse is able to connect to GitHub Copilot servers.
4.2 Trusting the Certificate Authority of a Self-Signed Certificate
When verifying a server's certificate, Copilot4Eclipse searches in the OS system's trust-store for a certificate authority (CA) that created the certificate. If your organization uses a self-signed certificate such as on their proxy (see HTTPS-Inspection) and Copilot4Eclipse does not trust it, consider registering your organization's root certificate in the respective OS system trust-store. For Windows the trust-store is the Certificate Manager. On MacOS, the trust-store is the Key Chain.
In addition to consulting your system's trust-store for trusted certificate authorities, you can use the NODE_EXTRA_CA_CERTS environment variable to point to a file containing trusted CA certificates.
Resources
Trusting self-signed certificates on Windows 11
Trusting self-signed certificates on MacOS
GitHub Copilot Network settings document