Hi All. Again, this is gonna be another one of those “I had to do something for a client and so I thought I’d share” blogs. Yes, another one!
I recently had a requirement to set proxy details for a fleet of Macs for an education institution.
Previously, I had setup a virtual machine (VM) of a Profile Manager server so that I can quickly create non-standard profiles to be deployed through solutions such as Munki. At the time I noticed that there was a new ‘Proxies’ profile that appeared to be able to do the job of replacing my old proxy setting scripts.
This would be great as I can deploy it from Munki or an MDM product and be in-keeping with Apple’s newer management ideologies.
There was a proxy configuration option previously available as a configuration profile, however this did not allow you to specify exceptions, amongst a few other things.
How can I use it?
Well, once you’ve got your virtualised Profile Manager server setup:
(Side Note: Profile Manager, in my experience, has been rather temperamental and prone to failing over at the worst times. Due to this, I can’t suggest running it in a production environment)
1. Fire up that VM and log into the Profile Manager web interface. Go to the “Device Groups” section.
2. Click “Add Device Group” if you have no previous groups, or the smaller plus symbol (“+”) below the list if you already have one or more device groups.
3. Name the group. I would suggest something along the lines of “[proxy address] proxy settings”. Go to the “Settings” tab.
4. Hit the “Edit” button.
5. Add a description to the profile if you wish, leave the rest of the settings as-is.
6. Scroll all the way to the bottom of the left hand list until you find the “Proxies” option. Click this and then the “Configure” button in the right hand window.
7. For each service you require, click the check-box and fill in the server address and port number. In the example, I will set HTTP and HTTPS proxies for port 8080.
8. Scroll down to the “Exceptions” list and add each of your required proxy exceptions using the plus symbol (“+”). These need to be one per line. I would recommend (at a minimum) adding the two system default ones in just in case (see the screenshot).
9. If you use a PAC file, skip steps 7 and 8, and instead use the “Enable Automatic Proxy Configuration” check-box and address field.
10. Once complete, hit “OK” to close the settings, then hit “Save” on the next screen to save the profile.
11. Finally, click “Download” to download a local copy of the profile for use with your distribution method of choice.
But I don’t have / want Profile Manager
Thats fine, I’ve got a copy of a template Proxy configuration profile on our GitHub, linked here. You just need to change the following lines:
Line 26 – Remove if you don’t wish to add any more Exclusions. Replace “[ADD FURTHER EXCEPTIONS HERE]” if you want to add one more. Duplicate and replace “[ADD FURTHER EXCEPTIONS HERE]” as much as required if you want to add multiple Exclusions. Remember: It’s one per line!
Line 31 – Replace “[ADD HTTP PROXY PORT HERE]” with the port number of your proxy server for HTTP traffic.
Line 33 – Replace “[ADD HTTP PROXY SERVER ADDRESS HERE]” with the address of your proxy server for HTTP traffic.
Line 37 – Replace “[ADD HTTPS PROXY PORT HERE]” with the port number of your proxy server for HTTPS traffic.
Line 39 – Replace “[ADD HTTPS PROXY SERVER ADDRESS HERE]” with the address of your proxy server for HTTPS traffic.
Save the modified file and distribute as required.
A few bits of information I found when using this profile:
- When you upload this profile into Casper, it will show with no-payload in the web interface. This I tested with both unsigned and signed profiles. For my use I uploaded the profile as signed and despite this defect, they still deployed and worked fine.
- When this profile is installed on a client via MDM, it still took a reboot to be applied to the OS.
- This was also the same when removing the profile.
There you go, hopefully that’ll give other Mac Admins another method to deploy their Proxy configurations to their client devices. As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.