Proxy and security practices#

Using Anaconda behind a company proxy#

When using Anaconda’s repositories behind a company proxy, you might encounter an HTTP and SSL error like the one below due to custom security profiles managed by your IT department.

CondaHTTPError: HTTP 000 CONNECTION FAILED for url https://repo.anaconda.com/pkgs/main/win-64/current_repodata.jsonElapsed:
An HTTP error occurred when trying to retrieve this URL.
HTTP errors are often intermittent, and a simple retry will get you on your way.
If your current network has https://www.anaconda.com blocked, please file
a support request with your network engineering team.
ConnectTimeout(MaxRetryError("HTTPSConnectionPool(host='repo.anaconda.com', port=443):
Max retries exceeded with url: /pkgs/main/win-64/current_repodata.json
(Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object
at 0x000001B79FFE3278>, 'Connection to repo.anaconda.com timed out.
(connect timeout=9.15)'))"))

There are three potential ways to resolve this. Start by updating the .condarc file before trying the other methods.

Update the .condarc file#

Anaconda recommends updating your .condarc file to include the proxy_servers key. This is the preferred method because it will affect only conda and not the system environment variables.

Read more about the .condarc file and using proxies.

For example:

proxy_servers:
    http: http://username:password@corp.com:8080
    https: https://username:password@corp.com:8080

You can see if your proxy is set by running conda info --all.

Environment variables#

You can also resolve this error by updating the system environment variables. This can affect all CLI software across the whole system.

To change environment variables on Windows:

  1. In the Start menu, search for “env”.

  2. Select “Edit Environment Variables for your account”

  3. Select “Environment Variables…”

  4. Press “New…”

  5. Add two variables http_proxy and https_proxy both with the same value: http://proxy-XX:XXX

To change environment variables on macOS:

  1. Check the current environment variable settings by running printenv in the terminal.

  2. To check a specific environment variable, use echo $variable_name.

  3. Temporarily change the environment variables by running export variable_name=variable_value. You can check if it’s there by running conda info --all.

To change your environment variables on macOS permanently, review this guide.

To change environment variables on Linux:

  1. Run export variable_name=variable_value

  2. To output the value of the environment variable from the shell, run echo $variable_name.

Read more about unsetting, listing, and persisting environment variables.

Netrc authentication#

A .netrc file is an alternate way to accomplish the same goal of setting the *_PROXY environment variables or configuring things only for conda in the .condarc file. The risk in this approach is that changing the environment variables here will affect the system settings as a whole.

Read more about the .netrc file.

Security best practices#

Anaconda maintains the following security and provenance/chain-of-custody practices:

  • The engineers whose purpose is to build and maintain the Anaconda Distribution have curated the packages contained within based on their relevance to the data science community. These open-source packages are vetted for their widespread adoption and community support, which allows any security vulnerabilities to be addressed quickly and completely in a transparent manner.

  • Source code and built artifacts are maintained with strict chain-of-control and are built, scanned, and hashed on a separate secure network within Anaconda. Only a small number of developers and IT team members have access to this network and the associated servers.

  • All versions of the Anaconda Distribution and all packages that are made available at https://repo.anaconda.com/ have published SHA256 checksums. Anaconda recommends you verify your install.

  • A Quality Assurance team performs exhaustive testing on each release of Anaconda and Miniconda, including all installers and packages. This includes the use of multiple commercial anti-malware products, as well as custom in-house security tools, for all supported operating systems - Windows, macOS, and Linux. When there are issues, they are followed up on for remediation or noted in the documentation.

  • Anaconda maintains a team of IT leaders that works with software engineers to monitor all active security events through various channels of information, which results in fast response times and, whenever necessary, direct communication to our customers through Customer Support.

  • Developers use controlled machines with the latest security patches.

  • Especially security-minded customers may implement the functionality of the Anaconda Repository as part of an Enterprise tier subscription to only allow a small set of packages to come onto their site at their control and block all others from entering their network. Due to the open-source nature of the enclosed packages, they may perform advanced code reviews or other associated activities to ensure their desired level of risk management and/or compliance.