Using Canopy 2 Behind a Proxy Firewall

A network proxy firewall is a computer that sits between your local computer and the internet. It is typically set up by your IT staff.

When you wish to connect to the internet, you must go through the proxy. This requires configuration.

Usually your web browser will be pre-configured to go through the proxy, but currently you'll need to do an extra step to configure Canopy to do the same.

Until then, you can do work that does not require online access, such as use Canopy's editor and Python environment and access local documentation, but you can't do work that require online access, such as update the Canopy application or Python packages, automatically enable the Canopy debugger, or access online documentation.

To check whether you are behind a proxy firewall, go to this site:


Note: The remainder of this article has not yet been updated to reflect the improvements in proxy configuration in Canopy 2.1.6. (November 2017) and later. Please begin by consulting the "Network Preferences" section of the Canopy documentation.


How to configure Canopy to work with your network's proxy server

The first step is to ask your IT staff or colleagues for the authentication credentials for your proxy firewall. At a minimum, this will require a proxy server address and port number, and it might include a user ID, and password. You can then choose one of two methods to specify these credentials:

Method A: In the Canopy GUI application

To specify the proxy in the Canopy application, open the Preferences menu and select the Network tab. Once you have filled in the proxy server address and port number, and if needed the proxy user ID and password, please click the "Test Proxy" button. If the test succeeds, then check the "enable proxy" checkbox and click "OK" to save your settings and enable the proxy.

Method B: Using proxy environment variables

If the proxy settings are not specified and enabled as just described, then the Canopy application will check whether the HTTP_PROXY and HTTPS_PROXY environment variables are set. If these are found, then it will use the proxy settings specified by these environment variables.

The expected format for these environment variables is:


Username and password are needed only if your proxy server requires them. The trailing slash is optional, for compatibility.

If your proxy server does not require a username and password and the proxy server host and port are set in your OS system settings, Canopy will use these OS system proxy settings automatically. Thus, in this case, no proxy information needs to be entered in Canopy's Preferences.

Canopy allows you to leave out the 'http://' part, though that is not recommended, as some other programs that use the same environment variables, may require it.


Detailed Network Access Tests

The Network (Proxy) tab in the Canopy Preferences dialog includes a "Detailed Network Access Tests" button, at the very bottom of the dialog. This can be useful if the Proxy Test inexplicably fails, or if it passes but Canopy network access is nonetheless unsuccessful. If you click this button, a child window will open, and a number of tests will run and report their results. Please copy these results as text to your clipboard (not a screen shot) and email them to


Proxy use in your own scripts / code

If your machine is behind a proxy firewall and your own Python code needs to access the internet, then it will also need to have access to the above proxy settings. The easiest way to do this is to set the above-mentioned HTTP_PROXY and HTTPS_PROXY environment variables before running your code.

To automatically set these proxy environment variables after configuring your Canopy proxy, you can make one more change in the same Preferences ==> Network tab. Set "Pass these proxy settings to terminal and ipython" to "Yes", then press OK.

Then close any Canopy Command Prompt / Canopy Terminal Windows, quit Canopy, and restart Canopy.

The proxy environment variables will now be set for any scripts run from Canopy.

They will also be set in any Canopy Command Prompt / Canopy Terminal window which is subsequently opened from Canopy's Tools menu.

Caution: When these environment variables are set, then your proxy credentials will be visible to any programs or code running in or opened from within these windows (Canopy application, Canopy Command Prompt, Canopy Terminal). So as always, only run software that you trust. 

Proxy use in the edm utility

Python packages can also be installed or updated using the edm command line utility, which also includes basic proxy support. If you have enabled proxy use in Canopy Command Prompt / Canopy Terminal, as described in the previous section, "Proxy use in your own scripts / code", and you run edm in this Canopy Command Prompt / Canopy Terminal, then the appropriate environment variables will be set, and no additional action should be required. For more details, see "Simple proxy configuration" and the following sections in the EDM documentation.


Whitelist URLs

Some proxy servers may restrict access to known URLs. To include Enthought in the list of allowed URLs, please see this article: Whitelist URLs for proxy configuration.

Working from home

When you are not behind a proxy server (e.g. working from home without a VPN), you must uncheck the "Enable proxy" option in the Preferences dialog (Network tab).

Windows NTLM (NT LAN Manager) not yet supported

Subscribers or prospective subscribers, with Canopy Pro or multiple Canopy Basic subscriptions, please let us know ( if the lack of NTLM proxy authentication is a problem for you.

Enabling the Canopy debugger when Proxy access is blocked

Commercial subscribers, please see "Using Canopy's interactive Python debugger and variable browser".


Please do not enter support requests in article comments

Please use article comments for suggestions to improve the article. See "How to submit Enthought Canopy/EPD support requests".

Have more questions? Submit a request


Powered by Zendesk