PAGE DEPRECATED: Updated content located here.
Sauce Connect Proxy provides several command-line arguments. The table below outlines all of the current flags you can use to specify Sauce Connect Proxy parameters.
Some command-line arguments can be passed through a config file or an environment variable. When the same argument is passed through multiple methods, the order of precedence is as follows: Command Line Argument > Environment Variable > Config File.
To ensure compatibility with these variables, make sure that you're using the most recent version of Sauce Connect Proxy (download here).
List of Sauce Connect Proxy Command-Line Arguments
Flag (Short) | Flag (Long) | Description |
---|---|---|
-u |
| Sauce Labs username. Instead of explicit |
-k |
| Sauce Labs API key. Instead of explicit |
-c |
| Included as part of the Sauce Connect Proxy download package (sc.exe) is the example configuration file config.yaml, to be used with the Here is the order of precedence when the same argument is provided through multiple methods, with methods to the left having higher precedence: Command Line Argument > Environment Variable > Config File. In production environments, we recommend using a configuration file rather than command-line arguments for the following reasons:
|
-B |
| Comma-separated list of domains. Requests, including hosts that match one of these domains, will not be SSL re-encrypted. See Sauce Connect Proxy and SSL Certificate Bumping for more information about scenarios in which you would want to use this command. For more info, see Formatting Domains guidelines. HTTP Header Injection is disabled for all HTTPS domains passed to |
-N |
| Disables caching in Sauce Connect Proxy. All requests will be sent through the tunnel. |
-D |
| Comma-separated list of domains. Requests, including hosts that match one of these domains, will be relayed directly through the Internet instead of through the Sauce Connect tunnel. For more info, see Formatting Domains guidelines. |
-t |
| Inverse of For more info, see Formatting Domains guidelines. |
-v |
| Enables verbose debugging. Use You can also use the |
-F |
| Comma-separated list of regular expressions. Requests with URLs matching one of these will get dropped instantly and will not go through the tunnel. See Sauce Connect Proxy FAQs > How Can I Use Sauce Connect Proxy to Test Graceful Degradation? for an example of using this command to test for application or site degradation based on missing assets or resources. |
-i |
| Assigns an For more information on using |
-l |
| Capture the Sauce Connect Proxy logs in |
-P |
| Sets the port on which Sauce Connect's Selenium relay will listen for requests. Selenium commands reaching Sauce Connect on this port will be relayed to Sauce Labs securely and reliably through Sauce Connect's tunnel. This feature is disabled unless specified. NOTE: Effective with Sauce Connect Proxy version 4.6.0, this feature is no longer enabled by default. |
-p |
| Proxy host and port that Sauce Connect Proxy should use to connect to the Sauce Labs REST API and test traffic. For more information about the As an alternative, you can also use environment variables |
-w |
| Username and password sent via basic authentication required to access the proxy configured with NOTE: Sauce Connect Proxy versions older than 4.6.1 do not support the |
| Proxy auto-configuration (PAC). Can be a http(s) or local file:// URL. For more information about the Absolute paths are required when specifying a local PAC file (e.g., file:///Users/Andrew/Desktop/MyPac.pac). | |
--pac-auth <username:password@host:port> | Supplies PAC authentication string in format New Feature Option is only compatible with Sauce Connect Proxy client version 4.6.3+. | |
-T |
| Uses the proxy configured with You'll need to use this option if you use a PAC file that contains Sauce Labs DNS names. |
-s |
| Allows other users of the tunnel owner to use the tunnel. For more information, visit the Sharing Sauce Connect Proxy Tunnels - Extended Team Management page. |
-x |
| By default, Sauce Connect Proxy connects to the US Virtual Device and Desktop Cloud (US-West-1). Use this option if you need to connect to a different Sauce Labs cloud (e.g., EU Virtual Device and Desktop Cloud or US Real Device Cloud). For a full list of Sauce Connect Proxy endpoints, see Data Center Endpoints. |
-f |
| File that will be touched to indicate when the tunnel is ready. |
-a |
| Performs basic authentication when a URL on Basic Authentication Only Sauce Connect's HTTP Header Injection is disabled for SSL domains that are not re-encrypted by Sauce Connect, which means performing basic authentication in this way is disabled for all HTTPS domains passed to --no-ssl-bump-domains argument. |
-z |
| Logs statistics about HTTP traffic every |
| Rotates log file after reaching | |
| Performs checks to detect possible misconfiguration or problems. Check out Sauce Connect Proxy Debugging and Diagnostics with --doctor flag for more information about the errors that | |
| Disables the auto-detection of proxy settings. | |
| Displays version information and exit. | |
-X |
| Sets port to use for the built-in HTTP proxy. |
| CA certificate bundle to use for verifying REST connections. | |
| Directory of CA certs to use for verifying REST connections. | |
| Requires that the certificates on the Sauce Labs internal tunnel Virtual Machine be signed by a Certificate Authority instead of self-signed certificates. See Sauce Connect Proxy Change Logs for details. | |
| CA certificate bundle to use for verifying tunnel connections. | |
| Directory of CA certificates to use for verifying tunnel connections. | |
--scproxy-read-limit <X> | Rates limit reads in scproxy to X bytes per second. This option can be used to adjust local network transfer rate in order not to overload the tunnel connection. | |
--scproxy-write-limit <X> | Rates limit writes in scproxy to X bytes per second. This option can be used to adjust local network transfer rate in order not to overload the tunnel connection. | |
| Uses specified name server. To specify multiple servers, separate them with a comma. Use IP addresses, optionally with a port number, the two separated by a colon. Example: --dns 8.8.8.8,8.8.4.4:53 . | |
| By default, colliding tunnels will be removed when Sauce Connect is starting up. Use this option to prevent removal of identified tunnels with the same name or any other default tunnels. Jobs will be distributed across all tunnels, enabling load balancing and high availability. | |
-d |
| Specifies the file in which to write the Sauce Connect Proxy process ID. When Sauce Connect Proxy makes a best effort but cannot guarantee that the pidfile will be removed when shutting down Sauce Connect Proxy. With that in mind, relying on the pidfile as a means to monitor Sauce Connect Proxy is not supported. |
| Defines host:port for the internal web server used to expose client side metrics (default is | |
-h |
| Displays the help text. |
|
| Injects job id and tunnel id as HTTP request headers. HTTP Header Injection is disabled for SSL domains that are not re-encrypted by Sauce Connect Proxy. Header Injection is disabled for all HTTPS domains passed to |
--ocsp log-only | OCSP tunnel certificate validation command that logs errors only; it will not stop Sauce Connect from connecting to a tunnel. | |
--ocsp attempt | Sets an OCSP tunnel certificate validation "soft-fail" policy that allows Sauce Connect to run unless OCSP server returns a “revoked” status (e.g., timeouts, unknown status). It will not stop Sauce Connect from connecting to a tunnel. Connection to OCSP server will be set to time out after 5 seconds. | |
--ocsp strict | Sets an OCSP tunnel certificate validation "hard-fail" policy that blocks Sauce Connect from running unless the OCSP server returns a “good” status (e.g., timeouts, revoked certificate, unknown status). It will stop Sauce Connect from connecting to a tunnel. Connection to OCSP server will be set to time out after 10 seconds. | |
--no-ocsp-verify | OCSP tunnel certificate validation command that allows you to bypass OCSP checks. |
NOTE: OCSP supports the following Sauce Connect flags: --kgp-host, --kgp-port, --proxy, --pac, --no-autodetect, --proxy-tunnel, --tunnel-cainfo, --tunnel-capath
. More information: Sauce Connect Proxy Certificate Handling.
Formatting Domains in Your Commands
Here are some guidelines to follow when formatting domains within your commands:
- Make sure your comma-separated list of domains doesn't include any spaces. For example,
mydomain.com,saucelabs.com,mysite.com
, instead ofmydomain.com, saucelabs.com, mysite.com
- Use only the domain name; no need to precede it with
http:
orhttps:
- Prefix a domain name with "
*."
or simply"."
to match all its subdomains. For example, you could refer to bothwiki.saucelabs.com
andmy.saucelabs.com
with "*.saucelabs.com"
or".saucelabs.com"
. Enclose the argument in quotes to prevent shell expansion of asterisk. - If you don't want any domains to be SSL re-encrypted, you can specify
all
with the argument (i.e.,-B all
or--no-ssl-bump-domains all
) - WebSockets are not compatible with SSL bumping; you'll need to disable SSL Bumping for WebSocket domains
Developer-Only Command-Line Arguments
The following command-line arguments are only to be used when explicitly requested by our Support team.
Flag (Short) | Flag (Long) | Description |
---|---|---|
|
| Sets the maximum amount of keepalive ACKs that can be missed before the client will trigger a reconnect. The default is 30. |
| Disables certificate verification for tunnel/KGP connections. | |
| Disables certificate verification for HTTP connections. | |
-r |
| If set false do not attempt to reconnect, and shut down. |
| Requests a specific tunnel VM version. | |
-o |
| Writes all configuration options as JSON to stdout . This flag is used by our Jenkins plugin and is not intended to be used by end users. |