.orb: Proxy

For security audits, you might want a transparent proxy that logs all traffic leaving an OrbStack VM without decrypting it.

Using pfctl (macOS Packet Filter) or iptables (inside the VM), you can redirect traffic to a monitoring proxy like squid.

Conceptual flow:

# Inside the OrbStack VM (Linux)
iptables -t nat -A OUTPUT -p tcp --dport 80 ! -d .orb -j REDIRECT --to-port 8080

Unlike a standard VPN that connects to a remote server, proxy.orb points to a local SOCKS5 proxy (usually on port 9050 or 9150). Here’s the step-by-step journey: proxy .orb

Because proxy.orb resolves to 127.0.0.1, no data ever leaves your device unencrypted to your ISP—unless you misconfigure the chain.

proxy:
  http: http://proxy.orb:8080
  https: http://proxy.orb:8080
  no_proxy: localhost,127.0.0.1

Here, proxy.orb is the hostname of the proxy server inside the Orb network.

Cycloid’s Orb is a tool that helps implement GitOps and Infrastructure as Code (IaC). It uses a proxy to: For security audits, you might want a transparent

A proxy .orb setting might appear in:

Your .circleci/config.yml remains clean. Developers just say deploy: staging without needing to know the curl syntax or the API endpoints.

In countries with heavy internet restrictions (firewalls, blocks on social media), proxy.orb becomes a lifeline. By routing through Tor, your traffic appears to originate from a different country, bypassing local filters. # Inside the OrbStack VM (Linux) iptables -t

Orb typically respects standard environment variables for proxying. You do not configure this inside an .orb file, but rather in your terminal session before running Orb commands.

On macOS / Linux:

export HTTP_PROXY="http://proxy-server:port"
export HTTPS_PROXY="http://proxy-server:port"

On Windows (PowerShell):

$env:HTTP_PROXY="http://proxy-server:port"
$env:HTTPS_PROXY="http://proxy-server:port"

Once these variables are set, any network requests made by the Orb tool will route through the specified proxy.