Use the CLI with a Proxy Server

If you install, update, or use the Coveo CLI on a computer that’s behind a company firewall or web proxy, you may receive an error message similar to the following (error messages differ between operating systems):

coveo-cli: Updating CLI... !'ECONNRESET': tunneling socket could not be established, cause=connect EHOSTUNREACH - Local (

If this occurs, you must configure your system to route traffic through the firewall or proxy.


To use the Coveo CLI with a firewall or proxy, it must not block the Coveo endpoint:

If your organization is multi-region, has data residency outside the US, or is HIPAA-compliant, you must allow the relevant endpoint in addition to the standard Coveo endpoint.


If you have a firewall or HTTP proxy, you must set the HTTPS_PROXY environment variable with the domain or IP address of your proxy server. The exact command depends on your operating system.

On MacOS or Linux:


On Windows:


where you replace <MY_USERNAME> and <MY_PASSWORD> with your username and password respectively, and <MY_PROXY> with the URL and port of your proxy server (for example,


If your proxy requires an extra certificate authority, or if you set the HTTPS_PROXY environment variable and still see error messages, you must set the NODE_EXTRA_CA environment variable to point to a certificate file. If you don’t know the location of your certificate, ask your IT department where to find or download it. The exact command depends on your operating system.

On MacOS or Linux:


On Windows:


where you replace <FILE_PATH> with an absolute path that points to your certificate file (for example, C:\folder\subfolder\certificate.pem on Windows).