Improve http-proxy docs

Signed-off-by: Vatsal Parekh <[email protected]>

Author: vatsalparekh

docs/advanced/settings.md

@@ -191,10 +191,19 @@ Harvester sends a graceful shutdown signal to any VM that is stopped using the H
 
 **Definition**: HTTP proxy used to access external services, including downloading of images and backup to S3 services.
 
+When `httpProxy`, `httpsProxy`, and `noProxy` are configured, either during ISO-based installation or later on the host, these variables are automatically injected into every node-level process, including the kubernetes components, the container runtime that pulls Harvester’s system and VM-image containers, and other operating-system utilities.
+
+All control-plane components, such as the image-downloader fetching external VM images, the backup-restore controller communicating with S3 targets, the upgrade-checker polling Rancher’s release server, and the embedded Rancher agent, honor these proxy settings. As a result, outbound requests to public endpoints are routed through the configured proxy, while traffic to internal VIPs, service domains, and CIDR ranges bypasses it.
+
+Proxy settings are also useful for [Airgap environment](../airgap.md) setup.
+
 :::caution
 
 Changing this setting might cause single-node clusters to temporarily become unavailable or inaccessible.
 
+Proxies can rewrite or remove critical headers like `Host` or `Cache-Control`, breaking API requests or caching mechanism. Long-running operations such as large VM image downloads or backup restores can fail due to proxy-imposed timeouts on idle connections.
+Ensure preservation of necessary authentication headers, exempt internal addresses via `noProxy` and adjust proxy timeout settings for lengthy control-plane tasks.
+
 :::
 
 **Default value**: `{}`

docs/airgap.md

@@ -22,6 +22,14 @@ The Harvester ISO image contains all the packages to make it work in an air gapp
 
 In some environments, the connection to external services, from the servers or VMs, requires an HTTP(S) proxy.
 
+## Connecting to Rancher in airgap environment
+
+In an air-gapped network, HTTP(S) proxy settings must be configured so that Harvester and Rancher can still communicate. There are two common deployment topologies:
+
+- Rancher inside the same isolated network: Configure the proxy on the Harvester side through OS environment variables and Harvester’s http-proxy, https-proxy and no-proxy settings so that rancher-agent pods on each Harvester node can reach the Rancher server endpoint. Make sure the no-proxy list includes the Harvester cluster VIP or API server IP, Harvester service domains such as harvester-system.svc.cluster.local, and any relevant CIDR ranges.
+
+- Rancher outside the isolated network: Configure the proxy on the Rancher side using environment variables for the Rancher container or its Kubernetes deployment so Rancher can connect back to the Harvester API endpoint. Ensure the no-proxy list covers the Harvester VIP, service domains and internal CIDR ranges so internal traffic bypasses the proxy.
+
 ### Configure an HTTP Proxy During Installation
 
 You can configure the HTTP(S) proxy during the [ISO installation](./install/iso-install.md) as shown in picture below: