diff --git a/cmd/control/console_init.go b/cmd/control/console_init.go
index 06a93cc80..93342a532 100644
--- a/cmd/control/console_init.go
+++ b/cmd/control/console_init.go
@@ -122,6 +122,23 @@ func consoleInitFunc() error {
 		log.Error(err)
 	}
 
+	// write out a profile.d file for the proxy settings.
+	// maybe write these on the host and bindmount into everywhere?
+	proxyLines := []string{}
+	for _, k := range []string{"http_proxy", "HTTP_PROXY", "https_proxy", "HTTPS_PROXY", "no_proxy", "NO_PROXY"} {
+		if v, ok := cfg.Rancher.Environment[k]; ok {
+			proxyLines = append(proxyLines, fmt.Sprintf("export %s=%s", k, v))
+		}
+	}
+
+	if len(proxyLines) > 0 {
+		proxyString := strings.Join(proxyLines, "\n")
+		proxyString = fmt.Sprintf("#!/bin/sh\n%s\n", proxyString)
+		if err := ioutil.WriteFile("/etc/profile.d/proxy.sh", []byte(proxyString), 0755); err != nil {
+			log.Error(err)
+		}
+	}
+
 	cmd = exec.Command("bash", "-c", `echo $(/sbin/ifconfig | grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3}') >> /etc/issue`)
 	if err := cmd.Run(); err != nil {
 		log.Error(err)
diff --git a/cmd/control/os.go b/cmd/control/os.go
index b5e8822e9..5084962ac 100644
--- a/cmd/control/os.go
+++ b/cmd/control/os.go
@@ -3,7 +3,6 @@ package control
 import (
 	"fmt"
 	"io/ioutil"
-	"net/http"
 	"net/url"
 	"os"
 	"runtime"
@@ -22,6 +21,7 @@ import (
 	"github.com/rancher/os/compose"
 	"github.com/rancher/os/config"
 	"github.com/rancher/os/docker"
+	"github.com/rancher/os/util/network"
 )
 
 type Images struct {
@@ -83,7 +83,6 @@ func osSubcommands() []cli.Command {
 	}
 }
 
-// TODO: this and the getLatestImage should probably move to utils/network and be suitably cached.
 func getImages() (*Images, error) {
 	upgradeURL, err := getUpgradeURL()
 	if err != nil {
@@ -108,12 +107,7 @@ func getImages() (*Images, error) {
 		u.RawQuery = q.Encode()
 		upgradeURL = u.String()
 
-		resp, err := http.Get(upgradeURL)
-		if err != nil {
-			return nil, err
-		}
-		defer resp.Body.Close()
-		body, err = ioutil.ReadAll(resp.Body)
+		body, err = network.LoadFromNetwork(upgradeURL)
 		if err != nil {
 			return nil, err
 		}
diff --git a/config/cloudinit/datasource/url/url.go b/config/cloudinit/datasource/url/url.go
index 117e2aa3c..ca065d63c 100755
--- a/config/cloudinit/datasource/url/url.go
+++ b/config/cloudinit/datasource/url/url.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/rancher/os/config/cloudinit/datasource"
 	"github.com/rancher/os/config/cloudinit/pkg"
+	"github.com/rancher/os/util/network"
 )
 
 type RemoteFile struct {
@@ -31,6 +32,7 @@ func NewDatasource(url string) *RemoteFile {
 }
 
 func (f *RemoteFile) IsAvailable() bool {
+	network.SetProxyEnvironmentVariables()
 	client := pkg.NewHTTPClient()
 	_, f.lastError = client.Get(f.url)
 	return (f.lastError == nil)
diff --git a/init/init.go b/init/init.go
index e7d704f5c..3a5ff0aa9 100755
--- a/init/init.go
+++ b/init/init.go
@@ -380,9 +380,10 @@ func RunInit() error {
 			return c, dfs.PrepareFs(&mountConfig)
 		}},
 		config.CfgFuncData{"load modules2", loadModules},
-		config.CfgFuncData{"set proxy env", func(c *config.CloudConfig) (*config.CloudConfig, error) {
-			network.SetProxyEnvironmentVariables(c)
-			return c, nil
+		config.CfgFuncData{"set proxy env", func(cfg *config.CloudConfig) (*config.CloudConfig, error) {
+			network.SetProxyEnvironmentVariables()
+
+			return cfg, nil
 		}},
 		config.CfgFuncData{"init SELinux", initializeSelinux},
 		config.CfgFuncData{"setupSharedRoot", setupSharedRoot},
diff --git a/os-config.tpl.yml b/os-config.tpl.yml
index 49a600d32..c1b33e03f 100644
--- a/os-config.tpl.yml
+++ b/os-config.tpl.yml
@@ -141,6 +141,10 @@ rancher:
         io.rancher.os.after: cloud-init-execute
         io.docker.compose.rebuild: always
         io.rancher.os.console: default
+      environment:
+      - HTTP_PROXY
+      - HTTPS_PROXY
+      - NO_PROXY
       net: host
       uts: host
       pid: host
diff --git a/util/network/network.go b/util/network/network.go
index 877097a8b..6c1dcab50 100644
--- a/util/network/network.go
+++ b/util/network/network.go
@@ -57,7 +57,8 @@ func getServices(urls []string, key string) ([]string, error) {
 	return result, nil
 }
 
-func SetProxyEnvironmentVariables(cfg *config.CloudConfig) {
+func SetProxyEnvironmentVariables() {
+	cfg := config.LoadConfig()
 	if cfg.Rancher.Network.HTTPProxy != "" {
 		err := os.Setenv("HTTP_PROXY", cfg.Rancher.Network.HTTPProxy)
 		if err != nil {
@@ -76,16 +77,30 @@ func SetProxyEnvironmentVariables(cfg *config.CloudConfig) {
 			log.Errorf("Unable to set NO_PROXY: %s", err)
 		}
 	}
+	if cfg.Rancher.Network.HTTPProxy != "" {
+		config.Set("rancher.environment.http_proxy", cfg.Rancher.Network.HTTPProxy)
+		config.Set("rancher.environment.HTTP_PROXY", cfg.Rancher.Network.HTTPProxy)
+	}
+	if cfg.Rancher.Network.HTTPSProxy != "" {
+		config.Set("rancher.environment.https_proxy", cfg.Rancher.Network.HTTPSProxy)
+		config.Set("rancher.environment.HTTPS_PROXY", cfg.Rancher.Network.HTTPSProxy)
+	}
+	if cfg.Rancher.Network.NoProxy != "" {
+		config.Set("rancher.environment.no_proxy", cfg.Rancher.Network.NoProxy)
+		config.Set("rancher.environment.NO_PROXY", cfg.Rancher.Network.NoProxy)
+	}
 }
 
-func loadFromNetwork(location string) ([]byte, error) {
+func LoadFromNetworkWithCache(location string) ([]byte, error) {
 	bytes := cacheLookup(location)
 	if bytes != nil {
 		return bytes, nil
 	}
+	return LoadFromNetwork(location)
+}
 
-	cfg := config.LoadConfig()
-	SetProxyEnvironmentVariables(cfg)
+func LoadFromNetwork(location string) ([]byte, error) {
+	SetProxyEnvironmentVariables()
 
 	resp, err := http.Get(location)
 	if err == nil {
@@ -111,7 +126,7 @@ func LoadResource(location string, network bool) ([]byte, error) {
 		if !network {
 			return nil, ErrNoNetwork
 		}
-		return loadFromNetwork(location)
+		return LoadFromNetworkWithCache(location)
 	} else if strings.HasPrefix(location, "/") {
 		return ioutil.ReadFile(location)
 	}