I see what you’re asking here.
The short of it is that Discourse itself has no way to tell it to use a proxy for outbound connections, thought it appears Net::HTTP has the capability to automatically use the http_proxy environment variable, which (in some cases) should serve your needs.
I would recommend the following steps:
- set up an offsite https proxy
- configure your Discourse server’s firewall to reject (and LOG!) outbound connections from Discourse
- deploy Discourse with the http_proxy
- monitor your firewall logs so you can watch for outbound connections you didn’t think of (e.g. DNS) and whitelist them or adapt the section of the code from where it’s called
This will probably take some effort to get working, alternatively you could tunnel outbound traffic via a tunnel to an offsite host.
Since you already have a SOCKS proxy set up, maybe you can add outbound firewall mangling rules to transparently shunt requests to a squid proxy that then uses SOCKS for outbound requests?