Setting up a proxy for ActiveGate
To set up a proxy for an ActiveGate, update or add the authentication parameters to the custom.properties
or launcheruserconfig.conf
file.
If you define the same parameters in the custom.properties
and launcheruserconfig.conf
files, the proxy parameters defined in the custom.properties
file will override the corresponding parameters in the launcheruserconfig.conf
file.
- To set a proxy for both communication of ActiveGate to DESK server and for AWS/VMware monitoring, configure the parameters in the
custom.properties
file. - To set a proxy only for AWS/VMware monitoring, configure the parameters in
launcheruserconfig.conf
file. - To set a proxy only for communication between ActiveGate and DESK server (no AWS/VMware monitoring), configure the parameters in the
custom.properties
file and in thelauncheruserconfig.conf
file. - To set up a proxy for communication with a private synthetic tested resource alone or with DESK server, configure parameters in the
custom.properties
file. See Setting up proxy for private synthetic.
Depending on your ActiveGate version and deployment setup, the configuration files are located in the following directories and folders:
-
custom.properties
/var/lib/desk/gateway/config
or
/var/lib/desk/gateway/gateway/config
-
launcheruserconfig.conf
On Linux:/var/lib/desk/gateway/config/launcheruserconfig.conf
On Windows:C:\ProgramData\desk\gateway\config\launcheruserconfig.conf
Setting proxy for DESK server communication and for AWS/VMware monitoring
To set proxy for both communication of ActiveGate to DESK server and for AWS/VMware monitoring:
Stop the ActiveGate and edit the custom.properties
file.
Specify the proxy-related parameters in the [http.client]
section of the custom.properties
file—in particular, those parameters related to authentication, such as:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
You also can use the proxy-server
and proxy-port
parameters in the command line ActiveGate installation:
PROXY=<proxy server>:<proxy port>
Save the custom.properties
file and restart the ActiveGate.
Setting proxy only for Cloud Foundry and Kubernetes monitoring
The DESK Cloud Foundry and Kubernetes monitoring integrations require the scheme [http.client.external]
to configure a proxy for communication with the respective API.
Stop the ActiveGate and edit the custom.properties
file.
Specify the proxy-related parameters in the [http.client.external]
section of the custom.properties
file—in particular, those parameters related to authentication, such as:
[http.client.external]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Save the custom.properties
file and restart the ActiveGate.
Certificate management for Cloud Foundry, Kubernetes, and OpenShift communication
If you're using self-signed certificates for communication to external APIs (for example, for the Cloud Foundry and Kubernetes APIs) you can either add the certificate to the truststore (Option 1) or disable the certificate validation in the custom.properties
file (Option 2).
Setting proxy only for AWS/VMware communication
If you want to set up the proxy only for ActiveGate communication to the monitored environment, define the proxy settings in the launcheruserconfig.conf
file using a set of Java system properties with -D
option after -vmargs
.
Stop the ActiveGate and edit the launcheruserconfig.conf
file.
Set the host name of the proxy server (-Dhttp.proxyHost
and -Dhttps.proxyHost
) and the port number (-Dhttp.proxyPort
and -Dhttps.proxyPort
). You can either append the parameters and values or update the values if the parameters already exist. It is important to specify the parameter values for both HTTP and HTTPS protocols.
For example:
-vmargs
-Dhttp.proxyHost=127.0.0.1
-Dhttps.proxyHost=127.0.0.1
-Dhttp.proxyPort=8080
-Dhttps.proxyPort=8080
Additional proxy settings that you can set:
-Dhttp.proxyUser
-Dhttps.proxyUser
-Dhttp.proxyPassword
-Dhttps.proxyPassword
-Dhttp.nonProxyHosts
By default, the -Dhttp.nonProxyHosts
parameter applies to both HTTP and HTTPS protocols, and it can remain defined only as HTTP.
Setting proxy only for DESK Server communication
Stop the ActiveGate and edit the custom.properties
file.
Specify the proxy-related parameters in the [http.client]
section of the custom.properties
file—in particular, those parameters related to authentication, such as:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Save the custom.properties
file.
Edit the launcheruserconfig.conf
file.
Define the nonProxyHosts
parameter in the launcheruserconfig.conf
file as *
using a set of Java system properties with -D
option after -vmargs
. The nonProxyHosts
parameter indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The wildcard character *
indicates that every hosts should be accessed directly even if a proxy server is specified. See Java Networking and Proxies
For example:
-vmargs
-Dhttp.nonProxyHosts=*
Save the launcheruserconfig.conf
file and restart the ActiveGate.
Setting proxy for private synthetic
To set proxy for communication with the tested resource, set the properties in the [synthetic]
section. To set proxy for communication with the DESK server, set the properties in the [http.client]
section. For more information, see Setting up proxy for private synthetic.
Excluding hosts from proxy communication
The nonProxyHosts
parameter configured in the launcheruserconfig.conf
file affects only the communication between the ActiveGate and the monitored environment. For example, it may be a cloud technology like AWS or VMware or a resource monitored by your private monitors executed on a synthetic-enabled ActiveGate.
Stop the ActiveGate and edit the launcheruserconfig.conf
file. See Configure ActiveGate launcher.
The hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts, separated by the '|' character. In addition, you can use the wild card character '*' for pattern matching. There can be only one wild card character, either at the beginning or the end of the hostname. For example nonProxyHosts=*.foo.com|localhost
will indicate that every hosts in the foo.com
domain and the localhost
should be accessed directly even if a proxy server is specified.
Make sure that the proxy parameters are preceded by the -vmargs
flag.
For example:
-vmargs
-Dhttp.nonProxyHosts=hostname0*|10.1.*
The syntax for specifying the host variable may vary depending on your JVM version. Single quotation marks or double quotation marks may be required for your version of JVM.
For example:
-vmargs
-Dhttp.nonProxyHosts='hostname0*|10.1.*'
or
-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"
or
-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"
Restart the ActiveGate.