sudo /opt/anypoint/runtimefabric/rtfctl apply monitoring-proxy "socks5://<user>:<pass>@<10.0.0.2>:<8080>"
Manage Proxies on Runtime Fabric on VMs / Bare Metal
Anypoint Runtime Fabric clusters consistently communicate with the control plane and image repositories. Applications that are deployed in the cluster can also communicate with external endpoints.
You can configure the proxy settings used by Runtime Fabric outbound connections to the internet. This includes both HTTP proxies for connecting to the Anypoint Platform control plane and SOCKS5 proxies for sending metrics and logs to Anypoint Monitoring. You can also configure proxies for applications.
Proxies used by Runtime Fabric can be configured during or after installation using the rtfctl
utility. Application proxies are configured during application deployment.
Install rtfctl
The rtfctl
utility is required to manage proxy settings on Runtime Fabric. Follow the steps to Install rtfctl before configuring proxy settings.
Configure a Monitoring Proxy
Because the monitoring agent requires a SOCKS5 proxy, you need two proxy types if you use Anypoint Monitoring.
This step is performed one time on one controller node. |
-
Log into a controller node where
rtfctl
is installed. -
Run the following command, replacing the placeholder values with the following:
-
<user>: the username needed to authenticate to the SOCKS5 proxy.
-
<pass>: the password needed to authenticate to the SOCKS5 proxy.
The password must be URL encoded. -
<10.0.0.2>: The IP address or hostname used to access the SOCKS5 proxy.
-
<8080>: The host port on the host where the SOCKS5 proxy is listening for requests.
-
-
To verify the change was successful, run the following command to output the current value of the monitoring proxy:
sudo /opt/anypoint/runtimefabric/rtfctl get monitoring-proxy
The output should match the value expected.
Configure an HTTP Proxy
Updating the HTTP proxy causes each machine in the cluster to restart all pods running on it. Although no downtime occurs if you are running multiple replicas, you should perform HTTP proxy updates during a maintenance window.
-
Apply the proxy values to the services running within Runtime Fabric.
-
If you are using Runtime Fabric installer 1.0.x, run the script on each node of your Runtime Fabric to update the cluster.
Apply Proxy Values to Runtime Fabric
Configure a proxy at the runtime level for all the outbound components running in the runtime to use.
This step is performed one time on one controller node. |
-
Log in to a controller node where
rtfctl
has been installed. -
Run the following command, replacing the placeholder values with the following:
sudo /opt/anypoint/runtimefabric/rtfctl apply http-proxy "http://<user>:<pass>@<10.0.0.1>:<8080>" --no-proxy "<1.1.1.1:8888,2.2.2.2:9999>"
-
<user>: the username needed to authenticate to the HTTP proxy.
-
<pass>: the password needed to authenticate to the HTTP proxy.
The password must be URL encoded. -
<10.0.0.1>: Specifies the IP address or hostname to access the HTTP proxy.
-
<8080>: Specifies the port on the host where the HTTP proxy is listening for requests.
-
<1.1.1.1:8888,2.2.2.2:9999>: Specifies the
RTF_NO_PROXY
hosts and ports, delimited by commas. -
(Optional)
--confirm
: Skips manual acknowledgement of the change. If not specified, thertfctl apply proxy
command prompts you to confirm the change before continuing.
-
-
To verify the change was successful, run the following command to output the current value of the HTTP proxy:
sudo /opt/anypoint/runtimefabric/rtfctl get http-proxy
The output should match the value expected.
-
To remove the remove the proxy values, run:
sudo /opt/anypoint/runtimefabric/rtfctl apply http-proxy '' --no-proxy ''
Configure a Proxy for the API Manager Agent
Add the following properties to the application:
anypoint.platform.proxy_host=hostname anypoint.platform.proxy_port=port anypoint.platform.proxy_username=username anypoint.platform.proxy_password=password
Configure a Proxy for an Application
Applications deployed in Runtime Fabric do not inherit proxy settings from the Runtime Fabric cluster. You must configure a proxy for each application.
You can set up a proxy on each connector (such as an HTTP requestor) or set up a proxy with application properties as shown in the following example. Setting up a proxy with application properties is less work if you have a large number of connectors in an application.
http.nonProxyHosts=localhost|*.svc.cluster.local|*.monitoring.svc.cluster.local http.proxyHost=172.19.0.23 http.proxyPort=3128 https.proxyHost=172.19.0.23 https.proxyPort=3128 java.net.useSystemProxies=false com.ning.http.client.AsyncHttpClientConfig.useProxySelector=false com.ning.http.client.AsyncHttpClientConfig.useProxyProperties=true