Contact Us 1-800-596-4880

Manage Proxies on Runtime Fabric on VMs / Bare Metal

Anypoint Runtime Fabric clusters consistently communicate with the control plane and image repositories. Applications that are deployed in the cluster can also communicate with external endpoints.

You can configure the proxy settings used by Runtime Fabric outbound connections to the internet. This includes both HTTP proxies for connecting to the Anypoint Platform control plane and SOCKS5 proxies for sending metrics and logs to Anypoint Monitoring. You can also configure proxies for applications.

Proxies used by Runtime Fabric can be configured during or after installation using the rtfctl utility. Application proxies are configured during application deployment.

Install rtfctl

The rtfctl utility is required to manage proxy settings on Runtime Fabric. Follow the steps to Install rtfctl before configuring proxy settings.

Configure a Monitoring Proxy

Because the monitoring agent requires a SOCKS5 proxy, you need two proxy types if you use Anypoint Monitoring.

This step is performed one time on one controller node.
  1. Log into a controller node where rtfctl is installed.

  2. Run the following command, replacing the placeholder values with the following:

    sudo /opt/anypoint/runtimefabric/rtfctl apply monitoring-proxy "socks5://<user>:<pass>@<10.0.0.2>:<8080>"
    • <user>: the username needed to authenticate to the SOCKS5 proxy.

    • <pass>: the password needed to authenticate to the SOCKS5 proxy.

      The password must be URL encoded.
    • <10.0.0.2>: The IP address or hostname used to access the SOCKS5 proxy.

    • <8080>: The host port on the host where the SOCKS5 proxy is listening for requests.

  3. To verify the change was successful, run the following command to output the current value of the monitoring proxy:
    sudo /opt/anypoint/runtimefabric/rtfctl get monitoring-proxy

The output should match the value expected.

Configure an HTTP Proxy

Updating the HTTP proxy causes each machine in the cluster to restart all pods running on it. Although no downtime occurs if you are running multiple replicas, you should perform HTTP proxy updates during a maintenance window.

  • Apply the proxy values to the services running within Runtime Fabric.

  • If you are using Runtime Fabric installer 1.0.x, run the script on each node of your Runtime Fabric to update the cluster.

Apply Proxy Values to Runtime Fabric

Configure a proxy at the runtime level for all the outbound components running in the runtime to use.

This step is performed one time on one controller node.
  1. Log in to a controller node where rtfctl has been installed.

  2. Run the following command, replacing the placeholder values with the following:

    sudo /opt/anypoint/runtimefabric/rtfctl apply http-proxy "http://<user>:<pass>@<10.0.0.1>:<8080>" --no-proxy "<1.1.1.1:8888,2.2.2.2:9999>"
    • <user>: the username needed to authenticate to the HTTP proxy.

    • <pass>: the password needed to authenticate to the HTTP proxy.

      The password must be URL encoded.
    • <10.0.0.1>: Specifies the IP address or hostname to access the HTTP proxy.

    • <8080>: Specifies the port on the host where the HTTP proxy is listening for requests.

    • <1.1.1.1:8888,2.2.2.2:9999>: Specifies the RTF_NO_PROXY hosts and ports, delimited by commas.

    • (Optional) --confirm: Skips manual acknowledgement of the change. If not specified, the rtfctl apply proxy command prompts you to confirm the change before continuing.

  3. To verify the change was successful, run the following command to output the current value of the HTTP proxy:

    sudo /opt/anypoint/runtimefabric/rtfctl get http-proxy

The output should match the value expected.

Configure a Proxy for the API Manager Agent

Add the following properties to the application:

anypoint.platform.proxy_host=hostname
anypoint.platform.proxy_port=port
anypoint.platform.proxy_username=username
anypoint.platform.proxy_password=password

Configure a Proxy for an Application

Applications deployed in Runtime Fabric do not inherit proxy settings from the Runtime Fabric cluster. You must configure a proxy for each application.

You can set up a proxy on each connector (such as an HTTP requestor) or set up a proxy with application properties as shown in the following example. Setting up a proxy with application properties is less work if you have a large number of connectors in an application.

http.nonProxyHosts=localhost|*.svc.cluster.local|*.monitoring.svc.cluster.local
http.proxyHost=172.19.0.23
http.proxyPort=3128
https.proxyHost=172.19.0.23
https.proxyPort=3128

java.net.useSystemProxies=false
com.ning.http.client.AsyncHttpClientConfig.useProxySelector=false
com.ning.http.client.AsyncHttpClientConfig.useProxyProperties=true