Connect the Agent Through a Proxy Server

logo cloud disabled logo hybrid active logo server active logo rtf disabled

If your Mule runtime engine runs inside a firewall that restricts external communication through a proxy server, you can configure the Runtime Manager agent to route traffic through the proxy server to Runtime Manager.

The Runtime Manager agent supports only the basic access authentication method.

Configure the Agent to Connect Through a Proxy Server

To configure the agent to connect through a proxy server, you must:

  • Run the amc_setup command to create the $MULE_HOME/conf/mule-agent.yml file.

  • Set up your proxy server configuration in the $MULE_HOME/conf/wrapper.conf file.

Run amc_setup to Create mule-agent.yml

If you have previously installed the Runtime Manager agent and want to change the configuration to use a proxy, you can add the proxy configuration to the mule-agent.yml file.

To configure the proxy server connection:

  1. If you want to encrypt passwords in the mule-agent.yml file, set the AGENT_VAR_master_password environment variable to the master password:

    export AGENT_VAR_master_password=myPassword

  2. Run this command:

    $MULE_HOME/bin/amc_setup -H token server-name -P proxy-host proxy-port proxy-user proxy-password

If the proxy server doesn’t require authentication, omit proxy-user and proxy-password.

proxy-host

Specifies the hostname of the desired proxy server: for example, proxy.acme.com. Do not include http:// or https:// in the hostname.

proxy-port

Specifies the port of the desired proxy server.

proxy-user

Optionally specifies the user with which to authenticate against the proxy, if required.

proxy-password

Optionally specifies the password for the authentication proxy-user, if required.

This example configures the agent to work with a proxy server (acme.proxy.com) and specifies a Runtime Manager token:

amc_setup -H myToken myMuleServer -P acme.proxy.com 443

This example configures the agent to work with a proxy server that requires authentication:

amc_setup -H myToken myMuleServer -P acme.proxy.com 443 internalAdmin Ins1d3V0icePassword

Set Up Proxy Server Configuration in the wrapper.conf File

To specify proxy server configuration in the $MULE_HOME/conf/wrapper.conf file, add your proxy server information to the following properties:

  • anypoint.platform.proxy_host=hostname

  • anypoint.platform.proxy_port=port

  • anypoint.platform.proxy_username=username

  • anypoint.platform.proxy_password=password

Verify That the Proxy Server Does Not Modify the Runtime Manager Certificate

To ensure that your firewall or proxy does not intercept or modify the Runtime Manager certificate, run one of the following commands, depending on the version of your Runtime Manager agent.

The commands run a probe to determine whether the firewall or proxy is tampering with the certificate.

  • Agent versions 1.12.0 and later, and 2.2.0 and later:

    echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect runtime-manager.anypoint.mulesoft.com:443 -ign_eof

    The output of this command should include the following information:

    -----END CERTIFICATE-----
    subject=/C=US/ST=ca/L=San Francisco/O=MuleSoft, LLC/OU=Mulesoft/CN=runtime-manager.anypoint.mulesoft.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
  • Agent versions earlier than 1.12.0 and 2.2.0:

    echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect mule-manager.anypoint.mulesoft.com:443 -ign_eof

    The output of this command should include the following information:

    -----END CERTIFICATE-----
    subject=/C=US/O=Hybrid/OU=MuleSoft/CN=mule-manager.anypoint.mulesoft.com
    issuer=/emailAddress=devops@mulesoft.com/C=US/ST=CA/L=San Francisco/O=MuleSoft/OU=MuleSoft/CN=MuleSoft

If the expected information does not appear in the output, contact your networking team with the openssl command’s output.

Known Issues

Issue Description

SE-8011

Agent setup returns 407 Proxy Authentication Required when passing proxy information during setup.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub