Contact Free trial Login

Connect the Agent Through a Proxy Server

logo cloud disabled logo hybrid active logo server active logo rtf disabled

If your Mule runtime engine runs inside a firewall that restricts external communication through a proxy server, you can configure the Runtime Manager agent to route traffic through the proxy server to Runtime Manager and, optionally, encrypt the authentication password.

The Runtime Manager agent supports only the basic access authentication method.

Configure the Agent to Connect Through a Proxy Server

Running the amc_setup command creates the $MULE_HOME/conf/mule-agent.yml file.

If you have previously installed the Runtime Manager agent and want to change the configuration to use a proxy, you can add the proxy configuration to the mule-agent.yml file.

To configure the proxy server connection, run this command:

$MULE_HOME/bin/amc_setup -H token server-name -P proxy-host proxy-port proxy-user proxy-password

If the proxy server doesn’t require authentication, omit proxy-user and proxy-password.

proxy-host

Specifies the hostname of the desired proxy server: for example, proxy.acme.com. Do not include http:// or https:// in the hostname.

proxy-port

Specifies the port of the desired proxy server.

proxy-user

Optionally specifies the user with which to authenticate against the proxy, if required.

proxy-password

Optionally specifies the password for the authentication proxy-user, if required.

Example amc_setup Command Lines

This example configures the agent to work with a proxy server (acme.proxy.com) and specifies a Runtime Manager token:

amc_setup -H myToken myMuleServer -P acme.proxy.com 443

This example configures the agent to work with a proxy server that requires authentication:

amc_setup -H myToken myMuleServer -P acme.proxy.com 443 internalAdmin Ins1d3V0icePassword

Verify That the Proxy Server Does Not Modify the Runtime Manager Certificate

To ensure that your firewall or proxy does not intercept or modify the Runtime Manager certificate, run one of the following commands, depending on the version of your Runtime Manager agent.

The commands run a probe to determine whether the firewall or proxy is tampering with the certificate.

  • Agent versions 1.12.0 and later, and 2.2.0 and later:

    echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect runtime-manager.anypoint.mulesoft.com:443 -ign_eof

    The output of this command should include the following information:

    -----END CERTIFICATE-----
    subject=/C=US/ST=ca/L=San Francisco/O=MuleSoft, LLC/OU=Mulesoft/CN=runtime-manager.anypoint.mulesoft.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
  • Agent versions earlier than 1.12.0 and 2.2.0:

    echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect mule-manager.anypoint.mulesoft.com:443 -ign_eof

    The output of this command should include the following information:

    -----END CERTIFICATE-----
    subject=/C=US/O=Hybrid/OU=MuleSoft/CN=mule-manager.anypoint.mulesoft.com
    issuer=/emailAddress=devops@mulesoft.com/C=US/ST=CA/L=San Francisco/O=MuleSoft/OU=MuleSoft/CN=MuleSoft

If the expected information does not appear in the output, contact your networking team with the openssl command’s output.

Include an Encrypted Password in the mule-agent.yml File

You can encrypt the proxy server authentication password to use in the mule-agent.yml file.

To include an encrypted password in your mule-agent.yml file:

  1. Generate the encrypted password:

    $MULE_HOME/bin/amc_setup --encrypt

    The encryption utility prompts you for the master password and phrase. The master password is used to decrypt the phrase.

  2. Enter the master password and phrase.

    The encryption utility outputs the encrypted phrase:

    "!PBEWITHSHA1ANDDESEDE,CmDci1pRMI+1gH89akTNFb/EjZ26pfIX"

  3. Edit the $MULE_HOME/conf/mule-agent.yml file.

    Replace the value of password in the proxyConfiguration element with the encrypted phrase from Step 2:

    globalConfiguration:
      ...
      authenticationProxy:
        endpoint: +https://arm-auth-proxy.prod.cloudhub.io+
      proxyConfiguration:
        password: "![PBEWITHSHA1ANDDESEDE,CmDci1pRMI+1gH89akTNFb/EjZ26pfIX]"

    The encrypted phrase starts with ! and is enclosed in square brackets [ ].

  4. Start Mule and pass the master password that you used in Step 2:

    $MULE_HOME/bin/mule service start -M-Dmule.agent.configuration.password=master-password

Proxy Server Configuration in the wrapper.conf File

You can configure your proxy server in either the $MULE_HOME/conf/mule-agent.yml file or in the $MULE_HOME/conf/wrapper.conf file. If you configure it in both, the agent uses the configuration in mule-agent.yml.

To specify proxy server configuration in wrapper.conf, add your proxy server information to the following properties:

  • anypoint.platform.proxy_host=hostname

  • anypoint.platform.proxy_port=port

  • anypoint.platform.proxy_username=username

  • anypoint.platform.proxy_password=password

Known Issues

Issue Description

SE-8011

Agent setup returns 407 Proxy Authentication Required when passing proxy information during setup.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub