Skip to content

Installing behind an internet Proxy (Optional)

If the corporate intranet is protected by an internet proxy, both Management Server and the Middle Tier server need to be configured to tunnel all http and https traffic to the company outbound proxy. In turn the proxy needs to have full read permission on the site ifscloud.jfrog.io where all IFS artifacts are stored and fetched, both during installation by the Management server and in runtime by the Middle Tier server(s). The Middle Tier server makes a lot of internal calls within the Kubernetes cluster and might also do request to servers located inside the intranet. These internal calls should not be routed to the internet proxy. All internal and intranet networks must therefor be added in the no_proxy parameter.

Steps for Installing behind an internet proxy

  1. The Management Server by default will NOT use the Windows Proxy Setting. Run the following command first to make it work: 

    ps> $env:HTTP_PROXY="<proxy server>"
ps> $env:HTTPS_PROXY="<proxy server>"
ps> $env:NO_PROXY="<local ip range>"

to persist the setting use syntax like e.g.:
ps> [Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://proxyhostname:3128", "YourUserName")

  2. The following configurations in the Linux Middle-Tier Server VM are required.

  3. Test if proxy is accessible and working from both Management Server and the Middle Tier server: 

    curl -k -x http://proxyhostname:3128 https://ifscloud.jfrog.io

  4. Edit the /etc/environment file and set the outbound proxy in http_proxy, but just as important we need to specify where the internet proxy should not be used. That is done in the no_proxy parameter. Examples of networks to exclude from proxy:

    • The PodCidrRange and LocalNetworkIpRange defined in main_config.json
    • Localhost ip
    • Demand Server
    • Crystal Server
    • Integration points in the intranet
    • If a local intranet DNS server is used
    • All subnets what could be used by the IFS Cloud Middle Tier

    Set both http and https and all combinations of letter capitalization like the example below:

    sudo vim /etc/environment 

    HTTPS_PROXY=http://proxyhostname:3128
HTTP_PROXY=http://proxyhostname:3128
NO_PROXY=10.16.0.0/16,10.1.0.0/16,10.152.183.0/24,127.0.0.1
https_proxy=http://proxyhostname:3128
http_proxy=http://proxyhostname:3128
no_proxy=10.16.0.0/16,10.1.0.0/16,10.152.183.0/24,127.0.0.1

  5. Now test that the same curl above works without the -x parameter - note open a new bash instance to get the new values from the /etc/environment:

    bash
curl -k https://ifscloud.jfrog.io

  6. Now a normal Remote middle tier infrastructure can be installed as described here.

  7. To verify that the internet proxy works from within an application pod in the just installed middle tier above:

    sudo microk8s kubectl run ubuntu --image=ubuntu --restart=Never --attach --rm -- sh -c "apt update && apt install -y curl && curl -k https://ifscloud.jfrog.io"

    This should after a fairly long apt install log show a successful curl towards "ifscloud.jfrog.io".