Getting Started | 04 Dezember 2023
Running Cybus Connectware behind a Corporate Proxy
In this lesson we will set up a local Cybus Connectware Instance which only has internet connection via a corporate proxy.
You can also install Docker and Docker Compose during this lesson, as you probably need some of the explained settings for the installation to work.
We assume you have at least a basic understanding of Docker and Linux. If you want to refresh your knowledge, we recommend looking at the lesson Docker Basics.
Explaining Linux would be far out of scope for this lesson, but it’s likely an answer to any Linux related question is out there on the internet.
Anyway, if you read carefully the listed commands should work with only minor adjustments.
If you are unlucky and find yourself behind a Corporate Proxy, things might get a little bit more complicated and unpredictable then during a usual installation. This guide is intended to pinpoint a few possible pitfalls and tries to demystify the behavior of different proxy settings.
First of all, it is important to know that there is no de facto standard when dealing with the various environment variables for proxy settings.
Some applications might use the environment variables like http_proxy, https_proxy and no_proxy (all lowercase), whereas others might use them in all caps like HTTP_PROXY and so on. Some applications even consider both and prioritize one over the other and some do have their own way of proxy configuration.
When it comes to the actual environment variable values things are getting even worse.
If you are interested to read more on this topic, there is a good article over at GitLab.
There are a few takeaways:
- Do configure both variables, the all caps and the all lowercase one
- Do not use IP Addresses as long as you are sure they are explicitly used by the application
- Proxying decisions are likely to not resolve any hostnames
With that in mind, I will guide you through configuring your system, Docker and Cybus Connectware. Not all of these steps are mandatory and may differ a bit depending on your operating system and the configuration of your proxy server.
For the purpose of writing this, I am using Debian 11 and a Proxy Server without authentication and restrictions.
The IP address of the Proxy Server in my case is 192.168.56.103 and the port is 8080. Make sure to adjust these settings to your individual ones.
Getting host information
Just to be transparent, this is what I am running on.
$ uname -a
Linux cybus 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux
Checking Proxy Server reachability
As already mentioned, for me the Proxy Server is reachable on 192.168.56.103, so I am going to quickly check if I am able to reach it.
$ ping -c 1 192.168.56.103
On a reachable server the output should look something like this.
PING 192.168.56.103 (192.168.56.103) 56(84) bytes of data.
64 bytes from 192.168.56.103: icmp_seq=1 ttl=64 time=0.204 ms
--- 192.168.56.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.204/0.204/0.204/0.000 ms
Setting system wide proxy
For most applications it is sufficient to set a couple of proxy environment variables.
However this is not a requirement for running Cybus Connectware.
If you are going to use the Cybus Connectware Installation Script from this article, it is recommended to follow the instructions below.
First we are going to create a new file, which will contain our proxy settings.
The /etc/profile.d directory holds shell scripts that are likely to be executed at launch of your shell.
$ sudo nano /etc/profile.d/proxy.sh
This is a basic example configuration. Adjust this to your needs. If these settings are recognized by any application, all traffic except for loopbacks will be forwarded to the proxy server. This even applies to servers within the same network.
Next we are going to make the script executable.
$ sudo chmod +x /etc/profile.d/proxy.sh
If you log out of your shell and back in, all the settings should be applied. You can verify like this:
$ env | grep -i proxy
Persist proxy settings for sudo
Even if you have followed the instructions above your settings will not persist for any sudo-command. You can quickly observe this by running:
$ sudo env
To fix this you can edit your configuration for sudo.
$ sudo nano /etc/sudoers.d/env_keep_proxy
The content of the file should look like this:
Defaults env_keep += "http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY"
Verify your changes:
$ sudo env
Set proxy for APT package manager
The APT package manager application on Debian Systems has its own set of variables for proxy configuration. You can configure the proxy like this.
Doing this is again not required for running Cybus Connectware, but without this you won’t be able to install any software using APT.
$ sudo nano /etc/apt/apt.conf.d/80proxy
Setting the Proxy Server for the Docker Daemon is mandatory if you want to download any Docker Images from the internet. This includes all Cybus Connectware related images from registry.cybus.io as well as images from Docker Hub.
The settings applied to the daemon do not affect the settings of any executed container.
Below are all the required steps. A full documentation can be found at https://docs.docker.com/config/daemon/systemd/
Create a systemd drop-in directory for the docker service:
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo nano /etc/systemd/system/docker.service.d/http-proxy.conf
Flush the changes and restart Docker:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
Confirming the properties:
$ sudo systemctl show --property=Environment docker
Should show something like this:
Environment=HTTP_PROXY=http://192.168.56.103:8080/ HTTPS_PROXY=http://192.168.56.103:8080/ NO_PROXY=localhost,127.0.0.1
Testing image download from Docker Hub
$ docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Status: Downloaded newer image for hello-world:latest
If you need internet access from within any executed container you can globally set the proxy environment variables. Docker will pass these variables to every container. This is not necessary or recommended. You are always free to pass these environment variables manually on container startup as needed.
If you choose to go this way, you can read more at Docker https://docs.docker.com/network/proxy/
For Cybus Connectware to run properly, it is required to list all Cybus Connectware Container Names in the noProxy property. This is because the microservices need to be able to communicate between each other.
$ mkdir -p ~/.docker
$ nano ~/.docker/config.json
If you have successfully followed the steps above, you should be able to install Cybus Connectware just like on any other system https://www.cybus.io/learn/installing-the-connectware/.
Before starting Cybus Connectware there is one additional step to do. We have to announce the Proxy Server to Cybus Connectware by adjusting the corresponding environment file.
By default the environment file is located in your installation directory.
$ sudo nano /opt/connectware/.env
If you are prompted with an empty file, you are not in your Cybus Connectware Installation Directory.
The part for the proxy configuration should look something like this:
# Proxy Configuration