search cancel

Configuring HTTP and HTTPS Proxy for Luminate Connectors

book

Article ID: 174943

calendar_today

Updated On:

Products

Secure Access Cloud

Issue/Introduction

Configuring HTTP and HTTPS Proxy for Luminate Connectors

Resolution

Luminate Connectors are small components deployed in customers' datacenters that reach out to the Luminate cloud via HTTPS on one side, and to internal corporate Web Servers using HTTP or HTTPS on another.

For more detailed explanation on the system architecture, please refer to this article.

This article explains the configuration steps required to define HTTP and HTTPS Proxy settings for the Connectors. The article assumes that the Connectors are provisioned as Docker Containers.

To possible approaches can be taken in order to configure HTTP/HTTPS proxy for Luminate Connectors:

  1. Define proxy settings for all containers running on a certain host
  2. Define specific proxy settings only for specific Luminate Connector containers

 

Defining Proxy Settings for All Containers on a Certain Host

Depending on the orchestrator used to manage the containers, please refer to one of the below guides:

 

Defining Proxy Settings Only for Specific Luminate Connector Containers

This method needs to be performed when deploying the Connectors. It is not possible to change these settings for a Connector that is already running. Please refer to this article for guidance on how to create and deploy a new Connector.

When performing deployment steps, specifically, step 5, please modify the command line to contain the following additional settings:

There are some differences per proxy implementations: 

       Not all proxies require User & Password: 

  • For HTTP Proxy: -e HTTP_PROXY='http://[proxy.server]:[port]' \
  • For HTTPS Proxy: -e HTTPS_PROXY='https://[proxy.server]:[port]' \

     Not all proxies accept environment values in capital letters: 

  • For HTTP Proxy: -e http_proxy='http://[proxy.server]:[port]' \
  • For HTTPS Proxy: -e https_proxy ='https://[proxy.server]:[port]' \

Excluding internal traffic from using the proxy: 

   For internal URL's, you should exclude the use of the proxy, this can be done according to the application suffix. Make sure to use URL's as internal addresses and not explicit IPs. 

    -e no_proxy=Internal.net, Internal.intra \

   -e NO_PROXY=Internal.net, Internal.intra \