How to configure Proxy Settings for vCenter Server
Article ID: 370265
Updated On:
Products
Issue/Introduction
This is how to configure proxy settings for vCenter Server to allow communication through a proxy server.
Environment
vCenter Server 7.0.x
vCenter Server 8.0.x
Cause
# Example: HTTP_PROXY="http://example.com:3128/"
HTTP_PROXY="http:/proxy.example.com:8080"
# Example: HTTPS_PROXY="https://example.com:3128/"
HTTPS_PROXY="http://proxy.example.com:8080"Resolution
There are 2 option to configure a proxy for the vCenter Server Appliance. Either use the VAMI user interface, available on https://<vcenter_fqdn>:5480, or manually edit the proxy configuration file /etc/sysconfig/proxy.
Note: Not all possible configuration settings are exposed via VAMI UI. While the graphical interface allows setting a dedicated URLs for HTTP, HTTPS and FTP traffic, there is no way to set any exclusions for traffic to dedicated system to be routed directly, as there is no access to the required NO_PROXY option.
In addition, When configuring proxy settings, it’s essential to set both HTTP_PROXY and HTTPS_PROXY variables to the same proxy URL. These environment variables ensure that both HTTP and HTTPS traffic are correctly forwarded through the proxy server..
Proxy configuration is case sensitive. Ensure the hostname URL for the proxy server is entered correctly or use server IP address instead.
Option 1 - setting proxy URLs using the VAMI GUI:
1. Open to the VAMI URL https://<vcenter_fqdn>:5480 in a web browser and log in using either the root account, or the default administrator (administrator@<sso-domain>)
2. Open the Networking page and click on the [EDIT] button for the proxy settings:
3. Select the type of traffic to configure the proxy for:
4. Provide the proxy URL and port, as well as the the user credentials, if the proxy requires authentication, then click on [SAVE]:
5. Reboot the VCSA VM or restart service with the command:
# service-control --stop --all && service-control --start --all
Option 2 - setting the proxy by manually editing the proxy configuration file /etc/sysconfig/proxy
1. Open an SSH connection to the vCenter Server Appliance and log in as root
2. Navigate to the directory /etc/sysconfig/proxy:
# cd /etc/sysconfig
3. Open the proxy configuration file "proxy" using the VI editor:
# vi proxy
4. To enable the proxy usage, find the line starting with PROXY_ENABLED and set it to:
PROXY_ENABLED="yes"
5. To set the proxy for HTTP and HTTPS traffic, find the lines starting with HTTP_PROXY and HTTPS_PROXY and edit them. Again, if the proxy is using the same port for both HTTP and HTTPS, ensure to use the same http:// URL for both:
# Example: HTTP_PROXY="http://example.com:3128/"HTTP_PROXY="http:/proxy.example.com:8080"
# Example: HTTPS_PROXY="https://example.com:3128/"HTTPS_PROXY="http://proxy.example.com:8080"
6. To exclude traffic to specific systems from being routed via the proxy, edit the NO_PROXY option to include both the FQDN an IP address of the system. Be aware though, that NO_PROXY requires specific syntax. To separate entries in this option, use a comma (') followed by a space ( ):
# Example: NO_PROXY="www.example.com, example.com, localhost"NO_PROXY="localhost, 127.0.0.1, vc.example.com, 192.168.1.55"
Alternatively, a wildcard (in form of a regex, such as .*.vmware.com) or CIDR notation (e.g. 192.168.0.0/24), for example to exclude the traffic for the complete local AD domain or subnet, can be used. Please note that this requires vCenter 7.0 U1c or later. Any wildcard/regex entries must start with a full stop ("."). The entries needs to be like this:
# Example: NO_PROXY="www.example.com, example.com, localhost"NO_PROXY="localhost, 127.0.0.1, .*.example.com, 192.168.0.0/24, 192.168.1.55"
7. Reboot the VCSA VM or restart service with the command:
# service-control --stop --all && service-control --start --all
Feedback
