Proxy Configuration
In this document, we will explore the configuration of a proxy server to enable internet connectivity from your Appcircle containers for accessing external resources.
We will cover Docker and Podman, providing step-by-step instructions to set up and utilize the proxy server effectively.
Using proxies on Appcircle containers ensures smooth connectivity to external resources.
We're assuming that previously you reviewed or followed install self-hosted appcircle section in docs and applied example scenario.
Following steps are using example project as project naming, which was told there.
1. Stop Appcircle Server
At first, you must shut down your server and configure it when it is stopped for the overall stability of the host machine.
- Go to the
appcircle-server
folder.
cd appcircle-server
- Stop the server.
./ac-self-hosted.sh -n "spacetech" down
2. Configure Proxy for the Server
For a typical proxy configuration, you need to know the arguments for these parameters:
- Username if the proxy has authentication. For example,
user
- Password if the proxy has authentication. For example,
password
- Hostname or IP of the proxy server. For example,
proxy.spacetech.com
- Port of the proxy server. For example,
8080
If your proxy server has no authentication, you should ignore the user
and password
values in the below sample codes and configurations.
You can also use the IP of the proxy server if it does not have a dedicated domain name.
Next, you should enable proxy settings on the host server.
To do that you can follow the steps below:
- For non-shell processes, edit the
/etc/environment
.
sudo vi /etc/environment
- Add the content below to the
/etc/environment
file.
HTTP_PROXY=http://user:password@proxy.spacetech.com:8080/
HTTPS_PROXY=http://user:password@proxy.spacetech.com:8080/
NO_PROXY=localhost,127.0.0.1
http_proxy=http://user:password@proxy.spacetech.com:8080/
https_proxy=http://user:password@proxy.spacetech.com:8080/
no_proxy=localhost,127.0.0.1
no_proxy
Configuration
no_proxy
and NO_PROXY
should be used for your corporate intranet services that should be kept away from the proxy.
You can add all the required domains or IPs separated by a comma. Below are some example cases that are common for a typical enterprise installation.
- Git provider (GitLab, Bitbucket, etc.) For example,
gitlab.spacetech.com
- Proxy Repository (Nexus, Harbor, etc.) For example,
registry.spacetech.com
- For shell processes, edit the
/etc/profile.d/proxy.sh
.
sudo vi /etc/profile.d/proxy.sh
- Add the content below to the
/etc/profile.d/proxy.sh
file.
export HTTP_PROXY=http://user:password@proxy.spacetech.com:8080/
export HTTPS_PROXY=http://user:password@proxy.spacetech.com:8080/
export NO_PROXY=localhost,127.0.0.1
export http_proxy=http://user:password@proxy.spacetech.com:8080/
export https_proxy=http://user:password@proxy.spacetech.com:8080/
export no_proxy=localhost,127.0.0.1
For system integrity, the proxy settings in here should be the same as the above settings in /etc/environment
.
Also see the no_proxy
tip explained there.
- Close the terminal and open a new session.
To make the changes take effect, please open a brand new terminal session.
Otherwise, you won't succeed in the following steps.
Don't forget to change user
, password
, proxy host
, proxy port
, and no_proxy
settings for your needs while copying from above.
Currently we do not support proxies that requires to install it's own certificate.
Edit no_proxy
for Internal Container Network
In order not to break the connection of the containers with each other, we must add the service names to the no_proxy
and NO_PROXY
environment variables.
You can follow the steps below to edit these variables correctly.
- Go to the
appcircle-server
folder.
cd appcircle-server
Inside the helper-tools
directory, there is a bash script file called no-proxy.sh
.
The no-proxy.sh
helper tool exists in self-hosted server versions 3.7.1
or later.
If you have an older version installed, please upgrade your self-hosted server to a newer version. If upgrading is not possible, you should contact us for support.
- Execute the script with sudo privileges and give your project as argument.
sudo ./helper-tools/no-proxy.sh ${YOUR_PROJECT}
For example if your project name is "spacetech", you should run the command like below.
sudo ./helper-tools/no-proxy.sh spacetech
You must run the script from the parent directory of the no-proxy.sh
script.
Be aware that if you run the script like ./no-proxy spacetech
, it will fail.
- Restart your terminal session.
Don't forget to start a new terminal session after you run command above for the changes to take effect.
3. Enable Settings on the Container Engine
- Docker
- Podman
You can follow the steps below to enable proxy settings on the Docker:
- Print the value of the
no_proxy
variable to the terminal and copy it.
echo $no_proxy
- Edit the Docker configuration file. It creates if it does not exist.
vi ~/.docker/config.json
- Add the proxy settings to the configuration file like below. Paste the copied
no_proxy
variable to thenoProxy
section on the configuration file.
{
"proxies": {
"default": {
"httpProxy": "http://user:password@proxy.spacetech.com:8080",
"httpsProxy": "http://user:password@proxy.spacetech.com:8080",
"noProxy": "localhost,127.0.0.1"
}
}
}
The Docker file config.json
might exist on the system. If that's the case, then you should only add the proxies
section of the JSON above to the configuration file.
For system integrity, the proxy settings in here should be the same as the above settings in /etc/environment
.
Also see the no_proxy
tip explained there.
The configuration becomes active after saving the file, you don’t need to restart Docker. However, the configuration only applies to new containers, and doesn’t affect existing containers.
So, if you stop the server as the first step in this document, then you can go on with the next step. If not, it's time to stopping the server before going on.
4. Start Appcircle Server
After configuring the proxy settings on the host, you can start your Appcircle server.
- Go to the
appcircle-server
folder.
cd appcircle-server
- Start the server.
./ac-self-hosted.sh -n "spacetech" up
Your containers will be able to connect to external resources through the proxy now.
Maintenance of no_proxy
Variables
The Appcircle server is getting updates regularly, and there might be a new container service in the compose.yaml
file.
To maintain the stability of the system, you should go back to the Edit no_proxy
for Internal Container Network step and re-apply the operations done there on every upgrade.