In your environment, proxy servers might exist between an intranet and internet. Because proxy servers can inhibit certain types of internet access, you may need to set proxy settings for each impacted machine in your installation. CloudBees CD/RO servers, web servers, and agents can be deployed behind a proxy server.
It is not a common practice to place repository servers or agent systems behind a proxy server since these systems communicate with CloudBees CD/RO through an intranet connection. |
Configuring proxy settings for servers
Web server
ecconfigure --webProxyUrl https://<IP_ADDRESS:PORT> \ --webNoProxyHosts <HOST1,HOST2,HOST3>
Servers and agents
-
Stop all servers and agents. See Starting and Stopping Servers and Agents Manually.
-
On all agent systems, set the server IP address as documented in Configuring CloudBees CD/RO agents.
-
Configure proxy settings on the CloudBees CD/RO server, all servers that participate in a cluster, and all agents in the components corresponding configuration file.
When you use a proxy agent, the proxy target must run an SSH v2 server. -
Servers:
-
Linux:
/opt/cloudbees/sda/conf/wrapper.conf
-
Windows:
C:\ProgramData\CloudBees\Software Delivery Automation\conf\wrapper.conf
-
-
Agents:
-
Linux:
/opt/cloudbees/sda/conf/agent/wrapper.conf
-
Windows:
C:\ProgramData\CloudBees\Software Delivery Automation\conf\agent\wrapper.conf
-
-
Settings:
# Set java.net.useSystemProxies to true to use the system HTTP/HTTPS proxy settings wrapper.java.additional.700=-Djava.net.useSystemProxies=true # HTTP settings wrapper.java.additional.701=-Dhttp.proxyHost=<proxyHostname> wrapper.java.additional.702=-Dhttp.proxyPort=<port> wrapper.java.additional.703=-Dhttp.nonProxyHosts=<localhost> wrapper.java.additional.704=-Dhttp.proxyUser=<user1> wrapper.java.additional.705=-Dhttp.proxyPassword=<password1> # HTTPS settings wrapper.java.additional.710=-Dhttps.proxyHost=<proxyHost-name> wrapper.java.additional.711=-Dhttps.proxyPort=<port> wrapper.java.additional.714=-Dhttps.proxyUser=<user1> wrapper.java.additional.715=-Dhttps.proxyPassword=<password1>
-
where
<proxyHostname>
The IP address of the proxy server,
<port>
The server port for the proxy server, and
<localhost>
One or more pipe (
|
) separated host names for the servers in the configuration. In addition, the wildcard character*
can be used for pattern matching. For example,-Dhttp.nonProxyHosts="*.foo.com|localhost"
indicates every host in thefoo.com
domain and host,localhost
, must be accessed directly even if a proxy server is specified.<user1
>User name for
proxyHostname
.<password1>
Password for
proxyHostname
.The HTTPS protocol handler uses the same http.nonProxyHosts
property as the HTTP protocol.
-
-
-
Restart all the servers where you have applied a proxy setting. Proxy settings do not take effect until the servers are restarted. See Starting and Stopping Servers and Agents Manually.
-
After setting the configuration, import the HTTPS proxy certificate into the CloudBees CD/RO server Java trust store:
(Linux) cd /opt/cloudbees/sda/jre/lib/security (Windows) cd C:\ProgramData\CloudBees\Software Delivery Automation\jre\lib\security keytool -importcert -file /tmp/CA_crt.pem -keystore cacerts -alias myArtifactory
Alternate agent configuration from CloudBees CD/RO server
Instead of configuring each agent’s wrapper.conf
file, set agent environment variables in a property sheet on the CloudBees CD/RO server. This allows the proxy settings to be managed centrally by the CloudBees CD/RO server, while the environment variable is available locally to the agent. Agent restart is not required to apply new changes. Create the variable at the zone or individual resource level. For example, to set HTTPS proxy settings:
-
For all agents in the same zone:
/zones/zone-a/ec_environment_variables/https_proxy=http://user:password@your-proxy-ip-address:port/
-
For an agent as an individual resource:
/resources/agent-b/ec_environment_variables/https_proxy=http://user:password@your-proxy-ip-address:port/
For further information, see Agent environment variables.
Testing server proxy settings
Use the following task to verify your proxy server settings.
-
From the Plugin Manager web page, verify the configuration:
-
Web server: Verify the catalog can be viewed and no errors are reported when accessing the catalog URL.
-
CloudBees CD/RO server: Verify you can install a plugin from the catalog.
-