Configure an environment proxy server

2 minute readReference

In your environment, proxy servers might exist between an intranet and internet. Because proxy servers can inhibit certain types of internet access, you may need to set proxy settings for each impacted machine in your installation. CloudBees CD/RO servers, web servers, and agents can be deployed behind a proxy server.

It is not a common practice to place repository servers or agent systems behind a proxy server since these systems communicate with CloudBees CD/RO through an intranet connection.

Configuring proxy settings for servers

CloudBees CD/RO Agent supports basic authentication only for an external proxy server.

Web server

ecconfigure --webProxyUrl https://<IP_ADDRESS:PORT> \ --webNoProxyHosts <HOST1,HOST2,HOST3>

Servers and agents

  1. Stop all servers and agents. See Starting and Stopping Servers and Agents Manually.

  2. On all agent systems, set the server IP address as documented in Configuring CloudBees CD/RO agents.

  3. Configure proxy settings on the CloudBees CD/RO server, all servers that participate in a cluster, and all agents in the components corresponding configuration file.

    When you use a proxy agent, the proxy target must run an SSH v2 server.
    • Servers:

      • Linux: /opt/cloudbees/sda/conf/wrapper.conf

      • Windows: C:\ProgramData\CloudBees\Software Delivery Automation\conf\wrapper.conf

    • Agents:

      • Linux: /opt/cloudbees/sda/conf/agent/wrapper.conf

      • Windows: C:\ProgramData\CloudBees\Software Delivery Automation\conf\agent\wrapper.conf

    • Settings:

      # Set java.net.useSystemProxies to true to use the system HTTP/HTTPS proxy settings wrapper.java.additional.700=-Djava.net.useSystemProxies=true # HTTP settings wrapper.java.additional.701=-Dhttp.proxyHost=<proxyHostname> wrapper.java.additional.702=-Dhttp.proxyPort=<port> wrapper.java.additional.703=-Dhttp.nonProxyHosts=<localhost> wrapper.java.additional.704=-Dhttp.proxyUser=<user1> wrapper.java.additional.705=-Dhttp.proxyPassword=<password1> # HTTPS settings wrapper.java.additional.710=-Dhttps.proxyHost=<proxyHost-name> wrapper.java.additional.711=-Dhttps.proxyPort=<port> wrapper.java.additional.714=-Dhttps.proxyUser=<user1> wrapper.java.additional.715=-Dhttps.proxyPassword=<password1>
      • where

        <proxyHostname>

        The IP address of the proxy server,

        <port>

        The server port for the proxy server, and

        <localhost>

        One or more pipe (|) separated host names for the servers in the configuration. In addition, the wildcard character * can be used for pattern matching. For example, -Dhttp.nonProxyHosts="\*\.foo.com|localhost" indicates every host in the foo.com domain and host, localhost, must be accessed directly even if a proxy server is specified.

        <user1>

        User name for proxyHostname.

        <password1>

        Password for proxyHostname.

        The HTTPS protocol handler uses the same http.nonProxyHosts property as the HTTP protocol.
  4. Restart all the servers where you have applied a proxy setting. Proxy settings do not take effect until the servers are restarted. See Starting and Stopping Servers and Agents Manually.

  5. After setting the configuration, import the HTTPS proxy certificate into the CloudBees CD/RO server Java trust store:

    (Linux) cd /opt/cloudbees/sda/jre/lib/security (Windows) cd C:\ProgramData\CloudBees\Software Delivery Automation\jre\lib\security keytool -importcert -file /tmp/CA_crt.pem -keystore cacerts -alias myArtifactory

Alternate agent configuration from CloudBees CD/RO server

Instead of configuring each agent’s wrapper.conf file, set agent environment variables in a property sheet on the CloudBees CD/RO server. This allows the proxy settings to be managed centrally by the CloudBees CD/RO server, while the environment variable is available locally to the agent. Agent restart is not required to apply new changes. Create the variable at the zone or individual resource level. For example, to set HTTPS proxy settings:

  • For all agents in the same zone: /zones/zone-a/ec_environment_variables/https_proxy=http://user:password@your-proxy-ip-address:port/

  • For an agent as an individual resource: /resources/agent-b/ec_environment_variables/https_proxy=http://user:password@your-proxy-ip-address:port/

    For further information, see Agent environment variables.

Testing server proxy settings

Use the following task to verify your proxy server settings.

  • From the Plugin Manager web page, verify the configuration:

    • Web server: Verify the catalog can be viewed and no errors are reported when accessing the catalog URL.

    • CloudBees CD/RO server: Verify you can install a plugin from the catalog.