# Deploying Connectware Behind a Corporate Proxy Deploying Connectware in environments where Internet access is controlled via a corporate proxy requires additional configuration. This guide outlines the steps necessary to install and run Connectware in such environments, covering system, Docker, and application-level proxy settings. ## Prerequisites To follow this guide, you will need the following: * A valid [Connectware license](https://docs.cybus.io/2-0-6/documentation/installation-and-upgrades/licensing). * [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/) installed on your system. ## Proxy Behavior Across Applications Proxy configuration across applications can vary: * Some tools recognize `http_proxy`, `https_proxy`, and `no_proxy` (lowercase). * Others may use `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` (uppercase). * Some software may require both or use custom proxy settings. General recommendations: * Set both lowercase and uppercase variants of proxy variables. * Avoid IP addresses unless known to be used directly by the application. * Hostname resolution may fail under proxy settings unless explicitly configured. ## Configuration ### Verifying Host and Proxy Server Reachability To confirm connectivity: {% code lineNumbers="true" %} ```bash uname -a ping -c 1 your-proxy-ip ``` {% endcode %} Expected output should confirm that the proxy server is reachable with minimal latency and no packet loss. ### System-Wide Proxy Configuration To apply proxy settings system-wide: 1. Create a script that will contain your proxy settings. The `/etc/profile.d directory` contains shell scripts that are likely to be executed at launch of your shell. {% code lineNumbers="true" %} ```bash sudo nano /etc/profile.d/proxy.sh ``` {% endcode %} {% code lineNumbers="true" %} ```bash export http_proxy="http://:/" export https_proxy="http://:/" export no_proxy="127.0.0.1,localhost" export HTTP_PROXY="http://:/" export HTTPS_PROXY="http://:/" export NO_PROXY="127.0.0.1,localhost" ``` {% endcode %} 2. Make the script executable: {% code lineNumbers="true" %} ```bash sudo chmod +x /etc/profile.d/proxy.sh ``` {% endcode %} 3. Restart the shell or re-login to apply. You can verify with the following: {% code lineNumbers="true" %} ```bash env | grep -i proxy ``` {% endcode %} ### Preserving Proxy Settings for Sudo To retain proxy variables for commands executed with `sudo`: 1. Edit your configuration for sudo. {% code lineNumbers="true" %} ```bash sudo nano /etc/sudoers.d/env_keep_proxy ``` {% endcode %} 2. Add the following: {% code lineNumbers="true" %} ```bash Defaults env_keep += "http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY" ``` {% endcode %} ### APT Proxy Configuration For Debian-based systems, APT requires its own proxy settings. This is not required for running Connectware. However, without it you are not able to install any software using APT. {% code lineNumbers="true" %} ```bash sudo nano /etc/apt/apt.conf.d/80proxy ``` {% endcode %} {% code lineNumbers="true" %} ```bash Acquire::http::proxy "http://:/"; Acquire::https::proxy "http://:/"; Acquire::ftp::proxy "http://:/"; ``` {% endcode %} This allows software installation via APT behind the proxy. ### Docker Daemon Proxy Setup The Docker daemon requires proxy configuration to pull images from the Internet: 1. Create the drop-in directory: {% code lineNumbers="true" %} ```bash sudo mkdir -p /etc/systemd/system/docker.service.d ``` {% endcode %} 2. Create the config file: {% code lineNumbers="true" %} ```bash sudo nano /etc/systemd/system/docker.service.d/http-proxy.conf ``` {% endcode %} 3. Add the following: {% code lineNumbers="true" %} ```ini [Service] Environment="HTTP_PROXY=http://:/" Environment="HTTPS_PROXY=http://:/" Environment="NO_PROXY=localhost,127.0.0.1" ``` {% endcode %} 4. Apply the changes and restart: {% code lineNumbers="true" %} ```bash sudo systemctl daemon-reload sudo systemctl restart docker ``` {% endcode %} 5. Verify the configuration: {% code lineNumbers="true" %} ```bash sudo systemctl show --property=Environment docker ``` {% endcode %} 6. Test Docker image pull: {% code lineNumbers="true" %} ```bash docker pull hello-world ``` {% endcode %} The result should look like this: {% code lineNumbers="true" %} ```bash Using default tag: latest latest: Pulling from library/hello-world 2db29710123e: Pull complete Digest: sha256:10d7d58d5ebd2a652f4d93fdd86da8f265f5318c6a73cc5b6a9798ff6d2b2e67 Status: Downloaded newer image for hello-world:latest docker.io/library/hello-world:latest ``` {% endcode %} ### Container-Level Internet Access Internet access from within containers can be configured globally or per container. * To define global proxy settings for all containers: {% code lineNumbers="true" %} ```bash mkdir -p ~/.docker nano ~/.docker/config.json ``` {% endcode %} **Example** {% code lineNumbers="true" %} ```json { "proxies": { "default": { "httpProxy": "http://:/", "httpsProxy": "http://:/", "noProxy": "127.0.0.1,localhost,admin-web-app,auth-server,broker,container-manager,connectware,ingress-controller,postgresql,protocol-mapper,service-manager,system-control-server,workbench" } } } ``` {% endcode %} This ensures Connectware containers can communicate with each other without proxy interference. ### Configuring the Connectware Environment File 1. Before launching Connectware, set the proxy in the environment configuration file. By default, the environment file is located in your installation directory. {% code lineNumbers="true" %} ```bash sudo nano /opt/connectware/.env ``` {% endcode %} 2. Add the following: {% code lineNumbers="true" %} ```bash # Proxy Configuration CYBUS_PROXY=http://:/ CYBUS_NO_PROXY= ``` {% endcode %} Make sure the `.env` file is located in the correct installation directory to take effect.