Configuring data collectors to communicate through a forward proxy

If your firewall rules do not allow transparent outbound HTTPS connections to external hosts, you can configure data collectors to send traffic to a forward proxy. Edit the APM_GW_PROXY_CONNECTION environment variable to configure data collectors to communicate through the forward proxy.

About this task

When a forward proxy is used, the data collector first opens a TCP connection with the proxy. The data collector sends a connection request and the target endpoint (Cloud APM, Private server) URL to the forward proxy. Then, the forward proxy establishes a TCP connection with the target endpoint and sets up an HTTP or HTTPS tunneling session between the data collector and the Cloud APM, Private server.

Some data collectors support authenticating proxies, for example Node.js and Liberty data collectors. These data collectors support logging on to a forward proxy by using a configured proxy user ID and password.

1. To configure forward proxy communication for Python data collectors, complete one of the following steps:
   • Open the <dc home>/config.properties data collector properties file in a text editor, where <dc home> is the installation home directory of the data collectors, for example, /usr/lib/python2.7/site-packages/ibm_python_dc. Update the APM_GW_PROXY_CONNECTION variable with the proxy host and port number, for example, APM_GW_PROXY_CONNECTION =http://9.181.138.247:8085. Editing the variable in this file impacts all applications with the Python data collector enabled.
     Note: To configure forward proxy communication for a single application, copy the<dc home>/config.properties file to the directory of the single application. Update the APM_GW_PROXY_CONNECTION variable in the application directory.
   • Run the following command on Linux systems:

     export APM_GW_PROXY_CONNECTION =http://<http proxy host>:<http proxy port>

     for example,

     export APM_GW_PROXY_CONNECTION =http://9.181.138.247:8085

2. To configure forward proxy communication for Node.js data collectors, complete one of the following steps:
   • Run the following command on Linux systems:

     export APM_GW_PROXY_CONNECTION =http://<http proxy host>:<http proxy port>

     for example,

     export APM_GW_PROXY_CONNECTION =http://9.181.138.247:8085

   • If a user name and password is required to access the forward proxy server for Node.js data collectors, run the following command on Linux systems:

     export APM_GW_PROXY_CONNECTION =http://<http proxy user>:
     <http proxy password>@<http proxy host>:<http proxy port>

     for example,

     export APM_GW_PROXY_CONNECTION =http://Joe:passw0rd@9.181.138.247:8085

3. To configure forward proxy communication for Liberty data collectors, edit the <Liberty server home>/jvm.options file, where <Liberty server home> is the Liberty server home directory, for example: /opt/ibm/wlp/usr/servers/defaultServer/jvm.options. Complete one of the following steps:
   • If authentication is not required, add the following code to the jvm.options file:

     -Dhttp.proxyHost=<http proxy host>
     -Dhttp.proxyPort=<http proxy port>
     -Dhttps.proxyHost=<https proxy host>
     -Dhttps.proxyPort=<https proxy port>
     -Djava.net.useSystemProxies=true
     

   • If a user name and password is required to access the forward proxy server, add the following code to the jvm.options file:

     -Dhttp.proxyHost=<http proxy host>
     -Dhttp.proxyPort=<http proxy port>
     -Dhttp.proxyUser=<http proxy user> 
     -Dhttp.proxyPassword=<http proxy password>
     -Dhttps.proxyHost=<https proxy host>
     -Dhttps.proxyPort=<https proxy port>
     -Dhttps.proxyUser=<https proxy user> 
     -Dhttps.proxyPassword=<https proxy password>
     -Djava.net.useSystemProxies=true
     

4. Restart the local application to implement your changes.