Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

MediationZone can be configured to route outgoing HTTP traffic through an HTTP proxy. This is commonly required in networking environments where the execution context has limited access to the internet. Proxy configuration has to be performed on every host (Platform or Execution Context (EC)) that is required to route HTTP traffic through a proxy.

Proxy support is available for:

  • HTTP/2 Client agent

This chapter has the following sections:

Configuring Proxy Support

Standard Java system properties are used to configure MediationZone to route HTTP traffic through an HTTP proxy. These properties must be configured at the Execution Context (EC) level for all execution contexts. Refer to proxy properties here: 2.6.3 Execution Context Properties .

Note!

At least one of these properties has to be set to use HTTP Proxy:

  • http.proxyHost

  • https.proxyHost

It is often necessary to provide a list of destinations that should not be routed through the proxy. This list can be configured using the proxy property http.nonProxyHosts. Note that this property, despite the name, applies to both http and https traffic.

Note!

Currently, only HTTP/1.1 has been verified to route through an HTTP proxy.

Authenticating the Proxy

MediationZone supports basic authentication to HTTP proxy. The username and password are configured using system properties. Refer to the proxy properties here: 2.6.3 Execution Context Properties.

Some JDK versions support a system property that is used to disable certain proxy authentication schemes. This is controlled by two system properties:

  • jdk.http.auth.proxying.disabledSchemes – for HTTP traffic

  • jdk.http.auth.tunneling.disabledSchemes – for HTTPS traffic

These properties contain a list of authentication schemes that are disabled. In particular, in some JDK versions default jdk.http.auth.tunneling.disabledSchemes to “Basic" which has the effect of disabling basic authentication by default. To use basic authentication, you may need to set one or both of following system properties to ensure that they do not include “Basic". See the example configuration below.

Example Configuration

Here is an example of how to configure the system properties to use an HTTP Proxy.

Use the following command to edit the system properties.

mzsh topo open ec1

config {
    classpath {}
    jvmargs {
        args=[]
        maxMetaspace=[
            "-XX:MaxMetaspaceSize=196M"
        ]
    }
    properties {
        mz.webserver.xframeoptions=DENY
        pico.groups=""
        ec.backlog.dir="/Users/mzadmin/mz9/mz9HttpProxy/tmp"
        ec.webserver.port=9090
        http.proxyHost=192.168.205.4
        http.proxyPort=3128
        https.proxyHost=192.168.205.4
        https.proxyPort=3128
        http.proxyUser=test
        http.proxyPassword=DR-4-D999C75BC7A3C4AF1B4DAA7F134EEED9
        https.proxyUser=test
        https.proxyPassword=DR-4-D999C75BC7A3C4AF1B4DAA7F134EEED9
        http.nonProxyHosts="localhost|*.foo.com"
        jdk.http.auth.proxying.disabledSchemes=""
        jdk.http.auth.tunneling.disabledSchemes=""
    }
    vendor-jvmargs {
        hp {}
        sun {}
    }
}
  • No labels