MediationZone can be configured to route outgoing HTTP traffic through an HTTP proxy. This is commonly required in networking environments where the execution context has limited access to the internet. Proxy configuration has to be performed on each Execution Context (EC) that is required to route HTTP traffic through a proxy.
Proxy support is available for:
HTTP APL functions
HTTP Batch agent
GCP agents
GCP BigQuery agent
HTTP/2 Client agent
Salesforce Streaming agent
This chapter has the following sections:
Configuring Proxy Support
Standard Java system properties are used to configure MediationZone to route HTTP traffic through an HTTP proxy. These properties must be configured at the Execution Context (EC) level for all execution contexts. Refer to proxy properties here: Execution Context.
At least one of these properties has to be set to use HTTP Proxy:
http.proxyHost
https.proxyHost
It is often necessary to provide a list of destinations that should not be routed through the proxy. This list can be configured using the proxy property http.nonProxyHosts
. Note that this property, despite the name, applies to both http and https traffic.
Currently, only HTTP/1.1 has been verified to route through an HTTP proxy.
Authenticating the Proxy
MediationZone supports basic authentication to HTTP proxy. The username and password are configured using system properties. Refer to the proxy properties here: Execution Context.
Some JDK versions support a system property that is used to disable certain proxy authentication schemes. This is controlled by two system properties:
jdk.http.auth.proxying.disabledSchemes
– for HTTP trafficjdk.http.auth.tunneling.disabledSchemes
– for HTTPS traffic
These properties contain a list of authentication schemes that are disabled. In particular, in some JDK versions default jdk.http.auth.tunneling.disabledSchemes
to “Basic
" which has the effect of disabling basic authentication by default. To use basic authentication, you may need to set one or both of following system properties to ensure that they do not include “Basic
". See the example configuration below.
Example Configuration
Here is an example of how to configure the system properties to use an HTTP Proxy.
Use the following command to edit the system properties.
mzsh topo open ec1
config { classpath {} jvmargs { args=[] maxMetaspace=[ "-XX:MaxMetaspaceSize=196M" ] } properties { mz.webserver.xframeoptions=DENY pico.groups="" ec.backlog.dir="/Users/mzadmin/mz9/mz9HttpProxy/tmp" ec.webserver.port=9090 http.proxyHost=192.168.205.4 http.proxyPort=3128 https.proxyHost=192.168.205.4 https.proxyPort=3128 http.proxyUser=test http.proxyPassword=DR-4-D999C75BC7A3C4AF1B4DAA7F134EEED9 https.proxyUser=test https.proxyPassword=DR-4-D999C75BC7A3C4AF1B4DAA7F134EEED9 http.nonProxyHosts="localhost|*.foo.com" jdk.http.auth.proxying.disabledSchemes="" jdk.http.auth.tunneling.disabledSchemes="" } vendor-jvmargs { hp {} sun {} } }