Using the RHEL/Rocky Connector with a Web Proxy
If web access is being blocked to the machines in your environment the Connector will not work. In order to give the Connector machine access to the required resources from the internet, a web proxy server is required. The web proxy server must support the HTTP Connect method and it must be enabled. Both HTTP and HTTPS traffic will be proxied through the same proxy server.
Using the Connector on Rocky Linux/RHEL with a Web Proxy¶
The following steps outline how to use the Connector on Rocky Linux/RHEL with a web proxy:
- Set up a web proxy with access to the Internet, for example Squid.
- Ensure that HTTP Connect is enabled on the web proxy. For Squid for example, the config file may look like this:
# Allowed Source IPs (ie, machines with 10.xxx.xxx.xxx IPs) acl localnet src 10.0.0.0/8 # RFC1918 possible internal network # Allowed ports to proxy traffic (Default) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http # Enable HTTP Connect acl CONNECT method CONNECT # Default Squid http_access settings # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 # Leave coredumps in the first cache dir (Default) coredump_dir /var/spool/squid # Default Refresh patterns refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320
- To test that the proxy is working correctly, using SSH, open a terminal on the Connector host machine and run the following set of commands:
- To run the installer with the proxy settings, you can apply them in the environment:
or through the command line option:
# Installer will read proxy setting from environment if http_proxy, https_proxy, HTTP_PROXY, or HTTPS_PROXY are set $ export https_proxy=http://<ip-of-proxy-server>:<proxy-port (default 3128)> $ ./cas-connector configure ...
$ ./cas-connector configure --https-proxy http://<ip-of-proxy-server>:<proxy-port (default 3128)> ...
- The installer should run as normal and configure the containers with the web proxy settings provided.
Proxy Passwords are not Supported
Proxy passwords are not supported with the Connector at this time.