Skip to content

Using the Anyware Connector with a Web Proxy

If web access is being blocked to the machines in your environment the Connector will not work. In order to give the Connector machine access to the required resources from the internet, a web proxy server is required. The web proxy server must support the HTTP Connect method and it must be enabled. Both HTTP and HTTPS traffic will be proxied through the same proxy server.

Using the Connector with a Web Proxy

The following steps outline how to use the Connector with a web proxy:

  1. Set up a web proxy with access to the Internet, for example Squid.
  2. Ensure that HTTP Connect is enabled on the web proxy. For Squid for example, the config file may look like this:
# Allowed Source IPs (ie, machines with IPs)
acl localnet src # RFC1918 possible internal network

# Allowed ports to proxy traffic (Default)
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
# Enable HTTP Connect

# Default Squid http_access settings
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128
# Leave coredumps in the first cache dir (Default)
coredump_dir /var/spool/squid
# Default Refresh patterns
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .       0   20% 4320
  1. To test that the proxy is working correctly, using SSH, open a terminal on the Connector host machine and run the following set of commands:
# Running curl to cam should time out since the host should not be able to route to the internet
$ curl
curl: (7) Failed to connect to port 80: Connection timed out
$ curl
curl: (7) Failed to connect to port 443: Connection timed out
# Setting the proxy settings in the environment for curl to test that it works for HTTP and HTTPS traffic
$ export http_proxy=http://<ip-of-proxy-server>:<proxy-port (default 3128)>
$ curl
<head><title>308 Permanent Redirect</title></head>
<body bgcolor="white">
<center><h1>308 Permanent Redirect</h1></center>
$ export https_proxy=$http_proxy
$ curl
<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><link rel="manifest" href="/manifest.json"><link rel="shortcut icon" href="/favicon.ico"><title>Anyware Manager</title><link href="/static/css/main.27391ea7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root" class="full-height"></div><script type="text/javascript" src="/static/js/main.45a05db7.js"></script></body></html>
# Clear the settings from the environment
$ unset http_proxy
$ unset https_proxy
  1. To run the installer with the proxy settings, you can apply them in the environment:
# Installer will read proxy setting from environment if http_proxy, https_proxy, HTTP_PROXY, or HTTPS_PROXY are set
$ export https_proxy=http://<ip-of-proxy-server>:<proxy-port (default 3128)>
$ ./cloud-access-connector install ...

or through the command line option:

$ ./cloud-access-connector install --https-proxy http://<ip-of-proxy-server>:<proxy-port (default 3128)> ...
5. The installer should run as normal and configure the containers with the web proxy settings provided.

Proxy Passwords are not Supported

Proxy passwords are not supported with the Connector at this time.