generated from nginx/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 120
docs: Connect NGINX Agent to NGINX One using an explicit forward proxy #1025
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 20 commits
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
8337806
feat: new doc for agent squid
JTorreG 76d5407
chore: add placeholders
JTorreG 1fa6d25
docs: update steps
JTorreG d671487
docs:Merge remote-tracking branch 'origin/main' into agent/nms-46504
JTorreG 4073895
fix: fix step
JTorreG 9e26fbc
fix: code blocks
JTorreG dbbe8b1
docs: add docker steps
JTorreG 4693c97
fix: docker steps
JTorreG 11e16b4
docs: add squid config content
JTorreG 4e3b390
Merge branch 'main' into agent/nms-46504
JTorreG d8e6f1e
docs: remove MacOS steps
JTorreG ad4d73b
docs: change squid restart to reload
JTorreG 70d671e
docs: clean up squid instructions
nginx-seanmoloney 45f0c24
docs: updates
JTorreG f7c4a1e
docs: report > connect
JTorreG 7c1f88f
Merge branch 'main' into agent/nms-46504
JTorreG 9bdfd0f
docs: move stuff around
JTorreG da84010
Update content/nginx-one/connect-instances/connect-using-squid.md
JTorreG cf6601c
Merge branch 'main' into agent/nms-46504
ADubhlaoich 458ca7f
docs: remove squid install step
JTorreG 39eda0b
fix: Apply suggestions from code review
JTorreG 1ddcd0b
Update content/nginx-one/connect-instances/connect-using-squid.md
JTorreG ca6d0ad
chore: remove mentions of specific proxy (#1034)
JTorreG File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 0 additions & 5 deletions
5
content/nginx-one/agent/configure-instance-reporting/_index.md
This file was deleted.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| title: "Configure instances" | ||
| weight: 400 | ||
| url: /nginx-one/agent/configure-instances/ | ||
| --- |
File renamed without changes.
File renamed without changes.
File renamed without changes.
173 changes: 173 additions & 0 deletions
173
content/nginx-one/connect-instances/connect-using-squid.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,173 @@ | ||
| --- | ||
| title: Prepare - Set up Squid as a proxy | ||
| toc: true | ||
| weight: 250 | ||
| nd-docs: DOCS-000 | ||
| --- | ||
|
|
||
| NGINX Agent can be configured to connect to NGINX One using a [Squid proxy](https://www.squid-cache.org/). This is useful in environments where direct internet access is restricted or monitored. | ||
|
|
||
| ## Before you start | ||
|
|
||
| Ensure you have the following: | ||
|
|
||
| - [Squid proxy server set up and running](https://wiki.squid-cache.org/SquidFaq/InstallingSquid) | ||
| - [NGINX Agent is installed]({{< ref "nginx-one/agent/install-upgrade/" >}}) | ||
| - Access to the NGINX One console | ||
|
|
||
JTorreG marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| ## Configure Squid | ||
|
|
||
| Follow the steps below to configure Squid with basic authentication. | ||
|
|
||
| 1. Open the Squid configuration file with your favorite text editor (you might need superuser privileges): | ||
JTorreG marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ```sh | ||
| vi /etc/conf/squid.conf | ||
JTorreG marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| ``` | ||
|
|
||
| 1. Add the following lines to configure the proxy settings: | ||
|
|
||
| ```conf | ||
| # Standard HTTP port for the proxy. | ||
| http_port myproxy.example.com:3128 | ||
|
|
||
| # Define an ACL for allowing access from the agent's IP address | ||
| acl agent_ip src <AGENT_IP_ADDRESS> | ||
|
|
||
| # Allow the agent to connect to NGINX One Console | ||
| acl mgmt_server dstdomain agent.connect.nginx.com | ||
|
|
||
| # Allow HTTPS traffic (port 443 is default for HTTPS) | ||
| acl ssl_ports port 443 | ||
|
|
||
| # HTTP access rules (allow the agent to access the destination server through the proxy) | ||
| http_access allow agent_ip mgmt_server ssl_ports | ||
|
|
||
| # Deny all other traffic by default (best practice) | ||
| http_access deny all | ||
| ``` | ||
|
|
||
|
|
||
| 1. Save the changes and exit the text editor. | ||
| 1. Restart the Squid service to apply the changes: | ||
|
|
||
| ```sh | ||
| sudo systemctl reload squid | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## NGINX Agent Proxy configuration | ||
|
|
||
| 1. Open a secure connection to your instance using SSH and log in. | ||
| 1. Open the NGINX Agent configuration file (/etc/nginx-agent/nginx-agent.conf) with a text editor. To edit this file you need superuser privileges. | ||
| 1. Add or modify the `proxy` section to include the Squid proxy URL and timeout settings: | ||
|
|
||
| ```conf | ||
| server: | ||
| host: agent.connect.nginx.com | ||
| port: 443 | ||
| proxy: | ||
| url: "http://proxy.example.com:3128" | ||
| ``` | ||
|
|
||
| 1. Reload NGINX Agent to apply the changes: | ||
JTorreG marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ```sh | ||
| sudo systemctl restart nginx-agent | ||
| ``` | ||
|
|
||
| ### In a containerized environment | ||
|
|
||
| To configure NGINX Agent in a containerized environment: | ||
|
|
||
| 1. Run the NGINX Agent container with the environment variables set as follows: | ||
|
|
||
| ```sh | ||
| sudo docker run \ | ||
| --add-host "myproxy.example.com:host-gateway" \ | ||
| --env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \ | ||
| --env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \ | ||
| --env=NGINX_AGENT_COMMAND_AUTH_TOKEN="<your-data-plane-key-here>" \ | ||
| --env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \ | ||
| --env=NGINX_AGENT_COMMAND_SERVER_PROXY_URL=http://myproxy.example.com:3128 \ | ||
| --restart=always \ | ||
| --runtime=runc \ | ||
| -d private-registry.nginx.com/nginx-plus/agentv3:latest | ||
| ``` | ||
|
|
||
|
|
||
| ## NGINX Agent proxy authentication | ||
|
|
||
| If your Squid proxy requires authentication, you can specify the username and password in the `proxy` section of the `agent.conf` file: | ||
|
|
||
| 1. Open a secure connection to your instance using SSH and log in. | ||
JTorreG marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| 1. Add or modify the `proxy` section of the NGINX Agent configuration file (/etc/nginx-agent/nginx-agent.conf) to include the authentication details: | ||
|
|
||
| ```conf | ||
| proxy: | ||
| url: "http://proxy.example.com:3128" | ||
| auth_method: "basic" | ||
| username: "user" | ||
| password: "pass" | ||
| ``` | ||
|
|
||
| 1. Reload NGINX Agent to apply the changes: | ||
JTorreG marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ```sh | ||
| sudo systemctl restart nginx-agent | ||
| ``` | ||
|
|
||
| ### In a containerized environment | ||
|
|
||
| To set proxy authentication in a containerized environment: | ||
|
|
||
| 1. Run the NGINX Agent container with the environment variables set as follows: | ||
|
|
||
|
|
||
| ```sh | ||
| sudo docker run \ | ||
| --add-host "myproxy.example.com:host-gateway" \ | ||
| --env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \ | ||
| --env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \ | ||
| --env=NGINX_AGENT_COMMAND_AUTH_TOKEN="<your-data-plane-key-here>" \ | ||
| --env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \ | ||
| --env NGINX_AGENT_COMMAND_SERVER_PROXY_URL=http://proxy.example.com:3128 | ||
| --env NGINX_AGENT_COMMAND_SERVER_PROXY_AUTH_METHOD=basic | ||
| --env NGINX_AGENT_COMMAND_SERVER_PROXY_USERNAME="user" | ||
| --env NGINX_AGENT_COMMAND_SERVER_PROXY_PASSWORD="pass" | ||
| --restart=always \ | ||
| --runtime=runc \ | ||
| -d private-registry.nginx.com/nginx-plus/agentv3:latest | ||
| ``` | ||
|
|
||
| ## Validate connectivity between NGINX Agent, Squid, and NGINX One Console | ||
|
|
||
| To test the connectivity between NGINX Agent, Squid, and NGINX One Console, you can use the `curl` command with the proxy settings. | ||
|
|
||
| 1. Open a secure connection to your instance using SSH and log in. | ||
| 1. Run the following `curl` command to test the connection: | ||
| ```sh | ||
| curl -x http://proxy.example.com:3128 -U your_user:your_password https://agent.connect.nginx.com/api/v1/agents | ||
| ``` | ||
|
|
||
| - Replace `proxy.example.com:3128` with your Squid proxy address and port. | ||
| - Replace `your_user` and `your_password` with the credentials you set up for Squid in the previous steps. | ||
|
|
||
| To test the configuration from a containerized environment, run the following command from within the container: | ||
|
|
||
| ```sh | ||
| curl -x http://host.docker.internal:3128 -U your_user:your_password https://agent.connect.nginx.com/api/v1/agents | ||
| ``` | ||
|
|
||
| - Replace `your_user` and `your_password` with the credentials you set up for Squid in the previous steps. | ||
|
|
||
| ## Troubleshooting | ||
|
|
||
| 1. Find the configuration and log files: | ||
|
|
||
| - Run `squid -v | grep "configure options"` | ||
| - Configuration directory should look like `--sysconfdir=/etc/squid'` | ||
| - Log directory should look like `--sysconfdir=/var/log'` | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.