Set up a forward or reverse proxy

This page explains how to set up a proxy server that is able to tunnel AppMon traffic using Apache 2.0.

Overview

AppMon can tunnel through any HTTP forward and reverse proxy. See http://en.wikipedia.org/wiki/Reverse_proxy for more information on the differences between forward and reverse proxies.

Proxy tunneling is available for connections between the AppMon Server and AppMon Client and for connections between the Server and AppMon Collector. Tunneling traffic between an AppMon Agent and a Server or Collector is not possible. In case Agent traffic has to be tunneled, passing the Agent traffic through a local Collector is recommended, which is then able to tunnel the traffic through the proxy server.

AppMon uses the HTTP CONNECT method to create a TCP/IP tunnel through a HTTP proxy, which means it is necessary that the proxy server understands this HTTP 1.1 extension. It is also possible to relay an HTTP CONNECT tunnel through a chain of proxy servers. Any proxy server that understands the HTTP CONNECT method can relay its traffic to the next link in the chain until the final destination is reached.

Authentication

AppMon enables authentication with a HTTP forward proxy using Basic HTTP Authentication. You can enter your username and password in the AppMon Client GUI or the Collector config file and AppMon initiates an authentication request against the configured proxy. Authentication with a reverse proxy is currently not available.

General proxy setup

Apache 2.0 must work as an HTTP CONNECT enabled proxy server to enable following Apache modules:

A typical Apache installation contains those modules already - they just need to be enabled. Apache 2.0 modules may be enabled using the LoadModule directive within the httpd.conf configuration file.

Add the following lines to your httpd.conf file:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

Forward proxy setup

Usually a forward proxy works as a gateway for outbound traffic. The caller passes information about where it wants to connect to the proxy server and the forward proxy sets up a tunneled connection between the caller and the target machine. In AppMon, the AppMon Client or Collector passes an HTTP header to the proxy server that contains information about the target AppMon Server. Modify or add the following configuration lines to your httpd.conf to allow AppMon to tunnel through the Apache 2.0 proxy.

# forward proxy config for dynaTrace 3.x
Listen 9005
NameVirtualHost \*:9005
<VirtualHost \*:9005>
 ProxyRequests On
 AllowCONNECT 2020
</VirtualHost>

The previous configuration setting tells Apache 2.0 to:

  • Listen to port 9005
  • Create a virtual host for port 9005
  • Allow proxy requests to the virtual host
  • Allow HTTP CONNECT requests to port 2020 on the target machine.

Reverse proxy setup

A reverse proxy redirects proxy requests to the configured machine and port and is mainly used to ensure network security and enable some load balancing. Modify or add the following configuration lines to your httpd.conf to make sure AppMon can tunnel through your reverse proxy installation.

# reverse proxy config for dynaTrace 3.x
Listen 9006
NameVirtualHost \*:9006
<VirtualHost \*:9006>
 ServerName bruckner
 ProxyPass / bruckner:2020
 ProxyPassReverse / bruckner:2020
 AllowCONNECT 2020
</VirtualHost>

The previous configuration setting tells Apache 2.0 to:

  • Listen to port 9006.
  • Create a virtual host for port 9006.
  • Forward all proxy requests to bruckner:2020.
  • Allow HTTP CONNECT requests to port 2020.