Proxy for ActiveGate
Location of proxy and communication settings
To set up a proxy for an ActiveGate, update or add parameters in the following files in the ActiveGate configuration directory:
custom.properties
launcheruserconfig.conf ActiveGate versions 1.205 and earlier
For custom.properties, settings are specified in the following sections:
[http.client.internal]
ActiveGate version 1.207+ Settings specific to communication with the Dynatrace Cluster only.
In particular, this section can contain configuration properties related to proxy settings and connection timeouts.
If this section does not exist, communication with the Dynatrace Cluster is defined by the settings in the [http.client] section. However, if the [http.client.internal] section does exist, but a particular communication setting is not listed there, then, for the purpose of communicating with the Dynatrace Cluster, the value of that setting is assumed to be its factory default (i.e., it is not inherited from [http.client]).
[http.client]
Communication settings used for AWS/VMware/Azure monitoring and for communicating with the Dynatrace Cluster (unless overridden in [http.client.internal]).
In particular, this section contains configuration properties related to proxy settings and connection timeouts.
[http.client.external]
ActiveGate version 1.207+ Communication settings for specific modules: Cloud Foundry, Kubernetes, and also for Synthetic Monitoring.
In particular, this section can contain configuration properties related to proxy settings and connection timeouts.
If this section contains proxy-off = true, then there is no proxy for the modules. If it contains the proxy-host property, then this is the proxy to be used for the modules.
Note: Communication settings specified in [http.client] are not always used as defaults for the modules: If a particular communication setting is not specified in [http.client.external], then that setting—for Cloud Foundry, Kubernetes or Synthetic Monitoring—will revert to its factory default value, rather than to the value specified in [http.client].
Similarly, if the entire [http.client.external] section does not exist, then all of the communication settings for Kubernetes and Cloud Foundry will revert to their factory default values; however, settings for Synthetic Monitoring will assume values as specified in the [http.client] section.
[cloudfoundry_monitoring]
ActiveGate version 1.207+
This section can contain proxy settings for communication with Cloud Foundry. If this section contains proxy-off = true, then there is no proxy for communication with Cloud Foundry. If it contains the proxy-host property, then this is the proxy to be used for Cloud Foundry monitoring, rather than the proxy specified in [http.client.external].
Note: If you have a [cloudfoundry_monitoring] section in your custom.properties file, you also need to have an [http.client.external] section, where you should specify all the remaining communication parameters that are to be used for Cloud Foundry communication.
[kubernetes_monitoring]
ActiveGate version 1.207+
This section can contain proxy settings for communication with Kubernetes, along with other settings related to fine-tuning communication settings for Kubernetes monitoring.
If this section contains proxy-off = true, then there is no proxy for communication with Kubernetes. If it contains the proxy-host property, then this is the proxy to be used for Kubernetes monitoring, rather than the proxy specified in [http.client.external].
Note: If you have a [kubernetes_monitoring] section in your custom.properties file, then you also need to have an [http.client.external] section, where you should specify all of the remaining communication parameters to be used for Kubernetes communication.
[synthetic]
ActiveGate version 1.207+
Proxy settings for Synthetic Monitoring. If this section contains proxy-off = true, then there is no proxy for Synthetic Monitoring. If it contains the proxy-host property, then this is the proxy to be used for Synthetic Monitoring, rather than the proxy specified in [http.client.external] (or in [http.client], if [http.client.external] is not defined).
Note: If you have a [synthetic] section in your custom.properties file, you can have an [http.client.external] section, where you should specify all of the remaining communication parameters to be used for Synthetic Monitoring. Alternatively, you can specify the remaining communication settings in the [http.client] section.
However, if you do create the [http.client.external] section, you have to specify all of the communication parameters there. Otherwise, the communication parameters for monitored environments (Cloud Foundry, Kubernetes, or Synthetic Monitoring) will revert to their factory defaults.
Precedence, inheritance, and default values for proxy and communication settings
Default [http.client.internal] settings
If the entire section [http.client.internal] does not exist, communication with the Dynatrace Cluster is defined by the settings in the [http.client] section.
Default [http.client.external] settings
- If the entire section
[http.client.external]does not exist, communication settings for Cloud Foundry and Kubernetes revert to their factory default values. However, Synthetic Monitoring settings, will receive values specified in the[http.client]section.
Re-list all communication settings in [http.client.internal] and [http.client.external]
If the sections [http.client.internal] or [http.client.external] do exist, then communication settings that are not specified explicitly in them, are NOT automatically inherited from the [http.client] configuration section, but revert to factory defaults.
Thus, if you create an [http.client.internal]or [http.client.external] section in your custom.properties file—for example, for the purpose of specifying proxy settings—you need to specify all of the other communication settings here too—even if these settings are the same as those specified in the [http.client] section. Otherwise the communication settings will revert to their factory default values (for the respective connectivity, managed by that section).
For example:
If you have an [http.client.internal] section in your custom.properties file, but you do not re-list a particular communication property in it, then this communication setting will revert to the factory default value, for communication with the Dynatrace Cluster. Similarly, settings not re-listed in [http.client.external], will revert to factory defaults, for Cloud Foundry, Kubernetes and Synthetic.
- Specifying all communication settings:
To configure communication settings in the
[http.client.internal]or[http.client.external]section, first re-list the current settings, then customize as required. To re-list the parameters, first, open theconfig.propertiesfile and copy all the properties from the[http.client]section in that file to the required section in thecustom.propertiesfile. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values just copied fromconfig.properties.
Specify common proxy settings for Dynatrace Cluster communication and AWS/VMware/Azure monitoring
To configure proxy for communication with Dynatrace Cluster and for AWS/VMware/Azure monitoring, edit the [http.client] section of the custom.properties file.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client] section of the custom.properties file— including those parameters related to authentication, if required:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
ActiveGate version 1.207+ Optionally add parameter proxy-non-proxy-hosts to list hosts that should be accessed without going through the proxy. In the case of AWS role-based access, this step is required to exempt instance metadata service (see below).
The items in the list should be separated by the '|' (pipe) character. For a full description of allowed syntax, see the corresponding syntax for the http.nonProxyHosts parameter in Networking Properties:
proxy-non-proxy-hosts = host1|host2|host3
AWS role-based access:
This step—of exempting a host—is required for AWS monitoring using role-based access:
If you configure a proxy for an ActiveGate deployed on an EC2 instance, with an attached IAM role, you must ensure that you exempt the address used to access the instance metadata. The address to exempt is the IP address of the instance metadata service, 169.254.169.254. This address is always the same and does not depend on the instance:
proxy-non-proxy-hosts = 169.254.169.254
Save the custom.properties file and restart the ActiveGate service.
Note:
- After applying this configuration, the same proxy server will be used for communication with Dynatrace Cluster and AWS/VMware/Azure. To have separate settings for Dynatrace Cluster communication, follow instructions in Set up proxy only for Dynatrace Cluster communication
- Settings specified in
[http.client]are not used for connectivity to Cloud Foundry or Kubernetes. Even if there are no sections appropriate for these types of connectivity (that is, no[http.client.external]or[kubernetes_monitoring]sections) in the ActiveGate configuration, settings specified in[http.client]are NOT automatically used for Cloud Foundry or Kubernetes: factory defaults are used instead.
For information how to specify [http.client] settings during installation, see Customize ActiveGate installation.
Set up proxy for AWS/VMware/Azure monitoring (and exclude Dynatrace Cluster)
You can specify proxy configuration—for communication between ActiveGate and Dynatrace Cluster and for AWS/VMware/Azure monitoring, in the [http.client] section of the custom.properties file, as described in Set up proxy for Dynatrace Cluster communication and AWS/VMware/Azure monitoring.
These settings can then be overridden for Dynatrace Cluster, by specifying custom settings in [http.internal]. To exclude the Dynatrace Cluster from proxy settings, and to disable proxy for Dynatrace Cluster, specify proxy-off=true in the [http.client.internal] section of the custom.properties file.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client] section of the custom.properties file—including those parameters related to authentication, if required:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Exclude the Dynatrace Cluster from the proxy settings (or provide different, custom proxy settings for Dynatrace Cluster). This needs to be done in the [http.client.internal] section of the custom.properties file:
[http.client.internal]
proxy-off=true
Because settings listed in [http.client.internal]—which are specific to communication with the Dynatrace Cluster only—are NOT automatically inherited from [http.client], you will need to repeat here all non-proxy related communication settings from [http.client], with optional customizations as rquired. Otherwise—if there is an [http.client.internal] section in your custom.properties file—all the non-proxy related settings for Dynatrace Cluster communication will revert to factory defaults.
- To configure communication settings in
[http.client.internal], first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.
For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
If you want to set up the proxy only for ActiveGate communication to the monitored environment, define the proxy settings in the launcheruserconfig.conf file using a set of Java system properties with -D option after -vmargs.
Stop the ActiveGate service and edit the launcheruserconfig.conf file.
Set the host name of the proxy server (-Dhttp.proxyHost and -Dhttps.proxyHost) and the port number (-Dhttp.proxyPort and -Dhttps.proxyPort). You can either append the parameters and values or update the values if the parameters already exist. It is important to specify the parameter values for both HTTP and HTTPS.
For example:
-vmargs
-Dhttp.proxyHost=127.0.0.1
-Dhttps.proxyHost=127.0.0.1
-Dhttp.proxyPort=8080
-Dhttps.proxyPort=8080
Additional proxy settings that you can set:
-Dhttp.proxyUser
-Dhttps.proxyUser
-Dhttp.proxyPassword
-Dhttps.proxyPassword
-Dhttp.nonProxyHosts
By default, the -Dhttp.nonProxyHosts parameter applies to both HTTP and HTTPS, and it can remain defined only as HTTP.
For a full description of allowed syntax, see Networking Properties.
Specify common proxy settings for Cloud Foundry, Kubernetes and Synthetic Monitoring
ActiveGate version 1.207+
To configure proxy for the Cloud Foundry and Kubernetes modules, specify the proxy settings in the [http.client.external] section of the custom.properties file. Alternatively, specify proxy-off = true in this section to turn off proxy settings for Cloud Foundry and Kubernetes.
Proxy settings specified in the [http.client.external] section, affect Cloud Foundry monitoring, Kubernetes monitoring, and Synthetic Monitoring, unless overridden in configuration sections dedicated to these connectivities.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client.external] section of the custom.properties file—including those parameters related to authentication, if required:
[http.client.external]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Alternatively, to turn off proxy for the modules:
proxy-off = true
Because settings listed in [http.client.external]—which are specific to communication with Cloud Foundry or Kubernetes monitoring—are NOT automatically inherited from [http.client], you will need to specify here all non-proxy related communication settings from [http.client], with optional customizations as required. Otherwise all other communication settings for the modules, will revert to factory defaults.
- To configure communication settings in the
[http.client.external]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.
For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Set up proxy only for Kubernetes monitoring
ActiveGate version 1.207+
To specify proxy configuration exclusively for Kubernetes, and not for communicating with Cloud Foundry or Synthetic Monitoring, use the [kubernetes_monitoring] section in the custom.properties file. Proxy settings specified here, take precedence over the settings specified in [http.client.external]. You can also specify proxy-off = true in the [kubernetes_monitoring] section, to turn off proxy for Kubernetes.
Use the [kubernetes_monitoring] section of the configuration only for proxy-related settings. To specify other accompanying communication settings, use the [http.client.external] section.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [kubernetes_monitoring] section of the custom.properties file—including those parameters related to authentication, if required. Alternatively specify proxy-off = true to turn off proxy settings for Kubernetes.
[kubernetes_monitoring]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
or to turn off proxy for Kubernetes:
[kubernetes_monitoring]
proxy-off = true
In the [http.client.external] section in your custom.properties file, specify all non-proxy related communication settings for Kubernetes. These settings will also apply to Cloud Foundry and Synthetic Monitoring.
Note that communication settings specified in the [http.client] section, are not automatically used for Kubernetes or Cloud Foundry, and—if not specifed in [http.client.external]—they will revert to factory defaults, for Cloud Foundry and Kubernetes.
-
To configure communication settings in the
[http.client.external]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Set up proxy only for Cloud Foundry monitoring
ActiveGate version 1.207+
To specify proxy configuration exclusively for Cloud Foundry, and not for communicating with Kubernetes or Synthetic Monitoring, use the [cloudfoundry_monitoring] section in the custom.properties file. Proxy settings specified here, take precedence over the settings specified in [http.client.external]. You can also specify proxy-off = true in the [cloudfoundry_monitoring] section, to turn off proxy for Cloud Foundry.
Use the [cloudfoundry_monitoring] section of the configuration only for proxy-related settings. To specify other accompanying communication settings, use the [http.client.external] section.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [cloudfoundry_monitoring] section of the custom.properties file—including those parameters related to authentication, if required. Alternatively specify proxy-off = true to turn off proxy settings for Cloud Foundry.
[cloudfoundry_monitoring]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
or to turn off proxy for Cloud Foundry:
[cloudfoundry_monitoring]
proxy-off = true
In the [http.client.external] section in your custom.properties file, specify all non-proxy related communication settings for Cloud Foundry. These settings will also apply to Kubernetes and Synthetic Monitoring.
Note that communication settings specified in the [http.client] section, are not automatically used for Cloud Foundry or Kubernetes, and—if not specified in [http.client.external]—they will revert to factory defaults, for Cloud Foundry and Kubernetes.
-
To configure communication settings in the
[http.client.external]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Set up proxy only for Dynatrace Cluster communication
To configure proxy exclusively for Dynatrace Cluster, use the [http.client.internal] section in the custom.properties file.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
In custom.properties file, create the [http.client.internal] section (if the section does not already exist).
In the custom.properties file, in the [http.client.internal] section, specify parameters related to proxy, including those related to authentication, if required:
[http.client.internal]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Because settings listed in [http.client.internal]—specific to communication with the Dynatrace Cluster only—are NOT automatically inherited from [http.client], you will need to repeat here all non-proxy related communication settings from [http.client], with optional customizations as rquired. Otherwise—if there is an [http.client.internal] section in your custom.properties file—all the non-proxy related settings for Dynatrace Cluster communication will revert to factory defaults.
- To configure communication settings in the
[http.client.internal]section, first re-list the current settings, then customize as required. To re-list the settings, first, open theconfig.propertiesfile and copy the properties from the[http.client]section in that file. Then, if there is an[http.client]section in thecustom.propertiesfile, use the values listed there, to overwrite the values copied fromconfig.properties.
For example:
connection-timeout=5000
socket-timeout=20000
connection-request-timeout=5000
idle-connection-timeout=15000
max-total-connections=256
max-connections-per-route=32
certificate-validation=yes
hostname-verification=yes
Save the custom.properties file and restart the ActiveGate service.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the proxy-related parameters in the [http.client] section of the custom.properties file—including those parameters related to authentication, if required:
[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password
Save the custom.properties file.
Edit the launcheruserconfig.conf file.
Define the nonProxyHosts parameter in the launcheruserconfig.conf file as * using a set of Java system properties with -D option after -vmargs. The nonProxyHosts parameter indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The wildcard character * indicates that all hosts should be accessed directly even if a proxy server is specified.
For full description of allowed syntax, see Networking Properties.
For example:
-vmargs
-Dhttp.nonProxyHosts=*
Save the launcheruserconfig.conf file and restart the ActiveGate service.
Set up proxy for private Synthetic monitoring
To set up a proxy for communication with the tested resource, set the properties in the [synthetic] section. To set up a proxy for communication with the Dynatrace server, set the properties in the [http.client] section. For more information, see Set up a proxy for private synthetic monitoring.
Exclude hosts from proxy communication
Excluding hosts from proxy communication is configured by means of the proxy-non-proxy-hosts parameter configured in the custom.properties file.
The proxy-non-proxy-hosts parameter—if specified in the [http.client] section of the custom.properties file—affects ActiveGate communication with the Dynatrace Cluster as well as communication with AWS/VMware/Azure.
proxy-non-proxy-hosts specified in the [http.client.external] section of the custom.properties file, it will affect ActiveGate communication only for the modules (Cloud Foundry, Kubernetes,
Synthetic Monitoring).
You can also specify proxy-non-proxy-hosts exclusively for Kubernetes, by placing the parameter in the [kubernetes_monitoring] section, or in [cloudfoundry_monitoring] for Cloud Foundry.
Note: If you create an [http.client.external] section in your custom.properties file, you need to specify all of the other communication settings in that section too, as they should apply to the modules (Clound Foundry, Kubernetes or Synthetic Monitoring). This is because communication settings specified in the [http.client] section of ActiveGate configuration are not automatically inherited by the [http.client.external] section.
If you do not do re-specify all of the communications settings, the respective settings for the modules (as managed by [http.client.external]), will revert to factory defaults.
Stop the ActiveGate service and edit the custom.properties file in the ActiveGate configuration directory
Specify the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts separated by the '|' (pipe) character. In addition, you can use the wildcard character '*' for pattern matching. There can be only one wildcard character, either at the beginning or the end of the hostname. For example, proxy-non-proxy-hosts=*.foo.com|localhost indicates that every host in the foo.com domain and the localhost should be accessed directly even if a proxy server is specified. For a full description of allowed syntax, see the syntax for the http.nonProxyHosts parameter in Networking Properties.
For example:
[http.client]
proxy-non-proxy-hosts=hostname0*|10.1.*
Restart the ActiveGate service.
Excluding hosts from proxy communication is configured by means of the nonProxyHosts parameter configured in the launcheruserconfig.conf file.
The nonProxyHosts parameter configured in the launcheruserconfig.conf file affects only communication between the ActiveGate and the monitored environment. For example, it may be a cloud technology such as AWS or VMware, or a resource monitored by your private monitors executed on a synthetic-enabled ActiveGate.
Stop the ActiveGate service and edit the launcheruserconfig.conf file. See Configure ActiveGate launcher.
Specify the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts separated by the '|' (pipe) character. In addition, you can use the wildcard character '*' for pattern matching. There can be only one wildcard character, either at the beginning or the end of the hostname. For example, nonProxyHosts=*.foo.com|localhost indicates that every host in the foo.com domain and the localhost should be accessed directly even if a proxy server is specified.
Make sure that the proxy parameters are preceded by the -vmargs flag.
For example:
-vmargs
-Dhttp.nonProxyHosts=hostname0*|10.1.*
The syntax for specifying the http.nonProxyHosts parameter can vary depending on your JVM version. Single quotation marks or double quotation marks might be required for your version of JVM.
For a full description of allowed syntax, see, for example, Networking Properties.
For example:
-vmargs
-Dhttp.nonProxyHosts='hostname0*|10.1.*'
or
-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"
or
-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"
Restart the ActiveGate service.