Setting up a proxy for ActiveGate

To set up a proxy for an ActiveGate, update or add the authentication parameters to the custom.properties or launcheruserconfig.conf file.

Configuration override

If you define the same parameters in the custom.properties and launcheruserconfig.conf files, the proxy parameters defined in the custom.properties file will override the corresponding parameters in the launcheruserconfig.conf file.

To set a proxy for both communication of ActiveGate to Dynatrace server and for AWS/VMware monitoring, configure the parameters in the custom.properties file.
To set a proxy only for AWS/VMware monitoring, configure the parameters in launcheruserconfig.conf file.
To set a proxy only for communication between ActiveGate and Dynatrace server (no AWS/VMware monitoring), configure the parameters in the custom.properties file and in the launcheruserconfig.conf file.
To set up a proxy for communication with a private synthetic tested resource alone or with Dynatrace server, configure parameters in the custom.properties file. See Setting up proxy for private synthetic.

Depending on your ActiveGate version and deployment setup, the configuration files are located in the following directories and folders:

custom.properties
/var/lib/dynatrace/gateway/config
or
/var/lib/dynatrace/gateway/gateway/config
launcheruserconfig.conf
On Linux: /var/lib/dynatrace/gateway/config/launcheruserconfig.conf
On Windows: C:\ProgramData\dynatrace\gateway\config\launcheruserconfig.conf

Setting proxy for Dynatrace server communication and for AWS/VMware monitoring

To set proxy for both communication of ActiveGate to Dynatrace server and for AWS/VMware monitoring:

Stop the ActiveGate and edit the custom.properties file.

See Where can I find ActiveGate files?

Specify the proxy-related parameters in the [http.client] section of the custom.properties file—in particular, those parameters related to authentication, such as:

[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password

You also can use the proxy-server and proxy-port parameters in the command line ActiveGate installation:

PROXY=<proxy server>:<proxy port>

See Customize ActiveGate installation

Save the custom.properties file and restart the ActiveGate.

Setting proxy only for Cloud Foundry and Kubernetes monitoring

The Dynatrace Cloud Foundry and Kubernetes monitoring integrations require the scheme [http.client.external] to configure a proxy for communication with the respective API.

Stop the ActiveGate and edit the custom.properties file.

See Where can I find ActiveGate files?

Specify the proxy-related parameters in the [http.client.external] section of the custom.properties file—in particular, those parameters related to authentication, such as:

[http.client.external]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password

See Customize ActiveGate installation

Save the custom.properties file and restart the ActiveGate.

Certificate management for Cloud Foundry, Kubernetes, and OpenShift communication

If you're using self-signed certificates for communication to external APIs (for example, for the Cloud Foundry and Kubernetes APIs) you can either add the certificate to the truststore (Option 1) or disable the certificate validation in the custom.properties file (Option 2).

Option 1: Add the self-signed certificate to the truststore

ActiveGate version 1.166, 1.167

Add the custom certificate to the trusted.jks file in the sub-directory <activegate-project-dir>/ssl/customkeys.

Please refer to keytool documentation for adding the certificate to a truststore file.

ActiveGate version 1.168+

Add the custom certificate to a custom truststore file (for example, mytrust.jks) in the sub-directory <activegate-project-dir>/ssl and add the following entries in the config/custom.properties file. The entry in the custom.properties file may look like this:

[collector]
trustedstore = mytrust.jks
# the following entries are optional
trustedstore-password = changeit
trustedstore-type = JKS

Please refer to keytool documentation for adding the certificate to a truststore file.

Option 2: Disable certificate validation

Disabling certificate validation isn't recommended as it imposes security risks. However, if you still want to disable certificate validation for test environments, you need to disable hostname-verification and certificate-validation in the following properties.

Add the following set of parameters to the [http.client.external] scheme of your custom.properties file as follows:

[http.client.external]
hostname-verification = false
certificate-validation = false

Setting proxy only for AWS/VMware communication

If you want to set up the proxy only for ActiveGate communication to the monitored environment, define the proxy settings in the launcheruserconfig.conf file using a set of Java system properties with -D option after -vmargs.

Stop the ActiveGate and edit the launcheruserconfig.conf file.

Set the host name of the proxy server (-Dhttp.proxyHost and -Dhttps.proxyHost) and the port number (-Dhttp.proxyPort and -Dhttps.proxyPort). You can either append the parameters and values or update the values if the parameters already exist. It is important to specify the parameter values for both HTTP and HTTPS protocols.

For example:

  -vmargs
  -Dhttp.proxyHost=127.0.0.1
  -Dhttps.proxyHost=127.0.0.1
  
  -Dhttp.proxyPort=8080
  -Dhttps.proxyPort=8080

Additional proxy settings that you can set:

  -Dhttp.proxyUser
  -Dhttps.proxyUser
  
  -Dhttp.proxyPassword
  -Dhttps.proxyPassword
  
  -Dhttp.nonProxyHosts

Dhttp.nonProxyHosts

By default, the -Dhttp.nonProxyHosts parameter applies to both HTTP and HTTPS protocols, and it can remain defined only as HTTP.

Setting proxy only for Dynatrace Server communication

Stop the ActiveGate and edit the custom.properties file.

See Where can I find ActiveGate files?

Specify the proxy-related parameters in the [http.client] section of the custom.properties file—in particular, those parameters related to authentication, such as:

[http.client]
proxy-server=127.0.0.1
proxy-port=8080
# basic authentication credentials
proxy-user=username
proxy-password=password

Save the custom.properties file.

Edit the launcheruserconfig.conf file.

Define the nonProxyHosts parameter in the launcheruserconfig.conf file as * using a set of Java system properties with -D option after -vmargs. The nonProxyHosts parameter indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The wildcard character * indicates that every hosts should be accessed directly even if a proxy server is specified. See Java Networking and Proxies For example:

  -vmargs
  -Dhttp.nonProxyHosts=*

Save the launcheruserconfig.conf file and restart the ActiveGate.

Setting proxy for private synthetic

To set proxy for communication with the tested resource, set the properties in the [synthetic] section. To set proxy for communication with the Dynatrace server, set the properties in the [http.client] section. For more information, see Setting up proxy for private synthetic.

Excluding hosts from proxy communication

The nonProxyHosts parameter configured in the launcheruserconfig.conf file affects only the communication between the ActiveGate and the monitored environment. For example, it may be a cloud technology like AWS or VMware or a resource monitored by your private monitors executed on a synthetic-enabled ActiveGate.

Stop the ActiveGate and edit the launcheruserconfig.conf file. See Configure ActiveGate launcher.

The hosts that should be accessed without going through the proxy. Typically this defines internal hosts. The value of this property is a list of hosts, separated by the '|' character. In addition, you can use the wild card character '*' for pattern matching. There can be only one wild card character, either at the beginning or the end of the hostname. For example nonProxyHosts=*.foo.com|localhost will indicate that every hosts in the foo.com domain and the localhost should be accessed directly even if a proxy server is specified.

Make sure that the proxy parameters are preceded by the -vmargs flag.

For example:

-vmargs
-Dhttp.nonProxyHosts=hostname0*|10.1.*

JVM version

The syntax for specifying the host variable may vary depending on your JVM version. Single quotation marks or double quotation marks may be required for your version of JVM.

For example:

-vmargs
-Dhttp.nonProxyHosts='hostname0*|10.1.*'

-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"

-vmargs
-Dhttp.nonProxyHosts="hostname0*|10.1.*"

Restart the ActiveGate.