Can I use a proxy for internet access?
You need to configure an internet connection to Dynatrace Mission Control to:
- Receive upgrade notifications
- Facilitate product support
- Enable availability monitoring
- Collect Dynatrace usage data
If your Dynatrace cluster can't reach the Internet directly, you can configure a proxy connection during Dynatrace Managed installation using the Cluster Management Console (CMC) or REST API.
Using Dynatrace Managed installer
You can use command-line parameters during Dynatrace Managed installation. Use the following parameters to set up a proxy connection to Dynatrace Mission Control:
If your machine uses a network proxy to connect to the Internet, put the address here in the following format:
protocol://[user:password@]server-address:port. The default value is
If your machine uses a network HTTPS proxy with a self-signed certificate, you have to extend the trusted certificates store. The full path to a public SSL certificate file in PEM format should follow that parameter.
Token used for registration in Mission Control (optional for regular installation).
Using Cluster Management Console
In the Cluster Management Console (CMC):
In the Dynatrace menu, go to Settings > Internet proxy and edit Proxy configuration for a particular data center.
Select Connect via proxy and enter proxy server details:
- Proxy address and Port
- Username and Password if anonymous access isn't possible.
Also, you can exclude hosts from using the proxy. This is useful, for example, when you have configured problem integrations via webhooks with software residing in the internal network. Use a wildcard (
*) at the beginning or at the end of each host entry to include all URLs within a defined host domain.
Using REST API
You can also use the Internet Proxy REST API (Cluster Management Console REST API) for single clusters and high availability deployments to adjust the internet proxy configuration. For details, see Dynatrace Cluster API.
Can I use a transparent proxy?
Yes, Dynatrace supports transparent proxy configuration.
A transparent proxy (also known as an intercepting proxy, in-line proxy, or forced proxy), can route and intercept Dynatrace cluster communication to Mission Control. A transparent proxy is normally located between the Dynatrace Managed cluster and Mission Control (Internet). By using a transparent proxy, you can additionally audit and inspect all communication payloads (see data exchanged with Mission Control).
Dynatrace need not be aware of the existence of the proxy. Dynatrace Managed has to be configured to trust a root certificate whose private key is known to the proxy. In such situations, proxy analysis of the contents of an SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by Dynatrace's trust of a root certificate the proxy owns.
How to update SSL certificate?
You can use command-line parameters for the Dynatrace Managed reconfiguration script:
<PRODUCT_PATH>/installer/reconfigure.sh --update-cert --network-proxy-cert-file <proxy_cert_file>