Can I use a proxy for internet access?

You need to configure an internet connection to Dynatrace Mission Control to:

  • Receive upgrade notifications
  • Facilitate product support
  • Enable availability monitoring
  • Collect Dynatrace usage data

If your Dynatrace Mission Control can't reach the internet directly you can configure a proxy connection during Dynatrace Managed installation using the CMC or REST API.

Using Managed installer

You can use command-line parameters during Dynatrace Managed installation. Use the following parameters to set up a proxy connection to Dynatrace Mission Control:

--network-proxy
If your machine uses a network proxy to connect to the internet, put the address here in the following format: protocol://[user:password@]server-address:port. The default value is none.

--network-proxy-cert-file If your machine uses a network HTTPS proxy with a self-signed certificate, you have to extend the trusted certificates store. The full path to a public SSL certificate file in PEM format should follow that parameter.

--registration-token
Token used for registration in Mission Control (optional for regular installation).

Using Cluster Management Console

In the Cluster Management Console (CMC):

Go to Settings > Internet access and select Connect via proxy.

Enter proxy server details:

  • Proxy address and Port
  • Username and Password if anonymous access isn't possible.

You can click Test connection to confirm that the Dynatrace Managed portal can be reached. A successful internet connection is indicated by a green checkmark icon next to the page title.

Also, you can exclude hosts from using the proxy. This is useful, for example, when you have configured problem integrations via webhooks with software residing in the internal network. Use a wildcard (*) at the beginning or at the end of each host entry to include all URLs within a defined host domain.

Using REST API

You can also use the Internet Proxy REST API (Cluster Management Console REST API) for single clusters and high availability deployments to adjust the internet proxy configuration. For details, see Dynatrace Cluster API.

FAQs

Can I use a transparent proxy?

Yes, Dynatrace supports transparent proxy configuration.

A transparent proxy (also known as an intercepting proxy, in-line proxy, or forced proxy), can route and intercept Dynatrace cluster communication to Mission Control. A transparent proxy is normally located between the Dynatrace Managed cluster and Mission Control (Internet). By using a transparent proxy, you can additionally audit and inspect all communication payloads (see data exchanged with Mission Control).

Dynatrace need not be aware of the existence of the proxy. Dynatrace Managed has to be configured to trust a root certificate whose private key is known to the proxy. In such situations, proxy analysis of the contents of an SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by Dynatrace's trust of a root certificate the proxy owns.

How can I update an SSL certificate?

During installation (see above).

How to update SSL certificate?

You can use command-line parameters for the Dynatrace Managed reconfiguration script:

<PRODUCT_PATH>/installer/reconfigure.sh -update-cert -network-proxy-cert-file=<proxy_cert_file>