Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 17. Working with HTTP Proxies

17.1. Overview
Link kopieren

Production environments can deny direct access to the Internet and instead have an HTTP or HTTPS proxy available. Configuring OpenShift to use these proxies can be as simple as setting standard environment variables in configuration or JSON files.

17.2. Configuring Hosts for Proxies
Link kopieren

  1. Add the NO_PROXY, HTTP_PROXY, and HTTPS_PROXY environment variables to each host’s /etc/sysconfig/atomic-openshift-master file (for single master configuration), /etc/sysconfig/atomic-openshift-master-api, or /etc/sysconfig/atomic-openshift-master-controllers files (for multi-master configuration) and /etc/sysconfig/atomic-openshift-node file (for node configuration) depending on the type of host: 

    HTTP_PROXY=http://USERNAME:PASSWORD@10.0.1.1:8080/
HTTPS_PROXY=https://USERNAME:PASSWORD@10.0.0.1:8080/
NO_PROXY=master.hostname.example.com
    Copy to Clipboard Toggle word wrap

    NO_PROXY accepts a comma-separated list of hosts:

    For master hosts
    • Node hostname
    • Master IP or hostname
    • Service IP
    • Cluster IP
    For node hosts
    • Master IP or hostname
    • Service IP
    • Cluster IP
    For the Docker service

    • Registry service IP and hostname

      Important

      Currently, using CIDR for IP addressing is not supported by NO_PROXY. You must add individual IP addresses for values, such as, the registry.

      Note

      The only wildcard NO_PROXY accepts is a single * character, which matches all hosts, and effectively disables the proxy. Each name in this list is matched as either a domain which contains the host name as a suffix, or the host name itself.

      For instance, example.com would match example.com, example.com:80, and www.example.com.

  2. Restart the master or node host as appropriate: 

    # systemctl restart atomic-openshift-master
# systemctl restart atomic-openshift-node
    Copy to Clipboard Toggle word wrap

    For multi-master installations: 

    # systemctl restart atomic-openshift-master-controllers
# systemctl restart atomic-openshift-master-api
    Copy to Clipboard Toggle word wrap

OpenShift does not accept * as a wildcard attached to a domain suffix. For example, this works: 

NO_PROXY=.example.com
Copy to Clipboard Toggle word wrap

However, this does not: 

NO_PROXY=*.example.com
Copy to Clipboard Toggle word wrap

To deploy Hawkular Metrics on a proxied OpenShift Enterprise environment, include the following services in the NO_PROXY configuration:

  • Hawkular Cassandra
  • Hawkular Metrics
  • Heapster
  • Kubernetes
  • Application
  • OpenShift infra domain (added when using two DNS zones)

To obtain the service IPs, run: 

$ oc get svc
Copy to Clipboard Toggle word wrap
Note

AutoScaling does not work on a proxied environment.

17.3. Proxying Docker Pull
Link kopieren

OpenShift node hosts need to perform push and pull operations to Docker registries. If you have a registry that does not need a proxy for nodes to access, include the NO_PROXY parameter with the registry’s host name, the registry service’s IP address, and service name. This blacklists that registry, leaving the external HTTP proxy as the only option.

  1. Edit the /etc/sysconfig/docker file and add the variables in shell format: 

    HTTP_PROXY=http://USERNAME:PASSWORD@10.0.1.1:8080/
HTTPS_PROXY=https://USERNAME:PASSWORD@10.0.0.1:8080/
NO_PROXY=master.hostname.example.com,172.30.123.45,docker-registry.default.svc.cluster.local
    Copy to Clipboard Toggle word wrap

  2. Restart the Docker service: 

    # systemctl restart docker
    Copy to Clipboard Toggle word wrap

17.4. Using Maven Behind a Proxy
Link kopieren

There are three options for using Maven behind a proxy on OpenShift Enterprise:

  • Generate the settings.xml file for the user by setting the $HTTP_PROXY_HOST and $HTTP_PROXY_PORT environment variables in the .s2i/environment file: 

    HTTP_PROXY_HOST=<hostname>
HTTP_PROXY_PORT=<port_number>
    Copy to Clipboard Toggle word wrap

    Optionally, you can also set the $HTTP_PROXY_USERNAME, HTTP_PROXY_PASSWORD, and HTTP_PROXY_NONPROXYHOSTS variables: 

    HTTP_PROXY_USERNAME=<user_name>
HTTP_PROXY_PASSWORD=<password>
HTTP_PROXY_NONPROXYHOSTS=<hostname>
    Copy to Clipboard Toggle word wrap

  • Move the settings.xml file into your application’s local Git repository: 

    $ mv settings.xml <git_repo>/configuration/settings.xml
    Copy to Clipboard Toggle word wrap

  • Point the MAVEN_ARGS_APPEND environment variable to the location of the settings.xml file: 

    MAVEN_ARGS_APPEND=" -s path/to/file"
    Copy to Clipboard Toggle word wrap

17.5. Configuring S2I Builds for Proxies
Link kopieren

S2I builds fetch dependencies from various locations. You can use a .sti/environment file to specify simple shell variables and OpenShift will react accordingly when seeing build images.

The following are the supported proxy environment variables with example values: 

HTTP_PROXY=http://USERNAME:PASSWORD@10.0.1.1:8080/
HTTPS_PROXY=https://USERNAME:PASSWORD@10.0.0.1:8080/
NO_PROXY=master.hostname.example.com
Copy to Clipboard Toggle word wrap

17.6. Configuring Default Templates for Proxies
Link kopieren

The example templates available in OpenShift by default do not include settings for HTTP proxies. For existing applications based on these templates, modify the source section of the application’s build configuration and add proxy settings: 

...
source:
  type: Git
  git:
    uri: https://github.com/openshift/ruby-hello-world
    httpProxy: http://proxy.example.com
    httpsProxy: https://proxy.example.com
...
Copy to Clipboard Toggle word wrap

This is similar to the process for using proxies for Git cloning.

17.7. Setting Proxy Environment Variables in Pods
Link kopieren

You can set the NO_PROXY, HTTP_PROXY, and HTTPS_PROXY environment variables in the templates.spec.containers stanza in a deployment configuration to pass proxy connection information. The same can be done for configuring a Pod’s proxy at runtime: 

...
containers:
- env:
  - name: "HTTP_PROXY"
    value: "http://USER:PASSWORD@IPADDR:PORT"
...
Copy to Clipboard Toggle word wrap

You can also use the oc env command to update an existing deployment configuration with a new environment variable: 

$ oc env dc/frontend HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
Copy to Clipboard Toggle word wrap

If you have a ConfigChange trigger set up in your OpenShift instance, the changes happen automatically. Otherwise, manually redeploy your application for the changes to take effect.

17.8. Git Repository Access
Link kopieren

If your Git repository can only be accessed using a proxy, you can define the proxy to use in the source section of the BuildConfig. You can configure both a HTTP and HTTPS proxy to use. Both fields are optional.

Note

Your source URI must use the HTTP or HTTPS protocol for this to work. 

source:
  type: Git
  git:
    uri: "https://github.com/openshift/ruby-hello-world"
    httpProxy: http://proxy.example.com
    httpsProxy: https://proxy.example.com
Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat