Summary
Virtru does support the Gateway behind a proxy. There are 2 scenarios that need to ensure traffic is routed to the proxy. Detailed information can be found on the Docker Site.
Docker Traffic
Docker needs to be configured to pull images via proxy.
Create HTTP Proxy Configuration File
Shell
mkdir -p /etc/systemd/system/docker.service.d nano /etc/systemd/system/docker.service.d/http-proxy.conf
Add HTTP Configuration to the File
Text
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Create HTTPS Proxy Configuration File
Shell
nano /etc/systemd/system/docker.service.d/https-proxy.conf
Add HTTPS Configuration to the File
https-proxy.conf
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443/"
Reload the Appropriate Services
Shell
systemctl daemon-reload
systemctl restart docker
Container Traffic
Container Traffic does not follow the Host traffic. DNS Servers must be defined if they are different than the default.
Shell
docker ps docker exec -it cat /etc/resolv.conf
To update the container DNS servers there are different approaches based on the docker version installed.
Obtain Docker version
Shell
docker version
Docker versions less than 17.09
Edit/Create: /ets/docker/daemon.json
Shell
nano /ets/docker/daemon.json
daemon.json
Add DNS servers
{ "dns": ["1.1.1.1","1.0.0.1"] }
Docker versions at or above 17.09
Update the docker run commands by editing the appropriate file
Shell
cd /var/virtru/vg/scripts ll
nano setup-XX-XX.sh
setup-XX-XX.sh
Add an entry to the .sh file (1 line per DNS server)
--dns=1.1.1.1 \
--dns=1.0.0.1 \
Each container needs to be configured to use the proxy to contact the Virtru Endpoints.
Shell
# Find container id of container in question
docker ps -a
# Replace <container id> with the docker id or name
# Display current proxy settings
docker exec -it <container id> cat /etc/java-11-openjdk/net.properties | grep -E 'http.proxy|https.proxy'
# Replace X.X.X.X with the proxy IP
docker exec -it <docker id> sed -i 's/# http.proxyHost=/http.proxyHost=X.X.X.X/g' /etc/java-11-openjdk/net.properties
docker exec -it <docker id> sed -i 's/# https.proxyHost=/https.proxyHost=X.X.X.X/g' /etc/java-11-openjdk/net.properties
# Replace X with the proxy Port
docker exec -it <docker id> sed -i 's/# http.proxyPort=80/http.proxyPort=X/g' /etc/java-11-openjdk/net.properties
docker exec -it <docker id> sed -i 's/# https.proxyPort=443/https.proxyPort=X/g' /etc/java-11-openjdk/net.properties
# Replace <container id> with the docker id or name
# Display current proxy settings
docker exec -it <container id> cat /etc/java-11-openjdk/net.properties | grep -E 'http.proxy|https.proxy'
docker restart <docker id>