Your ActiveGate connectivity configuration allows you to define one or more proxies for outgoing connections: You can use a single proxy for all outgoing traffic, or you can specify different proxies for different purposes, or you can even define exceptions by turning off proxy use for specific connections, while using proxies for other connections.
To see this configuration in a wider context, refer to the supported connectivity schemes and in particular to the proxy and load balancer configuration.
ActiveGate proxy configuration consists of the following settings. Depending on the type of communication for which you want to use (or disable) a proxy, the following configuration properties can appear in different configuration sections of your ActiveGate configuration.
Property
Description
proxy-server
Server address (hostname or IP address)
proxy-port
Port optional
If left empty, the default 8080
port is used.
proxy-scheme
Scheme optional
If left empty, the default http
scheme is used. This applies the most common setup, where the connection to the proxy is initiated using HTTP and automatically upgraded to a secure one. All further ActiveGate communication through the proxy is secured by SSL/TLS.
Must be set to https
for proxies that do not support HTTP at all.
proxy-user
User name optional
proxy-domain
User domain in the case of NTLM authentication
proxy-password
Password optional
The password provided in the proxy-password
property is obfuscated after ActiveGate restart, and the obfuscated password is stored in the proxy-password-encr
property.
If a comma (,
) is part of a value, you need to add an escape backslash (\
) before the comma. For example, proxy-password = foo\,bar
.
proxy-off
If set to true
, causes proxy to be disabled for the particular type of communication.
proxy-non-proxy-hosts
A list of hosts for communication with which proxy should not be used by ActiveGate
The hosts in the list should be separated by |
characters. You can also use an asterisk *
as a wildcard character to match any string. There can be only one wildcard character, either at the beginning or the end of the hostname. For example, proxy-non-proxy-hosts=*.foo.com|localhost
indicates that every host in the foo.com
domain and the localhost
should be accessed directly even if a proxy server is specified. For a full description of allowed syntax, see the syntax for the http.nonProxyHosts
parameter in Networking Properties.
proxy-authentication-schemes
ActiveGate version 1.271+
A list of proxy authentication schemes optional
This is a prioritized list of proxy authentication schemes that ActiveGate should use when authenticating with the proxy server.
Supported values: NTLM
, BASIC
ActiveGate proxy configuration can be specified during ActiveGate installation on Linux or Windows (only the setting for all outgoing connections), or it can be configured after ActiveGate is installed. To configure proxy for ActiveGate:
Edit the custom.properties
file in the ActiveGate configuration directory
Specify the proxy-related parameters in the appropriate configuration section of the custom.properties
file, depending for which purpose you want to use the proxy (see examples below). For example:
[http.client]proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password
Save the custom.properties
file.
Restart the ActiveGate main service.
Note that after the service is restarted, the proxy password, as specified by you in the configuration, is encrypted and moved from the proxy-password
property to proxy-password-encr
.
The following simple proxy configuration scenarios for ActiveGate are the most common and widely used. If you have special and more complex requirements, you can also define an advanced configuration.
The following configuration covers the most common case of specifying proxy settings for ActiveGate outgoing connection to both the Dynatrace Cluster as well as monitored technologies, such as AWS, VMware, or Azure.
Specify the proxy-related parameters in the [http.client]
section of the custom.properties
file— including those parameters related to authentication, if required:
[http.client]proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password
To set up a proxy specifically for Dynatrace Cluster, while allowing outgoing monitoring traffic to connect directly to monitored technologies, define proxy settings in the [http.client.internal]
section of ActiveGate configuration.
[http.client.internal]proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password
ActiveGate version 1.247 and earlier For ActiveGate communication to function properly, after specifying the above settings, you will need to repeat non-proxy communication settings in http.client.internal
or http.client.external
and/or you will need to create sections http.client.internal
or http.client.external
. For more information see current limitations.
To set up a proxy specifically for outgoing monitoring traffic, but keep connection to Dynatrace Cluster direct:
[http.client]
section of the custom.properties
file.[http.client.internal]
section.For example
[http.client]proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password[http.client.internal]proxy-off=true
ActiveGate version 1.247 and earlier For ActiveGate communication to function properly, after specifying the above settings, you will need to repeat non-proxy communication settings in http.client.internal
or http.client.external
and/or you will need to create sections http.client.internal
or http.client.external
. For more information see current limitations.
To set up a proxy for outgoing connections from ActiveGate—that is for connections to monitored technologies or to the Dynatrace Cluster—edit the custom.properties
file and set properties in the appropriate section. Depending on the configuration section in which the properties are specified, the proxy (and other communication settings) affect only selected types of connections:
[http.client]
—proxy settings for all ActiveGate outgoing connections, including the Dynatrace Cluster as well as all monitored technologies.[http.client.internal]
—proxy settings specifically for the communication with Dynatrace Cluster. These settings override the settings specified in [http.client]
[http.client.external]
—proxy settings specifically for monitored technologies: CloudFoundry, Kubernetes, private Synthetic monitoring. These settings override the settings specified in [http.client]
[<technology name>]
—proxy settings specifically for the particular monitored technology, such as cloudfoundry_monitoring
, kubernetes_monitoring
, synthetic
. These settings override the settings specified in [http.client]
and [http.client.external]
. Note that Settings for many of these technologies can be specified jointly in [http.client.external]
.This precedence and inheritance of configuration settings between different configuration sections can be pictured graphically as follows:
You can specify proxy settings for a number of monitored technologies at once. Settings given in the http.client.external
section affect Kubernetes, CloudFoundry, and private Synthetic monitoring (this set might be extended in the future):
[http.client.external]proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password
ActiveGate version 1.247 and earlier For ActiveGate communication to function properly, after specifying the above settings, you will need to repeat non-proxy communication settings in http.client.internal
or http.client.external
and/or you will need to create sections http.client.internal
or http.client.external
. For more information see current limitations.
You can also specify dedicated proxy settings for a particular monitored technology:
cloudfoundry_monitoring
sectionkubernetes_monitoring
sectionsynthetic
sectionFor example
[kubernetes_monitoring]proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password
See also: How to set up an ActiveGate proxy for private Synthetic monitoring
AWS-specific proxy configuration is described separately.
ActveGate version 1.247 and earlier
[http.client.internal]
or [http.client.external]
When specifying proxy configuration in either [http.client.internal]
or [http.client.external]
, note that these sections affect various communication aspects not only proxy. When creating either of those sections, make sure to first copy content of the existing [http.client]
section from the configuration.properties
file (and customize it as appropriate):
config.properties
file and copy all the properties from the [http.client]
section to the custom.properties
file, section [http.client.internal]
or [http.client.external]
(as appropriate).[http.client]
section in the custom.properties
file, use the values listed there, to overwrite the above values (the values you have just copied from config.properties
).For example
[http.client.external]# proxy settings as specific to http.client.external:proxy-server=127.0.0.1proxy-port=8080# basic authentication credentialsproxy-user=usernameproxy-password=password# communication settings copied from existing configuration:connection-timeout=5000socket-timeout=20000connection-request-timeout=5000idle-connection-timeout=15000max-total-connections=256max-connections-per-route=32certificate-validation=yeshostname-verification=yes