Proxy for ActiveGate

5-min read

Your ActiveGate connectivity configuration allows you to define one or more proxies for outgoing connections: You can use a single proxy for all outgoing traffic, or you can specify different proxies for different purposes, or you can even define exceptions by turning off proxy use for specific connections, while using proxies for other connections.

To see this configuration in a wider context, refer to the supported connectivity schemes and in particular to the proxy and load balancer configuration.

Proxy configuration properties

ActiveGate proxy configuration consists of the following settings. Depending on the type of communication for which you want to use (or disable) a proxy, the following configuration properties can appear in different configuration sections of your ActiveGate configuration.

Property	Description
`proxy-server`	Server address (hostname or IP address)
`proxy-port`	Port Optional If left empty, the default `8080` port is used.
`proxy-scheme`	Scheme Optional If left empty, the default `http` scheme is used. This applies the most common setup, where the connection to the proxy is initiated using HTTP and automatically upgraded to a secure one. All further ActiveGate communication through the proxy is secured by SSL/TLS. Must be set to `https` for proxies that do not support HTTP at all.
`proxy-user`	User name Optional
`proxy-domain`	User domain in the case of NTLM authentication
`proxy-password`	Password Optional The password provided in the `proxy-password` property is obfuscated after ActiveGate restart, and the obfuscated password is stored in the `proxy-password-encr` property. If a comma (`,`) is part of a value, you need to add an escape backslash (`\`) before the comma. For example, `proxy-password = foo\,bar`.
`proxy-off`	If set to `true`, causes proxy to be disabled for the particular type of communication.
`proxy-non-proxy-hosts`	A list of hosts for communication with which proxy should not be used by ActiveGate The hosts in the list should be separated by `\|` characters. You can also use an asterisk `` as a wildcard character to match any string. There can be only one wildcard character, either at the beginning or the end of the hostname. For example, `proxy-non-proxy-hosts=.foo.com\|localhost` indicates that every host in the `foo.com` domain and the `localhost` should be accessed directly even if a proxy server is specified. For a full description of allowed syntax, see the syntax for the `http.nonProxyHosts` parameter in Networking Properties.
`proxy-authentication-schemes`	ActiveGate version 1.271+ A list of proxy authentication schemes Optional This is a prioritized list of proxy authentication schemes that ActiveGate should use when authenticating with the proxy server. Starting with the first scheme on the list, ActiveGate will attempt to authenticate and, in case of failure, proceed to the next scheme on the list. If this property is not defined, ActiveGate will try to authenticate using all available schemes. Supported values: `NTLM`, `BASIC`

Specify proxy configuration for ActiveGate

ActiveGate proxy configuration can be specified during ActiveGate installation on Linux or Windows (only the setting for all outgoing connections), or it can be configured after ActiveGate is installed.

ActiveGate version 1.333+

You can use agctl to configure proxy properties in the http.client section:

# Set proxy server and port
agctl property set --section=http.client --key=proxy-server --value=127.0.0.1
agctl property set --section=http.client --key=proxy-port --value=8080

# Set basic authentication credentials (if required)
agctl property set --section=http.client --key=proxy-user --value=username
agctl property set --section=http.client --key=proxy-password --value=password

After configuring proxy settings with agctl, you must restart ActiveGate for the changes to take effect.

Note that after the service is restarted, the proxy password is encrypted and moved from the proxy-password property to proxy-password-encr.

ActiveGate proxy settings for simple proxy configuration scenarios

The following simple proxy configuration scenarios for ActiveGate are the most common and widely used. If you have special and more complex requirements, you can also define an advanced configuration.

ActiveGate proxy settings for all outgoing traffic

The following configuration covers the most common case of specifying proxy settings for ActiveGate outgoing connection to both the Dynatrace Cluster as well as monitored technologies, such as AWS, VMware, or Azure.

Specify the proxy-related parameters in the [http.client] section of the custom.properties file— including those parameters related to authentication, if required:

ActiveGate version 1.333+

# Set proxy server and port
agctl property set --section=http.client --key=proxy-server --value=127.0.0.1
agctl property set --section=http.client --key=proxy-port --value=8080

# Set basic authentication credentials (if required)
agctl property set --section=http.client --key=proxy-user --value=username
agctl property set --section=http.client --key=proxy-password --value=password

ActiveGate proxy settings for Dynatrace Cluster only

To set up a proxy specifically for Dynatrace Cluster, while allowing outgoing monitoring traffic to connect directly to monitored technologies, define proxy settings in the [http.client.internal] section of ActiveGate configuration.

ActiveGate version 1.333+

# Set proxy server and port
agctl property set --section=http.client.internal --key=proxy-server --value=127.0.0.1
agctl property set --section=http.client.internal --key=proxy-port --value=8080

# Set basic authentication credentials (if required)
agctl property set --section=http.client.internal --key=proxy-user --value=username
agctl property set --section=http.client.internal --key=proxy-password --value=password

ActiveGate proxy for outgoing monitoring traffic, with direct connection to Dynatrace Cluster

ActiveGate proxy for outgoing monitoring traffic only

To set up a proxy specifically for outgoing monitoring traffic, but keep connection to Dynatrace Cluster direct:

Specify proxy configuration in the [http.client] section of the custom.properties file.
Turn proxy off in the [http.client.internal] section.

For example:

ActiveGate version 1.333+

# Set proxy for all traffic in http.client section
agctl property set --section=http.client --key=proxy-server --value=127.0.0.1
agctl property set --section=http.client --key=proxy-port --value=8080
agctl property set --section=http.client --key=proxy-user --value=username
agctl property set --section=http.client --key=proxy-password --value=password

# Disable proxy for Dynatrace Cluster communication
agctl property set --section=http.client.internal --key=proxy-off --value=true

Advanced proxy configuration scenarios for ActiveGate

To set up a proxy for outgoing connections from ActiveGate—that is for connections to monitored technologies or to the Dynatrace Cluster—edit the custom.properties file and set properties in the appropriate section. Depending on the configuration section in which the properties are specified, the proxy (and other communication settings) affect only selected types of connections:

[http.client]—proxy settings for all ActiveGate outgoing connections, including the Dynatrace Cluster as well as all monitored technologies.
[http.client.internal]—proxy settings specifically for the communication with Dynatrace Cluster. These settings override the settings specified in [http.client]
[http.client.external]—proxy settings specifically for monitored technologies: CloudFoundry, Kubernetes, private Synthetic monitoring. These settings override the settings specified in [http.client]
[<technology name>]—proxy settings specifically for the particular monitored technology, such as cloudfoundry_monitoring, kubernetes_monitoring, synthetic. These settings override the settings specified in [http.client] and [http.client.external]. Note that Settings for many of these technologies can be specified jointly in [http.client.external].

This precedence and inheritance of configuration settings between different configuration sections can be pictured graphically as follows:

Proxy inheritance

ActiveGate proxy for Kubernetes, CloudFoundry, and private Synthetic Monitoring

You can specify proxy settings for a number of monitored technologies at once. Settings given in the http.client.external section affect Kubernetes, CloudFoundry, and private Synthetic monitoring (this set might be extended in the future):

ActiveGate version 1.333+

# Set proxy server and port for external monitoring traffic
agctl property set --section=http.client.external --key=proxy-server --value=127.0.0.1
agctl property set --section=http.client.external --key=proxy-port --value=8080

# Set basic authentication credentials (if required)
agctl property set --section=http.client.external --key=proxy-user --value=username
agctl property set --section=http.client.external --key=proxy-password --value=password

Different proxies for Kubernetes, CloudFoundry and private Synthetic Monitoring

You can also specify dedicated proxy settings for a particular monitored technology:

CloudFoundry in the cloudfoundry_monitoring section
Kubernetes in the kubernetes_monitoring section
private Synthetic Monitoring in the synthetic section

For example:

ActiveGate version 1.333+

agctl property set --section=kubernetes_monitoring --key=proxy-server --value=127.0.0.1
agctl property set --section=kubernetes_monitoring --key=proxy-port --value=8080
agctl property set --section=kubernetes_monitoring --key=proxy-user --value=username
agctl property set --section=kubernetes_monitoring --key=proxy-password --value=password

ActiveGate proxy settings for AWS role-based access

AWS-specific proxy configuration is described separately.