Collector proxy for a Linux or Mac OS
When you need the extra layer of security, the APEX AIOps Incident Management Collector can send events to a configured proxy server address. Configuring a proxy server address is often warranted when you have security policies that prohibit a collector from communicating directly with the Incident Management server.
The Incident Management Collector proxy setup allows you to do the following:
Use a forward proxy server to receive events from all your collector traffic and forward them to Incident Management.
Configure new and existing collectors to work behind the forward proxy.
Use a reverse proxy for collector traffic.
Before you begin
Before you begin, check that you have performed the following actions:
You have signed into your Incident Management account.
You have installed and configured proxy server software such as Squid for Linux or Mac. You can install and configure Nginx to use for a reverse proxy server. However, we do not recommend using Nginx as a forward proxy.
Note
On Linux systems, you can run
systemctl
<name of proxy server>
to test that your proxy server is active.If you are using Windows, you can also route Windows traffic through a Linux or Mac proxy server. For more information, read Collector proxy for a Windows OS.
Note
For key points about collector installation, read the Supported platforms, Install a Linux or Mac OS collector, and Collector operations topics.
Configure a collector forward proxy
You can use an Incident Management Collector forward proxy for your Linux and Mac platforms. For best use of the collector proxy, install and configure the collector proxy before installing your collectors.
You also need to be aware that installing the Incident Management Collector behind a forward proxy as a root user is handled differently than installing it as non-root. For example, if you install a collector as a root user, the collector is placed in the /opt
directory.
For more information about configuring your collector forward proxy, see the section titled “Considerations in using a Linux or Mac forward proxy server” later in this topic.
Install an Incident Management Collector for the forward proxy
To install your Incident Management Collector behind a forward proxy, switch to your Incident Management instance:
Note
To start, remove any installed Incident Management Collector and its associated files. Read the Collector operations topic for details about removing collectors.
Go to Integrations > Ingestion Services > Collectors > Installation.
Select either the Linux or Mac OS collector platform.
Note
We will use Linux procedures in this example.
Copy the installation script and paste it into a terminal on the target client system. Do not run the Incident Management Collector installation script until you modify the last line of the script, which normally has the following format:
Standard collector install script
bash -c "$(curl ${BASE_URL}/v2/collector-installer/script\?platform=LINUX -kLH apikey:${API_KEY})"
In your client terminal, modify the collector installation script by making the following changes:
Change the cURL portion of the copied install script to:
$(curl -x <proxy_url> ${BASE_URL}
.Add
&proxy_url=http://&<proxy server ip address>:<port>
to the last line of the script. It has the following format:bash -c "$(curl -x <proxy_url> ${BASE_URL}/v2/collector-installer/script\?platform=LINUX\&proxy_url=<proxy_url> -kLH apikey:${API_KEY})"
Remember to prepend the
"\"
escape character to the "&" preceding theproxy_url
query parameter.
In both instances in the script, replace the
proxy_url
with the the public ip address of your proxy server followed by a colon (:) and the port for your remote server (such as:3128
)For example, for a squid proxy server configuration, you would use the same ip address that you specified in the squid configuration line:
acl <name> src <proxy server ip address>
.See "Considerations in using a forward proxy server" later in this topic.
Run the script.
Switch to your Incident Management UI and check that the collector appears in the Collectors List.
Use a proxy with existing collectors
In addition to setting new Incident Management Collector installations to run behind a forwarding proxy, you can also set existing collector or collectors to run behind a proxy. To do this:
Open a terminal on the system running an existing collector.
Stop the existing collector by running the
~/collector/scripts/stop.sh
script.Open a terminal on your system running a collector behind a proxy server, as described in the previous sections.
Navigate to the bootstrap collector configuration file (
collector.toml
) and open it using your editor of choice (vi, vim, nano, and so forth). For example:cd ~/collector/config/collector.toml nano collector.toml
You should see the addition of a provider proxy definition. For example:
[...] url = "https://api.dev.moogsoft.cloud" [provider.proxy] https = "http://<proxy server ip address>" [...]
Copy the
[provider.proxy]
andhttps = "http://<proxy server ip address>"
from thiscollector.toml
file. Make sure it is the one that you installed behind a proxy server.For any existing collector that you also want to run behind your forwarding proxy server, paste your copied lines or add the following lines to the
collector.toml
file:[provider.proxy] https = "http://<proxy server ip address>"
Replace the
proxy server ip address
with thepublic ip address
of the proxy server that you set up. You can cut and paste these lines from thecollector.toml
file of a collector that you installed behind your proxy server.Restart your collector by running the
/collector/scripts/start.sh
script.
Configure a reverse proxy for Linux or Mac platforms
You can also configure a reverse proxy for Linux and Mac platforms using a reverse proxy server.
Note
Unlike the forward proxy install command, the reverse proxy install command requires the Base URL to be changed to the reverse proxy domain name.
Before configuring a reverse proxy server for your Linux or Mac systems, you need to have an existing reverse proxy setup or install and configure a reverse proxy server. To configure your reverse proxy to work with the Incident Management Collector:
Modify the existing or newly installed reverse proxy configuration file to include the following information:
Specify the proxy server machine name and source.
Define the proxy location URL:
location /collector/ { proxy_pass https://api.dev.moogsoft.cloud/;
Specify the reverse proxy server port number.
Save and close your configuration file.
For an example of a proxy server configuration file, read the section, “Example Nginx configuration file for a reverse proxy” later in this topic.
Install an Incident Management Collector behind a reverse proxy
To install your Incident Management Collector with a reverse proxy server, go to your Incident Management instance:
Go to Integrations > Ingestion Services > Collectors > Installation.
Select either your Linux or Mac OS collector platform.
Note
We will use Linux for examples in this procedure.
Copy the Incident Management installation script and paste it into a terminal on your target client system. Do not run the Incident Management Collector installation script until you modify the cURL request in last line of the script.
Modify the collector installation script as shown in the following cURL request with a base URL:
bash -c "$(curl https://localhost/collector/v2/collector-installer/script\?platform=LINUX\&base_url=https://localhost -kLH apikey:<my specific API key>
Remember to prepend the
"\"
escape character to the"&"
preceding the proxy_url query parameter.
In the prior example, we added the base_url https://localhost/collector/v2/collector-installerline
. This base_url must contain the reverse proxy domain.
Validate and troubleshoot your proxy configuration
If you have any issues in running an Incident Management Collector behind a forward proxy, check the following:
When using a forward proxy, make sure you modify your Incident Management Collector install script:
Check that the
https_proxy address
is not blank in yourcurl
command.Check that you have included the proxy server port number in your proxy url definition:
proxy_url=http://<ip address>:<proxy server port number>
Check your Incident Management UI to validate that your collector is installed. Check the Collectors List to see if the Windows Collector is listed.
In the Incident Management UI, go to Integrations > Ingestion Services > Collectors > <specific collector> > Collector Logs and review the logs. Check that your collector passed the
Healthchecks
.Check the local collector logs on your Linux or Mac client by reviewing the logs in
~/collector/logs
.Review your collector config file on your Linux or Mac client in
~/collector/config/collector.toml
.If you are using a reverse proxy, make sure the
base_url
in yourcurl
command contains the reverse proxy domain name.Run the following command to verify that your proxy server is working:
curl https://httpbin.org/ip
This should return the proxy server ip address in the following format:
{ "origin": <"proxy server ip address"> }
To verify that your Incident Management traffic is routed from your forward proxy server, check your proxy server logs. For a Squid proxy server, you would check your access logs at
/var/log/squid
.For example, if you tail the Squid
access.log
you would get your connection information as shown below.sudo /var/log/squid$ tail -n 10 access.log
Considerations in using a forward proxy server
If you have a forward proxy system set up, you will need to modify its configuration file to provide the following information:
Specify the proxy server machine name and source.
Provide access to the machine using the machine name that you specified above.
Specify the proxy server port number.
Note
Squid configuration file example
acl myproxy src <IPv4> # machine's name (this is a comment)
http_access allow myproxy # this is your machine name
http_port 3128 # this is the standard port for the squid proxy server
You also need to be aware that installing the Incident Management Collector behind a forward proxy as a root user is handled differently than installing it as non-root.
Example Nginx configuration file for a reverse proxy
The following code snippet illustrates an Nginx configuration file with the required configuration changes.
Nginx configuration file example
worker_processes 1; [...] } location /collector/ { proxy_pass https://api.dev.moogsoft.cloud/; } proxy_ssl_server_name on; } [...] server { listen 443 ssl; server_name localhost; ssl_certificate /usr/local/etc/nginx/cert.pem; ssl_certificate_key /usr/local/etc/nginx/cert.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { [...] include servers/*;