Collector proxy for a Linux or Mac OS
When you need the extra layer of security, Moogsoft Cloud collectors can send events to a configured proxy server address. Configuring a proxy server address is often warranted when you have security policies that prohibit a collector from communicating directly with the Moogsoft server.
The Moogsoft collector proxy setup allows you to do the following:
Use a forward proxy server to receive events from all your collector traffic and forward them to Moogsoft.
Configure new and existing collectors to work behind the forward proxy.
Use a reverse proxy for collector traffic.
Before you begin
Before you begin, check that you have performed the following actions:
You have signed into your Moogsoft account.
You have installed and configured proxy server software such as Squid for Linux or Mac. You can install and configure Nginx to use for a reverse proxy server. However, we do not recommend using Nginx as a forward proxy.
Note
On Linux systems, you can run
systemctl<name of proxy server>to test that your proxy server is active.If you are using Windows, you can also route Windows traffic through a Linux or Mac proxy server. For more information, read Collector proxy for a Windows OS.
Note
For key points about collector installation, read the Supported platforms, Install a Linux or Mac OS collector, and Collector operations topics.
Configure a collector forward proxy
You can use a Moogsoft collector forward proxy for your Linux and Mac platforms. For best use of the collector proxy, install and configure the collector proxy before installing your collectors.
You also need to be aware that installing the collector behind a forward proxy as a root user is handled differently than installing it as non-root. For example, if you install a collector as a root user, the collector is placed in the /opt directory.
For more information about configuring your collector forward proxy, see the section titled “Considerations in using a Linux or Mac forward proxy server” later in this topic.
Install a collector for the forward proxy
To install your collector behind a forward proxy, switch to your Moogsoft instance:
Note
To start, remove any installed collector and its associated files. Read the Collector operations topic for details about removing collectors.
Go to Integrations > Ingestion Services > Collectors > Installation.
Select either the Linux or Mac OS collector platform.
Note
We will use Linux procedures in this example.
Copy the installation script and paste it into a terminal on the target client system. Do not run the Moogsoft collector installation script until you modify the last line of the script, which normally has the following format:
Standard collector install script
bash -c "$(curl ${BASE_URL}/v2/collector-installer/script\?platform=LINUX -kLH apikey:${API_KEY})"In your client terminal, modify the collector installation script by making the following changes:
Change the cURL portion of the copied install script to:
$(curl -x <proxy_url> ${BASE_URL}.Add
&proxy_url=http://&<proxy server ip address>:<port>to the last line of the script. It has the following format:bash -c "$(curl -x <proxy_url> ${BASE_URL}/v2/collector-installer/script\?platform=LINUX\&proxy_url=<proxy_url> -kLH apikey:${API_KEY})"Remember to prepend the
"\"escape character to the "&" preceding theproxy_urlquery parameter.
In both instances in the script, replace the
proxy_urlwith the the public ip address of your proxy server followed by a colon (:) and the port for your remote server (such as:3128)For example, for a squid proxy server configuration, you would use the same ip address that you specified in the squid configuration line:
acl <name> src <proxy server ip address>.See "Considerations in using a forward proxy server" later in this topic.
Run the script.
Switch to your Moogsoft UI and check that the collector appears in the Collectors List.
Use a proxy with existing collectors
In addition to setting new collector installations to run behind a forwarding proxy, you can also set existing collector or collectors to run behind a proxy. To do this:
Open a terminal on the system running an existing collector.
Stop the existing collector by running the
~/collector/scripts/stop.shscript.Open a terminal on your system running a collector behind a proxy server, as described in the previous sections.
Navigate to the bootstrap collector configuration file (
collector.toml) and open it using your editor of choice (vi, vim, nano, and so forth). For example:cd ~/collector/config/collector.toml nano collector.toml
You should see the addition of a provider proxy definition. For example:
... url = "https://api.dev.moogsoft.cloud" [provider.proxy] https = "http://<proxy server ip address>" ...
Copy the
[provider.proxy]andhttps = "http://<proxy server ip address>"from thiscollector.tomlfile. Make sure it is the one that you installed behind a proxy server.For any existing collector that you also want to run behind your forwarding proxy server, paste your copied lines or add the following lines to the
collector.tomlfile:[provider.proxy] https = "http://<proxy server ip address>"
Replace the
proxy server ip addresswith thepublic ip addressof the proxy server that you set up. You can cut and paste these lines from thecollector.tomlfile of a collector that you installed behind your proxy server.Restart your collector by running the
/collector/scripts/start.shscript.
Configure a reverse proxy for Linux or Mac platforms
You can also configure a reverse proxy for Linux and Mac platforms using a reverse proxy server.
Note
Unlike the forward proxy install command, the reverse proxy install command requires the Base URL to be changed to the reverse proxy domain name.
Before configuring a reverse proxy server for your Linux or Mac systems, you need to have an existing reverse proxy setup or install and configure a reverse proxy server. To configure your reverse proxy to work with Moogsoft collectors:
Modify the existing or newly installed reverse proxy configuration file to include the following information:
Specify the proxy server machine name and source.
Define the proxy location URL:
location /collector/ { proxy_pass https://api.dev.moogsoft.cloud/;Specify the reverse proxy server port number.
Save and close your configuration file.
For an example of a proxy server configuration file, read the section, “Example Nginx configuration file for a reverse proxy” later in this topic.
Install a collector behind a reverse proxy
To install your collector with a reverse proxy server, go to your Moogsoft instance:
Go to Integrations > Ingestion Services > Collectors > Installation.
Select either your Linux or Mac OS collector platform.
Note
We will use Linux for examples in this procedure.
Copy the Moogsoft installation script and paste it into a terminal on your target client system. Do not run the Moogsoft collector installation script until you modify the cURL request in last line of the script.
Modify the collector installation script as shown in the following cURL request with a base URL:
bash -c "$(curl https://localhost/collector/v2/collector-installer/script\?platform=LINUX\&base_url=https://localhost -kLH apikey:<my specific API key>
Remember to prepend the
"\"escape character to the"&"preceding the proxy_url query parameter.
In the prior example, we added the base_url https://localhost/collector/v2/collector-installerline. This base_url must contain the reverse proxy domain.
Validate and troubleshoot your proxy configuration
If you have any issues in running a Moogsoft collector behind a forward proxy check the following:
When using a forward proxy, make sure you modify your Moogsoft collector install script:
Check that the
https_proxy addressis not blank in yourcurlcommand.Check that you have included the proxy server port number in your proxy url definition:
proxy_url=http://<ip address>:<proxy server port number>
Check your Moogsoft UI to validate that your collector is installed. Check the Collectors List to see if the Windows Collector is listed.
In the Moogsoft UI, go to Integrations > Ingestion Services > Collectors > <specific collector> > Collector Logs and review the logs. Check that your collector passed the
Healthchecks.Check the local collector logs on your Linux or Mac client by reviewing the logs in
~/collector/logs.Review your collector config file on your Linux or Mac client in
~/collector/config/collector.toml.If you are using a reverse proxy, make sure the
base_urlin yourcurlcommand contains the reverse proxy domain name.Run the following command to verify that your proxy server is working:
curl https://httpbin.org/ip
This should return the proxy server ip address in the following format:
{ 2 3 "origin": <"proxy server ip address"> 4 5}To verify that your Moogsoft traffic is routed from your forward proxy server, check your proxy server logs. For a Squid proxy server, you would check your access logs at
/var/log/squid.For example, if you tail the Squid
access.logyou would get your connection information as shown below.sudo /var/log/squid$ tail -n 10 access.log
Considerations in using a forward proxy server
If you have a forward proxy system set up, you will need to modify its configuration file to provide the following information:
Specify the proxy server machine name and source.
Provide access to the machine using the machine name that you specified above.
Specify the proxy server port number.
Note
Squid configuration file example
acl myproxy src <IPv4> # machine's name (this is a comment)http_access allow myproxy # this is your machine namehttp_port 3128 # this is the standard port for the squid proxy serverYou also need to be aware that installing the collector behind a forward proxy as a root user is handled differently than installing it as non-root.
Example Nginx configuration file for a reverse proxy
The following code snippet illustrates an Nginx configuration file with the required configuration changes.
Nginx configuration file example
worker_processes 1;
...
}
location /collector/ {
proxy_pass https://api.dev.moogsoft.cloud/;
}
proxy_ssl_server_name on;
}
...
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/etc/nginx/cert.pem;
ssl_certificate_key /usr/local/etc/nginx/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
...
include servers/*;