-
Notifications
You must be signed in to change notification settings - Fork 140
/
pcf-director-proxy-settings.html.md.erb
41 lines (28 loc) · 3.99 KB
/
pcf-director-proxy-settings.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
title: Configuring Proxy Settings for the BOSH CPI
owner: Ops Manager
---
This topic describes how to configure proxy settings for the BOSH Cloud Provider Interface (CPI), which is the API that the BOSH Director uses to interact with your IaaS endpoint.
If you use a proxy to mediate traffic between your BOSH installation and your IaaS endpoint, you must enter your proxy information when Ops Manager starts for the first time.
The following diagram illustrates how a proxy mediates HTTP and HTTPS requests between the CPI of the BOSH Director and the IaaS endpoint.
<%= image_tag('cpi-proxy.png') %>
For more information about BOSH components, see the [BOSH documentation](https://bosh.io/docs/bosh-components.html).
<p class='note'><strong>Note:</strong> <%= vars.platform_name %> only supports proxying requests between the BOSH CPI and the IaaS API. It does not support proxying blobstore and database traffic.</p>
## <a id="config-proxy"></a> Configure Proxy
Perform the following steps to configure your proxy for the BOSH CPI when Ops Manager starts for the first time:
1. Ensure that you have installed your proxy and that it is functioning properly. You can install one proxy for HTTPS requests and another proxy for HTTP requests, or choose to use the same proxy for both kinds of traffic.
1. Follow the <%= vars.platform_name %> installation instructions for your IaaS. See the [Installing <%= vars.platform_name %>](../installing/index.html) topic for more information.
1. When Ops Manager starts for the first time, you must select **Use an Identity Provider** or **Internal Authentication**. See the following IaaS-specific topics for more information:
* [Configuring BOSH Director on AWS](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/aws/config-manual.html#access-om)
* [Configuring BOSH Director on vSphere](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/vsphere/config.html#set-up)
* [Configuring BOSH Director on OpenStack](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/openstack/config.html#log-in)
1. Both the **Use an Identity Provider** and the **Internal Authentication** login pages include fields for **HTTP proxy**, **HTTPS proxy**, and **No proxy**.
<p class="note"><strong>Note:</strong> For the <%= vars.app_runtime_full %> runtime, editing proxy settings in the BOSH Director propagates those settings to the Garden Diego cells in <%= vars.app_runtime_abbr %>. Sharing these proxy settings between Ops Manager and <%= vars.app_runtime_abbr %> enables the operator to reach a Docker Hub through a proxy within an environment that lacks internet connectivity.</p>
Complete the fields with the following information:
* **HTTP proxy:** Enter the URL for the proxy that handles HTTPS requests between the BOSH CPI and the IaaS API.
* **HTTPS proxy:** Enter the URL for the proxy that handles HTTP requests between the BOSH CPI and the IaaS API. If you are using the same proxy to handle both HTTPS and HTTP traffic, enter the same URL as **HTTP proxy**.
* **No proxy:** Enter the following IP addresses:
* `127.0.0.1`
* The IP address of your BOSH Director. This is the first IP address not in your reserved range. For example, if you enter `10.0.16.0-10.0.16.10` in the **Reserved IP Ranges** field of the **Create Networks** page when configuring the BOSH Director, the BOSH Director IP is `10.0.16.11`.
<p class="note"><strong>Note:</strong> When the BOSH Director talks to other components on its VM, such as the database and the User Account and Authentication (UAA) module, it communicates with them as if they were external. You must enter the BOSH Director IP address in the no-proxy list to prevent traffic from the BOSH Director to other components on the same VM from passing through the proxy.</p>
<p class="note"><strong>Note:</strong> The values in the <strong>No Proxy</strong> field must be comma-delimited, with no spaces or quotation marks between values. Example: <code>127.0.0.1,10.0.16.11</code></p>