Agent Proxy configuration

Background

To communicate with the backend effectively, Instana uses the SPDY protocol to transfer data. In many cases direct communication from the agent to the backend can be granted and simplifies the deployment of the agents. In some cases one dedicated entry into and exit out of the network is required. For this reason Instana can be used in combination with a variety of proxies. In general http(s), socks4 and socks5 proxies are supported.

This document describes the configuration of squid proxy (www.squid-cache.org) in combination with Instana.

Simple Proxy Setup

There are several ways to install squid on your system. Most linux distributions include squid in their repositories and the software can be installed using the prefered package manager. In case no package is available or you want to run squid on Microsoft Windows you can get squid binaries from this location:

http://wiki.squid-cache.org/SquidFaq/BinaryPackages

 

Once squid is installed an example configuration called squid.conf is created. If you want to use the proxy for the Instana communication exclusively you can backup the default configuration and just use this minimal squid.conf:

 

# The tcp port squid is listening on

http_port 3128


# Please specify subnet with instana agents

acl instana_agent_net src 10.0.0.0/8


# This is the ip of the instana backend

acl instana_backend dstdomain saas-eu-west-1.instana.io

#acl instana_backend dstdomain ec2-54-144-114-141.compute-1.amazonaws.com

#acl instana_backend dstdomain saas-us-west-1.instana.io

#acl instana_backend dstdomain saas-us-east-1.instana.io


# This is the port used by Instana

acl instana_backend_port port 4444


# This is the repo to download updates and additional sensors

acl instana_repo dstdomain repo-public.instana.io

acl instana_repo_port port 80

acl instana_repo_port_secure port 443


# Protocol used for instana backend

acl instana_backend_proto proto HTTP


# Protocol used for instana backend

acl instana_repo_proto proto HTTP

acl instana_repo_proto_secure proto HTTPS


http_access allow instana_agent_net instana_backend instana_backend_port

http_access allow instana_agent_net instana_repo instana_repo_port

http_access allow instana_agent_net instana_repo instana_repo_port_secure


# DO NOT REMOVE THIS RULE!

http_access deny all

 

For the Instana agent configuration you need to modify two files. In the file <install-dir>/etc/mvn-settings.xml the following information must be present (and not commented out) within the <settings></settings> section:

 

<proxies>

 <proxy>

     <id>agent-proxy</id>

     <active>true</active>

     <protocol>http</protocol>

     <username></username>

     <password></password>

     <host>your-proxyaddress-goes-here</host>

     <port>your-proxy-port-goes-here</port>

 </proxy>

</proxies>

 

This enables the Instana agent to download agent updates and additional features automatically. Furthermore the file <install-dir>/etc/instana/com.instana.agent.main.sender.Backend.cfg needs to be reconfigured to use the proxy for the communication between the agent and the Instana backend. Please make sure the following lines are present and not commented out:

proxy.type=http

proxy.host=your-proxyaddress-goes-here

proxy.port=your-proxy-port-goes-here

Have more questions? Submit a request

Comments