Background
To communicate with the backend effectively, Instana uses the SPDY protocol to transfer data. In many cases direct communication from the agent to the backend can be granted and simplifies the deployment of the agents. In some cases one dedicated entry into and exit out of the network is required. For this reason Instana can be used in combination with a variety of proxies. In general http(s), socks4 and socks5 proxies are supported.
This document describes the configuration of squid proxy (www.squid-cache.org) in combination with Instana.
Simple Proxy Setup
There are several ways to install squid on your system. Most linux distributions include squid in their repositories and the software can be installed using the prefered package manager. In case no package is available or you want to run squid on Microsoft Windows you can get squid binaries from this location:
http://wiki.squid-cache.org/SquidFaq/BinaryPackages
Once squid is installed an example configuration called squid.conf is created. If you want to use the proxy for the Instana communication exclusively you can backup the default configuration and just use this minimal squid.conf:
|
# The tcp port squid is listening on http_port 3128 # Please specify subnet with instana agents acl instana_agent_net src 10.0.0.0/8 # This is the ip of the instana backend acl instana_backend dstdomain saas-eu-west-1.instana.io #acl instana_backend dstdomain ec2-54-144-114-141.compute-1.amazonaws.com #acl instana_backend dstdomain saas-us-west-1.instana.io #acl instana_backend dstdomain saas-us-east-1.instana.io # This is the port used by Instana acl instana_backend_port port 4444 # This is the repo to download updates and additional sensors acl instana_repo dstdomain repo-public.instana.io acl instana_repo_port port 80 acl instana_repo_port_secure port 443 # Protocol used for instana backend acl instana_backend_proto proto HTTP # Protocol used for instana backend acl instana_repo_proto proto HTTP acl instana_repo_proto_secure proto HTTPS http_access allow instana_agent_net instana_backend instana_backend_port http_access allow instana_agent_net instana_repo instana_repo_port http_access allow instana_agent_net instana_repo instana_repo_port_secure # DO NOT REMOVE THIS RULE! http_access deny all |
For the Instana agent configuration you need to modify two files. In the file <install-dir>/etc/mvn-settings.xml the following information must be present (and not commented out) within the <settings></settings> section:
|
<proxies> <proxy> <id>agent-proxy</id> <active>true</active> <protocol>http</protocol> <username></username> <password></password> <host>your-proxyaddress-goes-here</host> <port>your-proxy-port-goes-here</port> </proxy> </proxies> |
This enables the Instana agent to download agent updates and additional features automatically. Furthermore the file <install-dir>/etc/instana/com.instana.agent.main.sender.Backend.cfg needs to be reconfigured to use the proxy for the communication between the agent and the Instana backend. Please make sure the following lines are present and not commented out:
|
proxy.type=http proxy.host=your-proxyaddress-goes-here proxy.port=your-proxy-port-goes-here |
Another way to configure proxy in recent releases (215 or so) is using ENV variables:
The feature works for metrics and sensors download/update. I tested on the host agent, docker and Kubernetes/OCP deployments.
Documentation available at t.ly/IpDp.