Run edoc platform behind a proxy server

You can run an edoc platform system behind a proxy server. Find out in this article what measures you need to take to ensure smooth operation for edoc platform.

In this article, you will learn which proxy data to specify in the environment variables, which details to configure at operating system level and how to provide the configuration (configmap) in the Kubernetes containers.

Specify the proxy in the environment variables

The kubelet service uses the environment configuration file, which can be found under /etc/environment. You must enter the following data in the file:

• Address of the proxy server (host name and port of the proxy server)

• Login data for the proxy server (user name and password, optional)

• IP range for Kubernetes

To determine the IP range of Kubernetes or the address of a service in the Kubernetes network, enter the following command:

ip addr show cbr0|grep "inet "

Sample answer:

inet 10.1.1.1/24 scope global cbr0

Enter the proxy server and the login data for the proxy server and the IP range in the configuration file /etc/environment.

HTTP_PROXY=http://<proxy_username:proxy_password@proxy_host:proxy_port>
HTTPS_PROXY=http://<proxy_username:proxy_password@proxy_host:proxy_port>
NO_PROXY=<IP range for Kubernetes, e.g. 10.1.1.0/24>

http_proxy=http://<proxy_username:proxy_password@proxy_host:proxy_port>
https_proxy=http://<proxy_username:proxy_password@proxy_host:proxy_port>
no_proxy=<IP range for Kubernetes, e.g. 10.1.1.0/24>

Use the proxy at operating system level and in "kubelet"

Once you have changed the environment configuration file, the changes must be applied so that the proxy server is used by the apps on Ubuntu and in kubelet.

Reload the systemd configuration with the following command:

sudo systemctl daemon-reload

Restart the kubelet service with the following command to apply the changed configuration:

sudo systemctl restart snap.microk8s.daemon-kubelet.service

For more information about installing a proxy see: https://microk8s.io/docs/install-proxy.

Automatically create a Proxy ConfigMap via Artisan command

To ensure that the proxy server is also used in the Kubernetes containers, you must provide the changed proxy server data in all Kubernetes namespaces. By default, the edoc agent task SyncSystemState ensures that the configuration is updated regularly.

You can also perform the configuration manually with the Artisan command via the command line.

Use the following command in the /opt/agent directory to provide the proxy settings not only for the kubelet service, but also centrally as a Kubernetes ConfigMap in the namespaces:

php artisan agent:proxyGenerate
# To automatically restart the affected deployments:
php artisan agent:proxyGenerate --auto

Basic knowledge of the Artisan command

The following steps are performed with the Artisan command:

1. Environment file is checked: reads the configuration file /etc/environment. If the configuration file is not found, the command is canceled.

2. Destination namespaces are determined: by default, only the namespaces master, staging and test are considered. If these namespaces exist in the cluster, the process is performed for each namespace.

3. Proxy variables are extracted: all keys HTTP_PROXY, HTTPS_PROXY, NO_PROXY (also in lower case) are read. In addition, the following suffixes are automatically added to the NO_PROXY variable:

   .default, .master, .staging, .test, .phpmyadmin, .kube-system, .traefik 
   

4. Create or update the Namespace-ConfigMap: the environment variables are written to a Kubernetes ConfigMap for each namespace. If a ConfigMap already exists for the namespace, the data it contains is compared with the newly extracted proxy variables. If there are no changes, the restart of the deployments is skipped. All pods in the namespaces for which access to external services is relevant are assigned the proxy server environment variables via the ConfigMap in the deployment.

5. Deployments are restarted: the affected deployments are then restarted in the namespace.