Proxy support for relinking

When you are setting up new application version, the IdM needs to relink itself. During the relink operation, the build system contacts our CDN servers to get necessary components. For this reason, the appliance needs to have internet access to our servers, more precisely to:

  • repo.iamappliance.com

    • 443/tcp

    • 8443/tcp

The direct access to this address is desired. However, in many infrastructures, the outgoing communication must go through organization’s proxy.

This feature is supported since bcv-czechidm:14.0.0-r0 application container which comes with iam-app-czechidm RPM package of version 0.9.

It is also possible to use proxy in earlier versions of the bcv-czechidm container. If that is the case, please see here (private link).

Since the bcv-czechidm:14.0.0-r0, setting up proxy support is trivial:

  1. Edit the /data/registry/node-active-config/docker-compose-czechidm.yml and add following environment variables into the yaml file.

    • HTTP_PROXY=http://somehost:3128/

    • HTTPS_PROXY=http://somehost:3128/

  2. Restart the service afterwards with systemctl restart iam-czechidm.

Few things to note:

  • Setting HTTP_PROXY and HTTPS_PROXY variables affect only the relink part of the application container start. Those variables do not affect running application in any way.

  • Syntax of the variables is scheme://server:port/ where the :port part is mandatory and generally is not determined by the protocol.

  • Some applications (i.e. Maven) do not support setting of scheme. It is usually not a problem, though.