Proxies¶
If your network configuration restricts outbound traffic from where you have installed the collectors, you can route all collectors traffic through a proxy. For instance, you can set up haproxy on another host and route all collectors traffic through that instance of haproxy.
Note that this proxy method only works for collectors running in the default sp_collector mode.
Configuring a Proxy¶
Before you begin: Install haproxy on another host.
-
Configure
/etc/haproxy/haproxy.cfgas following. Make sure to provide the${AOC_HOST}variable.# Basic configuration global log 127.0.0.1 local0 maxconn 4096 stats socket /tmp/haproxy # Some sane defaults defaults log global option dontlognull retries 3 option redispatch timeout client 5s timeout server 5s timeout connect 5s # This declares a view into HAProxy statistics, on port 3835 # You do not need credentials to view this page and you can # turn it off once you are done with setup. listen stats :3835 mode http stats enable stats uri / # Collectors will connect at the below endpoints. frontend forwarder bind *:443 # DTDG mode tcp default_backend aoc-stats # Any TCP request coming to the forwarder or watcher frontend defined above # will be proxied to the AOC backends below. # Replace ${AOC_HOST} with your AOC endpoint. backend aoc-stats balance roundrobin mode tcp option tcplog server mothership ${AOC_HOST}:443 check port 443 -
Restart haproxy.
sudo service haproxy restart -
When you install your collectors, specify the hostname of your proxy in the
EPOCH_AOC_HOSTvariable.docker run -td \ --name=epoch_collectors \ --net=host \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v /proc/:/host/proc/:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ --cap-add=NET_RAW \ --cap-add=NET_ADMIN \ -e EPOCH_AOC_HOST=<proxy_hostname> \ -e DEPLOY_ENV="docker" \ -e SD_BACKEND="docker" \ gcr.io/nutanix-epoch/collectors:latest