Prepare - Set up an explicit forward proxy

NGINX Agent can be configured to connect to NGINX One using an explicit forward proxy. This is useful in environments where direct internet access is restricted or monitored.

Before you start

Ensure you have the following:

NGINX Agent configuration for proxy usage

  1. Open a secure connection to your instance using SSH and log in.

  2. Open the NGINX Agent configuration file (/etc/nginx-agent/nginx-agent.conf) with a text editor. To edit this file you need superuser privileges.

  3. Add or modify the proxy section to include the proxy URL, port number, and timeout settings:

    server:
   host: agent.connect.nginx.com
   port: 443
   proxy:
      url: "http://proxy.example.com:<port number>"

  4. Restart NGINX Agent to apply the changes:

    sudo systemctl restart nginx-agent

In a containerized environment

To configure NGINX Agent in a containerized environment:

  1. Run the NGINX Agent container with the environment variables set as follows:

    sudo docker run \
   --add-host "myproxy.example.com:host-gateway" \
   --env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \
   --env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \
   --env=NGINX_AGENT_COMMAND_AUTH_TOKEN="<your-data-plane-key-here>" \
   --env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \
   --env=NGINX_AGENT_COMMAND_SERVER_PROXY_URL=http://myproxy.example.com:<port number> \
   --restart=always \
   --runtime=runc \
   -d private-registry.nginx.com/nginx-plus/agentv3:latest

NGINX Agent proxy authentication

If your forward proxy requires authentication, you can specify the username and password in the proxy section of the agent.conf file:

  1. Open a secure connection to your instance using SSH and log in.

  2. Add or modify the proxy section of the NGINX Agent configuration file (/etc/nginx-agent/nginx-agent.conf) to include the authentication details:

    proxy:
   url: "http://proxy.example.com:<port number>"
   auth_method: "basic"
   username: "user"
   password: "pass"

  3. Restart NGINX Agent to apply the changes:

    sudo systemctl restart nginx-agent

In a containerized environment

To set proxy authentication in a containerized environment:

  1. Run the NGINX Agent container with the environment variables set as follows:

    sudo docker run \
   --add-host "myproxy.example.com:host-gateway" \
   --env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \
   --env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \
   --env=NGINX_AGENT_COMMAND_AUTH_TOKEN="<your-data-plane-key-here>" \
   --env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \
   --env NGINX_AGENT_COMMAND_SERVER_PROXY_URL=http://proxy.example.com:<port number>
   --env NGINX_AGENT_COMMAND_SERVER_PROXY_AUTH_METHOD=basic
   --env NGINX_AGENT_COMMAND_SERVER_PROXY_USERNAME="user"
   --env NGINX_AGENT_COMMAND_SERVER_PROXY_PASSWORD="pass"
   --restart=always \
   --runtime=runc \
   -d private-registry.nginx.com/nginx-plus/agentv3:latest

Validate connectivity between the components

To test the connectivity between NGINX Agent, your proxy, and NGINX One Console, you can use the curl command with the proxy settings.

  1. Open a secure connection to your instance using SSH and log in.

  2. Run the following curl command to test the connection:

    curl -x http://proxy.example.com:<port number> -U your_user:your_password https://agent.connect.nginx.com/api/v1/agents
    • Replace proxy.example.com:<port number> with your proxy address and port number.
    • Replace your_user and your_password with the credentials you set up for proxy in the previous steps.

To test the configuration from a containerized environment, run the following command from within the container:

curl -x http://host.docker.internal:<port number> -U your_user:your_password https://agent.connect.nginx.com/api/v1/agents
  • Replace your_user and your_password with the credentials you set up for proxy in the previous steps.