Configuring Triton to use a proxy

Modified: 05 Jan 2021 04:46 UTC

This document explains how to configure Triton to use a proxy. Both authenticated and unauthenticated proxies are supported.

Requirements

Proxy support requires versions of the following core services with version strings newer than 20150901.

Customers with a current Triton support contract who have questions about the ability of their current core service release components to handle proxy traffic should contact Joyent Support via help.joyent.com.

Required Sites

Your proxy will, at a minimum, need to allow access to the following sites:

Site Purpose Notes
updates.joyent.com Updates for Triton core services Required for Triton to operate
images.joyent.com Joyent seed images Required for Triton to operate
index.docker.io Docker images Optional; needed if you wish to pull from Docker Hub
registry.hub.docker.com Docker images Optional; needed if you wish to pull from Docker Hub

Additionally, you will need to allow access to any other docker repositories that you will pull from.

Configuring Triton to use your proxy

For an unauthenticated proxy:

headnode# sapiadm update $(sdc-sapi /applications?name=sdc | json -H 0.uuid) \
metadata.http_proxy=http://YourProxy:YourProxyPort

For an authenticated proxy:

headnode# sapiadm update $(sdc-sapi /applications?name=sdc | json -H 0.uuid) \
metadata.http_proxy=http://YourProxyUser:YourProxyPassword@YourProxy:YourProxyPort

This change will take up to five minutes to propagate to the relevant core services.

Note: The Triton config variable is http_proxy whether your proxy URL is http:// or https://.

Check and test your configuration

You can run the following tests to confirm proxy access and validate your configuration. If you have custom sites, you will need to adjust accordingly.

Additional troubleshooting

The following tests use curl directly for testing, and are designed to help diagnose proxy issues by providing the actual response codes and responses received.