Configuring CycleCloud to Use an HTTP(s) Proxy
Azure CycleCloud can be configured to use a proxy for all internet-bound HTTP and/or HTTPS traffic. This is generally useful when direct internet access is not allowed, or for traffic monitoring purposes.
To enable proxies, go into the CycleCloud GUI and navigate to the Settings tab from the left frame, then double click on the HTTP(s) Proxies row. In the configuration dialog that pops up, verify that Enabled is checked and enter the proxy details in the form.
Changes to the proxy settings will not take effect until after a restart. To restart CycleCloud, run the following command:
/opt/cycle_server/cycle_server restart --wait
Add storage endpoint for Blob access
CycleCloud requires access to a Blob Storage container in your subscription in order to cache installation files for nodes. When operating behind a proxy or on a locked down network, you should configure a Virtual Network Service Endpoint to the storage service. This will route requests to the storage container through the Azure backbone network instead of through the public management URLs.
When combining a Service Endpoint for Azure Storage access with an HTTPS Proxy for outbound Azure API traffic, CycleCloud itself can be configured to avoid the Proxy and send Storage requests directly via the Service Endpoint.
To disable the proxy for Storage Account access, add:
webServerJvmOptions= property in the: /opt/cycle_server/config/cycle_server.properties
file and then restart CycleCloud.
Export HTTPS_PROXY before running the CycleCloud CLI installer
The CycleCloud CLI installer requires outbound access to install packages via
pip. Prior to running the install script, be sure to set the HTTPS_PROXY environment variable to point to your
proxy server and port:
Exporting proxy settings on nodes
If the nodes started by CycleCloud also need to have traffic routed through a proxy server, modify the configuration section of a cluster definition to change the proxy settings.
[[[configuration]]] http_proxy = 10.0.0.1 https_proxy = 10.0.0.1 no_proxy = 169.254.169.254