HTTPS proxy configuration missing

Problem

The configuration of the HTTPS proxy is not working in some cases.

Solution

Since NRI-Agent 1.3.1

Configuration

Precedence

Windows

Linux

NRIA_PROXY 1 HTTP/HTTPS HTTP/HTTPS

Proxy (in newrelic-infra.yml)

2

HTTP/HTTPS HTTP/HTTPS

HTTPS_PROXY

3

HTTPS

HTTPS

HTTP_PROXY

4

HTTP HTTP

Important notes:

  • Please notice that the agent version 1.3.1 gives priority to the NRIA_PROXY/proxy configuration over the system HTTPS_PROXY environment variable.
  • NRIA_PROXY/proxy configuration options will enable HTTP or HTTPS depending on the URL scheme.
  • The HTTP_PROXY and HTTPS_PROXY environment variables will be ignored if the following configuration options are set NRIA_IGNORE_SYSTEM_PROXY=true or ignore_system_proxy: true
  • If the Proxy TLS certificates are not properly configured, the system will avoid hostname verification, or even falling back into HTTP unless you set the configuration option: proxy_validate_certificates: true.
  • The certificate validation won't work in Centos 5 systems.

From NRI-Agent-1.0.1002 to NRI-Agent 1.2.25

If NRIA_IGNORE_SYSTEM_PROXY=FALSE or ignore_system_proxy=FALSE (in newrelic-infra.yml)

Configuration

Precedence

Windows

Linux

HTTPS_PROXY

1

HTTP (1) HTTP (1)

NRIA_PROXY

2

HTTP (1)

HTTP (1)

Proxy (in newrelic-infra.yml)

3

HTTP (1) HTTP (1)

HTTP_PROXY

4

HTTP HTTP

(1) HTTPS proxy not supported, redirected to HTTP.

If NRIA_IGNORE_SYSTEM_PROXY=TRUE or ignore_system_proxy=TRUE (in newrelic-infra.yml)

Configuration

Precedence

Windows

Linux

NRIA_PROXY

1

HTTP (1)

HTTP (1)

Proxy (in newrelic-infra.yml)

2

HTTP (1) HTTP (1)

(1) HTTPS proxy not supported, redirected to HTTP.

From NRI-Agent-1.0.956 to NRI-Agent-1.0.989

Configuration<

Precedence

Windows

Linux

HTTPS_PROXY

1 HTTPS HTTP (1)

NRIA_PROXY<

2

HTTP/HTTPS (2)

HTTP (1)

Proxy (in newrelic-infra.yml)

3

HTTP/HTTPS HTTP (1)

HTTP_PROXY

4

HTTP/HTTPS TTP

(1) HTTPS proxy not supported, redirected to HTTP.

(2) When using a HTTPS proxy with a custom TLS/SSL or self-signed certificate, provide either the certificate file location by using ca_bundle_file, or the certificates directory path by using ca_bundle_dir.

Before NRI-Agent-1.0.956

Configuration

Precedence

Windows

Linux

HTTPS_PROXY

1

HTTP (1) HTTP (1)

NRIA_PROXY

2

HTTP (1) HTTP (1)

Proxy (in newrelic-infra.yml)

3

HTTP (1) HTTP (1)

HTTP_PROXY

4

HTTP HTTP

(1) HTTPS proxy not supported, redirected to HTTP.

(2) When using a HTTPS proxy with a custom TLS/SSL or self-signed certificate, provide either the certificate file location by using ca_bundle_file, or the certificates directory path by using ca_bundle_dir.

Cause

We updated the Golang version to 1.10 and the behavior of the proxy changed (https://golang.org/doc/go1.10#net/http), affecting the backwards compatibility of the New Relic Infrastructure agent.

We also added a way to modify the precedence of the proxy configuration with the ignore_system_proxy property in the file newrelic-infra.yml.

For more help

Recommendations for learning more: