How to use Squid proxy as reverse proxy server for RTC SCM operations.
Gaurav verma (13●1●2)
| asked Jun 21 '18, 6:27 a.m.
edited Jun 22 '18, 4:29 a.m. by Ralph Schoon (63.5k●3●36●46) Hi Sam, Thanks for above mentioned answers and notes.
I tried following the way defined in this article https://jazz.net/library/article/325 for configuring a Squid proxy (ver 3.5) to work as a reverse proxy for all my RTC SCM operations (RTC ver 6.0.3). After configuring my Squid.conf file like this <o:p> </o:p> --------------------------------------------------------------------------------------------------------------------------------------------------- <o:p> </o:p> https_port 443 cert=/cygdrive/C/squid/certs/server.pem accel key=/cygdrive/C/squid/certs/privkey.pem <o:p> </o:p> cache_peer 80.231.143.40 parent 443 0 no-query originserver name=httpsAccel ssl login=PASSTHRU sslflags=DONT_VERIFY_PEER <o:p> </o:p> cache_peer_access httpsAccel allow all <o:p> </o:p> cache_replacement_policy heap GDSF <o:p> </o:p> memory_replacement_policy heap GDSF <o:p> </o:p> cache_dir aufs /cygdrive/C/squid/cachedir 800480 256 256 <o:p> </o:p> cache_mem 200000 MB <o:p> </o:p> cache_store_log none <o:p> </o:p> coredump_dir /cygdrive/C/squid/coredump <o:p> </o:p> refresh_pattern . 0 20% 4320 <o:p> </o:p> cachemgr_passwd disable all <o:p> </o:p> maximum_object_size 4096 MB <o:p> </o:p> maximum_object_size_in_memory 8 MB <o:p> </o:p> buffered_logs on <o:p> </o:p> visible_hostname localhost <o:p> </o:p> max_filedescriptors 3200 <o:p> </o:p> logfile_rotate 7 <o:p> </o:p> http_port 3128 <o:p> </o:p> ----------------------------------------------------------------------------------------------------------------------------------------------------- <o:p> </o:p> I am unable to connect my RTC client using the Repository connection URL https://10.30.80.9:443/ccm <o:p> </o:p>
ERROR: he error says unable to find server, make sure your server is up and running <o:p> </o:p>
Also when I tried to verify the Squid via Curl command curl -k https://10.30.80.9:443/ccm/service -v -u jtsadmin <o:p> </o:p>
it gave this message <o:p> </o:p>
STATE INIT -> Connect handle 0x6000704e0 line 1404 <connection= -5000> <o:p> </o:p> Added connection 0. The Cache now contains 1 members <o:p> </o:p> trying 10.30.80.9... <o:p> </o:p> TCP_Nodelay set <o:p> </o:p> STATE: CONNECT -> WAITCONNECT handle 0x6000704e0 line 1456 <connection #0> <o:p> </o:p>
Note: The URL https://80.231.132.40/ccm for real RTC server is actually a Natted IP. And port 443 is used instead 9443 by this URL. <o:p> </o:p>
I want to ask that whether my Squid.conf file is correct? <o:p> </o:p>
or I need to check for the correct URL? <o:p> </o:p>
|
Accepted answer
@Gaurav Verma, If you see either 40x or 302 as the response code when you run CURL, your proxy is working as expected. From your above output I see it not working correctly.
visible_hostname is set to localhost in your configuration, can you try by giving actual hostname.
If you are using WAS and non 9443 port for RTC server, check link - https://www-01.ibm.com/support/docview.wss?rs=3488&uid=swg21405179&cm_mc_uid=80353386661415096039333&cm_mc_sid_50200000=13646271529646197502
Gaurav verma selected this answer as the correct answer
Comments
Gaurav verma
commented Jun 22 '18, 3:53 a.m.
Hi Kamal
@Kamal,
Thank you very much for the quick answer, few more details about my set up.
The Squid proxy server is actually a machine which is outside the network in which CLM is running (its basically at supplier site), they want all the clients from supplier site to connect with proxy server rather then real RTC server. Therefore they have only allowed this proxy server to talk to RTC server via Natted IP address (80.231.143.40) with port 443. As a result the URL to connect with RTC is changed and its like https://80.231.143.40/ccm. Also then I had to put this Natted IP 80.231.143.40 as PEER in Squid.conf file.
I have changed the value in Visible_host from LOCALHOST to real host name of proxy server. But still not able to connect.
Could you please advice if Squid proxy software can work as reverse proxy in this case?
I more thing my Squid server is Windows 2012 server OS not linux. So could you please advice if anything specif needs to be changed in the script.
|
One other answer
When you say "they want all the clients from supplier site to connect with proxy server rather then real RTC server" you mean Squid proxy server right?
Comments
Gaurav verma
commented Jun 25 '18, 4:33 a.m.
@Kamal , thanks for the update. Below are my answers to you queries.
Yes, all client machines from supplier end needs to connect with Squid proxy server for all their RTC SCM operations.
I exactly followed the note which you have shared but still no success, it throws the same error.
As I said earlier that in this setup the URL for accessing RTC on Web is a natted IP URL hence all the clients are able to access via URL https://80.231.143.40/ccm. Also they are using the same URL to connect their RTC eclipse client which they are able to do successfully.
But when I configured the Squid proxy to be used as reverse proxy by making this Natted IP 80.231.143.40 as peer then it not getting connected.
Port 443 is the only port which is opened for communication between suppliers and real RTC server and that too via 2 firewalls. So I am not sure how (where) to use this port in (.conf) file.
Please let me know if Squid as reverse proxy can work in this type of setup?
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.