Overview

代理连接JFro在任务控制支持g services to each other and to the Internet. From Mission Control 3.2, you configure a proxy on theSite levelinstead of configuring a proxy for each service. All the services in a site automatically inherit the site proxy settings for that site removing the need to configure a proxy for each service.

Mission Control needs to be associated with a site in order to leverage the automatic proxy selection. A default Site 'MC_Site', geographically placed along the GMT line, is automatically created as a part of the Mission Control startup. The default Site can be changed from the General Settings section in the Admin menu.

Proxy Management in Mission Control supports:

  • Central managment of all proxies.
  • Automatic migration of existing JFrog service proxies to the Proxy Management tab.
  • Several types of network proxies including NTLMv2 (when running on Linux you may use NTLMv2 only with CNTLM).

To simplify configuring mulitple proxies,admins can define the proxies and proxy pairing in theProxy Configtab in the Admin section. Proxy pairing, sets the data flow from the Source site to the Destination site through the selected site proxy.

Distribution Enterprise+ Scenario

Distribution relies on Mission Control to get topology information of which Edge nodes and Artifactory services to connect to.

In the following example, Distribution and an Artifactory are configured on Site 1 and need to send release bundles to two Edge sites - Sitev2 and Sitev3:

  • Proxy 1 is created on Site1: Dev_Art1.This site includes the Arti1 service and Distribution service.
  • Proxy 2 is created on Site UK. This site includes Edge1.
  • Proxy 3 is created on Site AU. This site includes Edge2.

The Proxy setup is configured as follows in theConfig Proxysection.

Viewing Proxies

Proxies are configured on the site level in theConfig Proxy页面。服务位于site are automatically allocated the site proxy.

To view the list of proxies configured, in theAdminmodule, selectProxy | Config Proxy.

Proxy List

Creating a Proxy

  1. To create a new proxy, clickAdd Proxyand specify the basic site settings and credentials.

    Name
    		 A logical name for this proxy
    URL
    		 The proxy URL.
    Note: A URL associated with a service should not be used as a proxy URL.
    User Name
    		 A user name required to access the proxy server (optional).
    Password
    		 The password required to access the proxy server (optional).
  2. ClickAdd Site Pairand select the source and target sites to pair.

Configuring an NTLM Proxy

Mission Control supports several types of network proxies including NTLMv2. When running on Linux, you may want to use NTLMv2 with CNTLM.

NTLMAuthorizationProxy服务器(APS)是一个proxysoftware that allows you to authenticate via a MicrosoftProxyServer using the proprietaryNTLMprotocol.

NTLM is supported by running an ad-hoc CNTLM container likehttps://hub.docker.com/r/robertdebock/docker-cntlm/.

  1. Run the container to hash the NTML credentials.

    docker run robertdebock/docker-cntlm /bin/sh -c "echo Password  > /etc/cntlm.conf; \ /usr/sbin/cntlm -H -u  -d "

    The following output is generated:

    PassLM 1AD35398BE6565DDB5C4EF70C0593492 PassNT 77B9081511704EE852F94227CF48A793 PassNTLMv2 B78FD04127AEDF090C1F7121ED002A4D # Only for user 'username', domain 'domain'

  2. Run the container with the hashed credentials.

    docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PASSNTLMV2=B78FD04127AEDF090C1F7121ED002A4D" \ -e "PROXY=

In Mission Control, create a proxy in theAdminmodule, selectProxy | Config Proxywith the following parameters.

Note that the credentials are not required because they are handled by CNTLM.

Migrating Proxies

From Mission Control 3.2, proxies previously configured on the Service level are automatically migrated to the Site level. Proxies configured in Mission Control enable communication between services and are now dependent on the site on which the service is located. During Mission Control startup proxy configuration is automatically migrated to reflect the right Site pair based according to the following rules:

  1. The proxy on the source sites is automatically set as the Mission Control site. Initially, it is set with the default Site (MC_Site) that can later be changed in the Admin section to the valid site.
  2. If a service uses a proxy and has a site, the proxy site pair will refer to the Mission Control site as the source and service site as the destination.
  3. If no proxy is required to connect to a service, the service will be assigned by default to the Mission Control site.
  4. If a service uses a proxy and doesn't have a site, a new site may be created and assigned to the service and the proxy Site pair has Mission Control Site as source and Service's Site as the destination.
  5. If a proxy has been configured, but not associated with any service, the configuration will remain as is.

Sites created as a part of migration can be updated at any time on the Service level or in the Admin section.

REST API

Mission Control supports managingProxiesthrough the REST API.