Proxy Configuration
Forward Proxy
Bindplane and Bindplane Collector support the use of an HTTP forward proxy for (egress) connections. The Proxy
is configured using the HTTP_PROXY and HTTPS_PROXY environment variables.
Configure Bindplane
You can configure the proxy environment variables by using a Systemd override. Run the following command:
Modify the unit file's override to look like this:
Note that this example is using http for both HTTP_PROXY and HTTPS_PROXY. This is because the proxy server
is not configured to use TLS. Connections to https sites (such as github.com and Google Cloud API) are still encrypted
with TLS. See TLS for more details.
After saving the file, you can reload systemd and restart Bindplane.
Bindplane will now proxy outgoing requests using the configured proxy.
Configure Bindplane Collector
The process for Bindplane Collector is identical to Bindplane.
Create a Systemd override.
Configure the HTTP_PROXY and HTTPS_PROXY environment variables.
Reload systemd and restart the service.
Authentication
Username and password authentication is supported using the following form:
TLS
TLS is always used between the proxy and the destination when connecting to a TLS secured endpoint, such as https://logging.googleapis.com or https://otlp-gateway-prod-us-central-0.grafana.net/otlp.
This is often confusing because TLS is not required for the connection between Bindplane / Bindplane Collector and the proxy.
If your proxy has a TLS listener, you can use TLS for the connection between Bindplane / Bindplane Collector and the proxy like this:
This will proxy http and https requests using TLS between your proxy client and server.
Note that your Bindplane server and your Bindplane Collectors must trust the certificate that is in use by the proxy.
You can read more about adding ca certificates to your servers by reviewing the following: