Deploy Cyberwatch behind a proxy with Swarm

This page provides the additional steps required to install Cyberwatch behind a proxy.

Configure and test the proxy for the local user

Before making any changes in the docker configuration, configure the proxy for the local user:

export HTTP_PROXY=http://proxy.example.com:80/
export HTTPS_PROXY=http://proxy.example.com:80/

Then check if this configuration is appropriate with one of these two commands:

curl -i https://harbor.cyberwatch.fr
wget -O- https://harbor.cyberwatch.fr

The expected result is 200 OK

Docker configuration

Create the /etc/systemd/system/docker.service.d directory.

mkdir -p /etc/systemd/system/docker.service.d

Go to this directory and create the http-proxy.conf and https-proxy.conf files:

cd /etc/systemd/system/docker.service.d

cat >> http-proxy.conf <<EOL
[Service]
Environment="HTTP_PROXY=$HTTP_PROXY"
EOL

cat >> https-proxy.conf <<EOL
[Service]
Environment="HTTPS_PROXY=$HTTPS_PROXY"
EOL

Ensure that the $HTTP_PROXY and $HTTPS_PROXY variables are set for the user who will be writing to the files.

Apply the changes:

systemctl daemon-reload
systemctl restart docker

From the official documentation showing changes to be made for Docker to work behind a proxy.

Check the configuration with Docker

To check if the proxy configuration is working, switch to the cyberwatch user and run the command:

docker login harbor.cyberwatch.fr

Requires adding a cbw$ prefix before the login from the Cyberwatch license

If the command returns Login Succeeded, the proxy configurations are valid.

OPTIONAL: Services creation being very slow when (re) starting the application

It is possible that the creation of the services takes longer.

This happens if the docker service tries to resolve the DNS before going through the proxy.

In this case, add the following line to the /etc/hosts file:

188.165.35.138 harbor.cyberwatch.fr

This line is used to match the IP with the URL that the DNS is trying to resolve.