Proxy Configuration
Forward Proxy
BindPlane OP and BindPlane Agent support the use of an HTTP forward proxy for (egress) connections. The Proxy
is configured using the HTTP_PROXY and HTTPS_PROXY environment variables.
Configure BindPlane OP
You can configure the proxy environment variables by using a Systemd override. Run the following command:
Modify the unit file's override to look like this:
Note that this example is using http for both HTTP_PROXY and HTTPS_PROXY. This is because the proxy server
is not configured to use TLS. Connections to https sites (such as github.com and Google Cloud API) are still encrypted
with TLS. See the TLS for more details.
After saving the file, you can reload systemd and restart BindPlane.
BindPlane will now proxy outgoing requests using the configured proxy.
Configure BindPlane Agent
The process for BindPlane Agent is identical to BindPlane OP.
Create a Systemd override.
Configure the HTTP_PROXY and HTTPS_PROXY environment variables.
Reload systemd and restart the service.
Authentication
Username and password authentication is supported using the following form:
TLS
TLS is always used between the proxy and the destination when connecting to a TLS secured endpoint, such as https://logging.googleapis.com or https://otlp-gateway-prod-us-central-0.grafana.net/otlp.
This is often confusing because TLS is not required for the connection between BindPlane / BindPlane Agent and the proxy.
If your proxy has a TLS listener, you can use TLS for the connection between BindPlane / BindPlane Agent and the proxy like this:
This will proxy http and https requests using TLS between your proxy client and server.
Note that your BindPlane OP server and your BindPlane Agents must trust the certificate that is in use by the proxy.
You can read more about adding ca certificates to your servers by reviewing the following: