Configuring Proxy Settings for the BOSH CPI

Page last updated:

This topic describes how to configure proxy settings for the BOSH Cloud Provider Interface (CPI), which is the API that the BOSH Director uses to interact with your IaaS endpoint. If you use a proxy to mediate traffic between your BOSH installation and your IaaS endpoint, you must enter your proxy information when Ops Manager starts for the first time.

The following diagram illustrates how a proxy mediates HTTP and HTTPS requests between the CPI of the BOSH Director and the IaaS endpoint.

Cpi proxy

For more information about BOSH components, see the BOSH documentation.

Note: Pivotal Cloud Foundry (PCF) only supports proxying requests between the BOSH CPI and the IaaS API. It does not support proxying blobstore and database traffic.

Configure Proxy

Perform the following steps to configure your proxy for the BOSH CPI when Pivotal Cloud Foundry Operations Manager starts for the first time:

  1. Ensure that you have installed your proxy and that it is functioning properly. You can install one proxy for HTTPS requests and another proxy for HTTP requests, or choose to use the same proxy for both kinds of traffic.

  2. Follow the PCF installation instructions for your IaaS. See the Installing Pivotal Cloud Foundry topic for more information.

  3. When Ops Manager starts for the first time, you must select Use an Identity Provider or Internal Authentication. See the following IaaS-specific topics for more information:

  4. Both the Use an Identity Provider and the Internal Authentication login pages include fields for HTTP proxy, HTTPS proxy, and No proxy.

    Note: For the Pivotal Application Service (PAS) runtime, editing proxy settings in the BOSH Director propagates those settings to the Garden Diego cells in PAS. Sharing these proxy settings between Ops Manager and PAS enables the operator to reach a Docker Hub through a proxy within an environment that lacks internet connectivity.

    Complete the fields with the following information:

    • HTTP proxy: Enter the URL for the proxy that handles HTTPS requests between the BOSH CPI and the IaaS API.
    • HTTPS proxy: Enter the URL for the proxy that handles HTTP requests between the BOSH CPI and the IaaS API. If you are using the same proxy to handle both HTTPS and HTTP traffic, enter the same URL as HTTP proxy.
    • No proxy: Enter the following IP addresses:
      • 127.0.0.1
      • The IP address of your BOSH Director. This is the first IP address not in your reserved range. For example, if you enter 10.0.16.0-10.0.16.10 in the Reserved IP Ranges field of the Create Networks page when configuring the BOSH Director, the BOSH Director IP is 10.0.16.11.

        Note: When the BOSH Director talks to other components on its VM, such as the database and the User Account and Authentication (UAA) module, it communicates with them as if they were external. You must enter the BOSH Director IP address in the no-proxy list to prevent traffic from the BOSH Director to other components on the same VM from passing through the proxy.

        Note: The values in the No Proxy field must be comma-delimited, with no spaces or quotation marks between values. Example: 127.0.0.1,10.0.16.11

Create a pull request or raise an issue on the source for this page in GitHub