Configuring a Proxy

Proxy configuration is required if your Polarity server needs proxy access to reach the Internet and you are running integrations that rely on Internet based services or resources. Proxy support can be enabled for integrations either on a server-wide basis or a per-integration basis.

In general, integrations that will be connecting to internal resources do not need to have a proxy configured. Integrations that will be accessing Internet based APIs will need to have a proxy configured. If you are seeing an ECONNRESET error when using your integration, this is most commonly due to a missing or misconfigured proxy configuration for the integration.

Global Proxy

A global proxy will pass all integration traffic through the configured proxy. The proxy can be set via the HTTP_PROXY and HTTPS_PROXY environment variables. Specific domains or IPs can be set to ignore the proxy configuration via the NO_PROXY environment variable.

To set the required environment variables begin by opening the .env file found at /app/polarity-server/.env.

vi /app/polarity-server/.env

Add HTTP_PROXY and HTTPS_PROXY variables to the file. Ensure that the USERNAME:PASSWORD and proxy SERVER:PORT are replaced with your own proxy settings. If the proxy is unauthenticated then you do not need to provide the USERNAME:PASSWORD@ portion of the proxy configuration string (i.e., http://PROXYSERVER:PROXYPORT is all that would be required).

# We've seen cases where HTTPS_PROXY does not work. If you see a ECONNRESET
# then try just specifying the HTTP_PROXY environment variable. 
HTTP_PROXY=http://USERNAME:PASSWORD@PROXYSERVER:PROXYPORT
HTTPS_PROXY=https://USERNAME:PASSWORD@PROXYSERVER:PROXYPORT

# Any domains that match the pattern (* is a wildcard) will not use the
# proxy setting. You cannot wildcard IP addresses but you can specify
# specific IPs. If multiple domains or IP addreses are specified you should
# comma delimit them with no spaces 
NO_PROXY="*.domain.net,10.2.3.1"

After saving changes to the .env you must restart the polarity service for the changes to take effect.

systemctl restart polarityd

Integration Specific Proxies

To set the proxy on each individual integration and not system-wide, please follow the below steps. Ensure that the USERNAME:PASSWORD and the proxy SERVER:PORT are replaced with values for your own proxy.

To start, open the integration’s config.js file (replace <integration_name> with the directory name of the integration you are configuring).

1vi /app/polarity-server/integrations/<integration_name>/config/config.js

Within the config.js file find the property called proxy which will be located under the request property. The default is for the proxy property to be an empty string ''. Replace the empty string with the appropriate proxy string value:

// An HTTP proxy to be used. Supports proxy Auth with Basic Auth, identical to support for
// the url- parameter (by embedding the auth info in the uri)
proxy:'http://USERNAME:PASSWORD@PROXYSERVER:PROXYPORT',

Note that the proxy setting should be enclosed in single or double quotes and should have a trailing comma at the end.

Domain Based Authentication

If the proxy uses domain based authentication then the \ character should be encoded with %5C.

//Example of Domain based auth
proxy:'http://DOMAIN%5CUSERNAME:PASSWORD@PROXYSERVER:PROXYPORT',

or in the .env file it would look like this:

HTTP_PROXY=http://DOMAIN%5CUSERNAME:PASSWORD@PROXYSERVER:PROXYPORT

After modifying the proxy value, save the file and restart the integration from the Polarity Server Integration Settings page (you do not need to restart the server).

Testing the proxy using curl

If you need to confirm that you have the correct proxy information you can use the following curl command to test your proxy.

curl --verbose -x http://USERNAME:PASSWORD@PROXYSERVER:PROXYPORT https://cve.circl.lu/api/cve/CVE-2020-0796