Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy Exception List for Outbound HTTP Connectors #3252

Closed
shaarmann opened this issue Sep 10, 2024 · 4 comments · Fixed by #3460 · May be fixed by camunda/camunda-docs#4469
Closed

Proxy Exception List for Outbound HTTP Connectors #3252

shaarmann opened this issue Sep 10, 2024 · 4 comments · Fixed by #3460 · May be fixed by camunda/camunda-docs#4469
Assignees
Labels
kind:enhancement New feature or request
Milestone

Comments

@shaarmann
Copy link
Contributor

Is your feature request related to a problem? Please describe.

May companies have private and use public APIs. Private APIs must be accessed via a proxy while public ones must not. The HTTP Connectors have not option to turn the proxy on/off via configuration nor can a list of exceptions be provided.

Describe the solution you'd like

Option 1:
Add a flag to the HTTP Connectors element templates. The request will be routed to proxy if and only if the flag is set to true.

Option 2:
The Proxy can be configured via an environment variable (HTTP_PROXY_URL). Another Environment variable may be used to specify exceptions, similiar to Java's http.nonProxyHosts.

Describe alternatives you've considered

Use the hybrid mode of the connectors to run two instances of the HTTP Connectors: One with configured Proxy, one without.

Additional context

@shaarmann shaarmann added the kind:enhancement New feature or request label Sep 10, 2024
@johnBgood johnBgood changed the title Proxy Exception for Outbound HTTP Connectors Proxy Exception List for Outbound HTTP Connectors Sep 16, 2024
@sbuettner
Copy link
Contributor

Decision: Go with Option 2 for now to now confuse SaaS users with this flag (as they will always go through a proxy.)

@shaarmann
Copy link
Contributor Author

shaarmann commented Sep 17, 2024

As mentioned in the ticket's description, there are JVM/system properties for configuring a proxy, i.e.,

http[s].proxyHost
http[s].proxyPort
http[s].nonProxyHosts
http[s].proxyUser
http[s].proxyPassword

Customers familiar with Java are used to these properties.
Therefore, I believe it is worth evaluating whether it is possible to use these configuration options instead of custom environment variables. It has the additional benefit that functionality, such as nonProxyHosts and authentication are supported out-of-the-box.

Since version 8.6, the HTTP connector is based on Apache HTTP Client. Since version 5, the HTTPClientBuilder uses the system properties described above if no other proxy configuration is set.
The connector, however, always sets a proxy configuration even if it is null. Thereby, it overwrites the default configuration. If we change the code to only set the proxy if it is configured via the environment variable above, it will fallback to the system configuration which supports the desired feature.

@johnBgood
Copy link
Collaborator

johnBgood commented Oct 11, 2024

QA information

Test Environment

  • Self-Managed only
  • Connectors version: camunda/connectors-bundle:SNAPSHOT
  • Beeceptor:

Test Scope

Test Data

You will need to provide the JAVA_OPTS env var:

services:
  connectors:
    environment:
      - JAVA_OPTS=-Dhttp.proxyHost=<PROXY> -Dhttp.proxyPort=<PORT> -Dhttps.proxyHost=<PROXY> -Dhttps.proxyPort=<PORT> -Dhttp.nonProxyHosts=<OTHER_DOMAIN>

Replace the variables accordingly.

@slolatte
Copy link

@Szik and I tested this and everything looks good to us!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment