New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IoTEdge env fails when installed behind proxy #5

Closed
has-taiar opened this Issue Jul 2, 2018 · 13 comments

Comments

Projects
None yet
3 participants
@has-taiar
Copy link

has-taiar commented Jul 2, 2018

I have a corporate machine which is sitting behind a proxy.
I have followed the steps to install the new Windows Service for IoTEdge env.
I am using:

  • Windows 10
  • Docker for Windows (with Proxy settings)
  • Linux Containers for Docker

I am able to do docker pull and docker run, so this is working fine. I have also configured my iotedge env in the config.yaml to use the proxy but it does not seem to make a difference.
Here is a snippet of my config.yaml:

agent:
name: "edgeAgent"
type: "docker"
env: {"HTTP_PROXY": "http://username:pwd@proxyserver:8080", "HTTPS_PROXY": "http://username:pwd@proxyserver:8080"}

Here is the details of the error returned in the iotedge service logs.

iot-edge-error

@aribeironovaes

This comment has been minimized.

Copy link
Contributor

aribeironovaes commented Jul 3, 2018

Hi @has-taiar ,

We don't support Proxy on Edge. It's on our backlog, but it's something that would require work on some components (Including Device SDK) in order to support HTTP_PROXY for edge.

Thanks,

Angelo Ribeiro.

@has-taiar

This comment has been minimized.

Copy link
Author

has-taiar commented Jul 3, 2018

Thanks @aribeironovaes, appreciate the prompt response.

Any workaround that we can use in the meantime?
And when you say it's on the road-map, any idea how soon this will come to us? a month or a year? :)

I would imagine that this is a common issue for Enterprise customers, so I hope this would be helpful for other users too

Thanks

@avranju

This comment has been minimized.

Copy link
Member

avranju commented Jul 3, 2018

There's work that needs to be done first in the Azure IoT Hub C# SDK that Edge depends on (issue 477). Once that fix gets in we should be able to address this in Edge soon after. The C# SDK team is picking this issue up for implementation currently and we should hopefully be able to address this in the next few weeks.

@aribeironovaes

This comment has been minimized.

Copy link
Contributor

aribeironovaes commented Jul 3, 2018

Yeah, C#SDK is just one piece. Talked with @avranju .
After C# SDK (And other sdks) make changes we still have to figure our changes on iotedged (Security Daemon) and Docker/Moby.

So, we don't have a short timeline for that.

Regarding workaround, would switching to WEBsockets work for you?

@has-taiar

This comment has been minimized.

Copy link
Author

has-taiar commented Jul 3, 2018

Thanks @aribeironovaes & @avranju,

@aribeironovaes, yes, happy to use WebSockets. They will use port 443 (https) by default right?
I thought that the current version of IoT Ege env was already using WebSocket when AMQP fails!!

What would be the workaround if we use WebSocket?

@aribeironovaes

This comment has been minimized.

Copy link
Contributor

aribeironovaes commented Jul 3, 2018

Hi @has-taiar ,

My bad. When I suggested to use WebSocket as a workout around, I meant to use as a work around needing to use proxy. If this is not possible on your organization, than you are indeed blocked by this.

As Raj mentioned, we have this on our backlog (Both Client and Edge), but we don't have a timeline when this is going to be available.

We will update this thread as soon as we have it.

@has-taiar

This comment has been minimized.

Copy link
Author

has-taiar commented Jul 3, 2018

Thanks @aribeironovaes, really appreciate the help and the prompt replies.

One thing that I do not understand, I have the older version of the IoTEdge env installed on one of my machines here behind proxy and it works fine. I am able to push modules to it and it has both Agent and Hub modules working fine.

This machine has the older version that I had to install via pip:
pip install azure-iot-edge-runtime-ctl
This is surprising me in a pleasent way and that's why I am hoping that there is a workaround that I can use to make my new installation work.

Any idea how is that working? If we understand that, then maybe we could find a workaround for this current version too?
Happy to provide more info from this machine where it has the environment working behind proxy.

@aribeironovaes

This comment has been minimized.

Copy link
Contributor

aribeironovaes commented Jul 3, 2018

Hi @has-taiar ,

I actually had the same discussion a couple of hours ago with somebody about that. :)

So, previously you probably had configured docker directly to use your proxy (Check this doc: https://docs.docker.com/engine/reference/commandline/cli/#description). With that you are able to do docker pull (Test it manually before trying to use iotedged, for example).

For edgeAgent and edgeHub, it is impossible that it were working before with proxy because simple we do not support Proxy on our Clients sdk yet.. Check this github discussion on V1: Azure/iot-edge-v1#465

What I discovered from this previous discussion that I had is the the costumer had docker configured with proxy (so, images pull and push was done through their proxy) and have iothub ip ranges open on their firewall. This is how they work.

Could you do the same till we fully support proxy?

Let us know,

Thanks,

Angelo Ribeiro.

@has-taiar

This comment has been minimized.

Copy link
Author

has-taiar commented Jul 4, 2018

Thanks @aribeironovaes,

Whitelisting the IP Address(es) of Azure IoT Hub on our Firewall sounds like a good idea, but I cannot find any fixed IP Address range for IoTHub? Is there a fixed Range of IP Addresses for Azure IoTHub?

Thanks
Has

@aribeironovaes

This comment has been minimized.

Copy link
Contributor

aribeironovaes commented Jul 4, 2018

@aribeironovaes

This comment has been minimized.

Copy link
Contributor

aribeironovaes commented Jul 5, 2018

HI @has-taiar ,

So, try this: https://www.microsoft.com/en-us/download/details.aspx?id=41653

You can also try to use nslookup, but we although it is pretty static, we can't guarantee.

Let me know if this works for you,

Thanks!

Angelo Ribeiro.

@has-taiar

This comment has been minimized.

Copy link
Author

has-taiar commented Aug 11, 2018

Thanks @aribeironovaes and @avranju for the help. We ended up exempting our IoT Edge (443) traffic from our proxy. Solution documented here
Thanks again

@has-taiar has-taiar closed this Aug 11, 2018

@avranju

This comment has been minimized.

Copy link
Member

avranju commented Aug 12, 2018

Thanks! The work for fully supporting proxies in Edge is underway right now. The .NET SDK team has done the work (but haven’t created a release yet). Will keep you posted. cc @damonbarry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment