-
Notifications
You must be signed in to change notification settings - Fork 604
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage of an http/https proxy #23
Comments
Currently it doesn’t work for two reasons:
You might be able to use other networking, such as a vpn, to accomplish this lower down the network stack. We do not currently have plans to implement proxying for the websocket connection within our application in the short term. I would like to hear a little more about your proxying setup though, such as if it would support a websocket connection or if a vpn could potentially work. Best, |
Thanks for your answer. As a matter of fact, some of the services I intend to deploy will not be internet facing, and the instances will be in private subnets. As I understand it (I may be wrong), the ECS agent performs a call to an https AWS endpoint for ecs. The fact that it uses websocket is probably the must difficult point here. I've read in many websites that websockets works over an https connection on squid. So should I do the same request (proxy support) on the gorilla/websocket project ? Thanks, |
If the Gorilla authors want to integrate proxy support I'd be happy to consume it. However, even if they don't, it could probably be implemented within the agent's code by passing in a proxying dialer to the websocket connection. I'll leave this issue open as a feature request and welcome any further information or questions. |
Thanks Euan, this will be a great improvement! |
Relates to aws#23 The authv4 signer is still present for ACS. This should also improve exception retriability for some exceptions and performance (connection pooling)
Relates to aws#23 The authv4 signer is still present for ACS. This should also improve exception retriability for some exceptions and performance (connection pooling)
Relates to aws#23 The authv4 signer is still present for ACS. This should also improve exception retriability for some exceptions and performance (connection pooling)
Relates to aws#23 The authv4 signer is still present for ACS. This should also improve exception retriability for some exceptions and performance (connection pooling)
@radenui were you able to get the ECS Agent to register with the cluster? I've been able to get everything running, but the agent simply can't register with the cluster due to our proxy. |
@damnhandy Unfortunately no, I had to connect the internet directly or through a NAT instance, as far as I know proxy is not yet usable. I hope this will be soon available! |
Hello Team, is this supported yet? |
Unfortunately, it's still not supported. The registration part should work now since the above-referenced sdk migration has been completed, but the websocket connection, required for running any tasks, does not respect proxy settings. As far as I know, the websocket connection's dial is the only part left that doesn't handle proxy settings. I'll update this issue with any changes. |
Folks, is this Proxy support available now? |
Still not available, but getting closer! We've got it merged into the Best, |
Proxy support is now supported in the upstream library, I was hoping this would save you doing work on this but it seems to have also been done in the agent itself. If I can help with integration I am happy to pitch in. |
We've released agent version We appreciate that you added support upstream @wolfeidau, and I think it'd be awesome to switch since it makes more sense to be maintained there I think. Since this issue is about the feature, not implementation, I've opened a separate issue, #239, to track that and am resolving this. |
- the [[ -f ... ]] and [[ -d ... ]] checks are changed to use 'sudo test -f and sudo test -d'. This is so that we correctly detect files that are only readable by the root user. - the cleanup script was leaving behind /root/.ssh/authorized_keys because it was not using 'sudo' to check for this file - the cleanup script was previously also leaving behind /etc/sudoers.d/90-cloud-init-users, but we need this file for the ec2-user to have sudo access, so delete it from the list of files to delete from the AMI.
Hi,
The host machines do not access the internet directly, but through an http/https proxy into my infrastructure: I'd like to be able to use it!
I tried to write :
HTTP_PROXY=http://proxyaddress:proxyport
HTTPS_PROXY=http://proxyaddress:proxyport
NO_PROXY=169.254.169.254
into /etc/ecs/ecs.config (as I believe it should work ?), but had no success so far.
Is is a feature you intend to implement ?
Thanks,
Arthur
The text was updated successfully, but these errors were encountered: