Connection timeout when running plugin behind an http proxy

[geco82]

I have a Jenkins machine in a network behind an http proxy. Maven is configured right with proxy in settings.xml but the plugin doesn't consider that and the calls to anypoint.mulesoft.com APIs throw a timeout exception.
I wish I could configure an http proxy to reach Anypoint APIs.

[orome656]

Hello,

I have the same kind of problem.
Can proxy usage be implemented ?

Thank you

[dwaller200]

You can implement proxy support into the 2.2.1 source branch by adding the following dependency to swap from HttpUrlConnection to Apache HttpClient 4:

		<dependency>
		    <groupId>org.glassfish.jersey.connectors</groupId>
		    <artifactId>jersey-apache-connector</artifactId>
		    <version>${jersey.version}</version>
		</dependency>

CloudhubApi.java, change line 154 to:

Response response = post(uri, String.format(APPLICATIONS_FILES_PATH, appName), Entity.entity(multipart, MultiPartMediaTypes.createFormData()));

In AbstractApi.java, change the getTarget method to:

    protected WebTarget getTarget(String uri, String path)
    {
    	ClientConfig clientConfig = new ClientConfig();
    	String proxyUri = System.getProperty("deploy.proxy.uri");
    	String proxyUser = System.getProperty("deploy.proxy.user");
    	String proxyPassword = System.getProperty("deploy.proxy.password");
    	if (!isEmpty(proxyUri)) {
    		clientConfig.property(ClientProperties.PROXY_URI,proxyUri);
    		if (!isEmpty(proxyUser)) {
    			clientConfig.property(ClientProperties.PROXY_USERNAME,proxyUser);
    			clientConfig.property(ClientProperties.PROXY_PASSWORD,proxyPassword);
    		}
    	}
    	clientConfig.connectorProvider(new ApacheConnectorProvider());
        ClientBuilder builder = ClientBuilder.newBuilder().withConfig(clientConfig);
        configureSecurityContext(builder);
        Client client = builder.build().register(MultiPartFeature.class);
        if (log != null && log.isDebugEnabled() && !isLoginRequest(path))
        {
            client.register(new ApiLoggingFilter(log));
        }

        return client.target(uri).path(path);
    }

Rebuild and mvn install so it goes into your local repository. Use the 2.2.2-SNAPSHOT version of the plugin in your Mule pom.xml and on the mvn command line for mvn deploy, add the values for -Ddeploy.proxy.uri=, etc for the values you need. The deployment plugin will use those values and the Apache HttpClient proxy implementation to connect to Anypoint through a proxy (including authenticating proxies if you include the two other properties).

[siddharthgrd]

Hi Dwaller, Could you please advise if this issue is closed and which version of jar I have to use for proxy?Thanks,
Siddharth

[rscadrde]

Deploying with jenkins maven goal
deploy -Dmule.deployment.type=cloudhub -Dmaven.test.skip=true -DskipMunitTests -DmuleDeploy -Dhttps.proxyHost=proxy.intdus.retail-sc.com -Dhttps.proxyPort=3128
works fine here.

[siddharthgrd]

mvn clean release:prepare release:perform -X -Darguments="-DskipTests -Dhttps.proxyHost=proxy -Dhttps.proxyPort=80 -Dhttps.proxyUser=**** -Dhttps.proxyPassword=****"

Throughs 407 proxy authorization error though we pass proxy details as parameter.Looks like Maven Release can't fork the parameters to Mule maven plugin? Please help urgently.
Thanks,
Siddharth

[dwaller200]

I'm not sure authenticating proxy support is in Java as standard: https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html

I used eclipse and built a new Mule maven plugin with Apache HttpClient which does support authenticating proxies. I only needed version 2.2.1 of the Mule maven plugin, so the change over was pretty simple. Not sure about the latest branch of the Mule maven plugin.

[siddharthgrd]

Maven Mule Snaphost Build/Deploy with proxy autherisation works fine as parmater hwoever with Maven Release perform it is behaving intermittent and fails with 407 proxy authentication.It uses the same java as maven snapshot build uses right then why this issue is coming where it seems proxy user is not getting passed to the proxy server which is being passed as argument below?
mvn release:prepare release:perform -X -Darguments="-Dhttps.proxyHost=proxy -Dhttps.proxyUser=user -Dhttps.proxyPassword=password -Dhttps.proxyPort=80"

Thanks,
Siddharth

[rscadrde]

https.proxyUser=user
is not supported out of the box by java (=407).
The authentication needs to be set from the application itself. (via java.net.Authenticator.setDefault(Authenticator))

Solution for us was to change our proxy config on the server to accept deployconnections (*.mulesoft.org) from our jenkins IP without proxy authentication.

Workaround for local users is to use https://github.com/quaddy-services/escape-from-intranet and then
put your proxy settings in the GUI and use -Dhttps.proxyHost=localhost

The escape-from-intranet will enrich the Proxy-Authentication header if missing.

[siddharthgrd]

Hi Stefan,
We can't allow our proxy to to accept *.mulesoft.org as proxy authentication.
The workaround you mentioned, could you please advise how I can achieve in Linux server?
Using Jenkins I'm just running the maven command for this.How to use your workaround for this case?
Please help me with the steps.
Thanks,
Siddharth

[siddharthgrd]

Since it is linux there is no GUI

[siddharthgrd]

or there is any other solution for Maven Release Mule deploy with proxy authentication here?I have tried below but didn't work out still -
mvn clean release:prepare release:perform -X -Darguments="-DskipTests -Dhttps.proxyHost=** -Dhttps.proxyPort=80 -Dhttps.proxyUser=*** -Dhttps.proxyPassword=**-Djdk.http.auth.tunneling.disabledSchemes="""

[rscadrde]

"https.proxyPassword" will not help until mule-maven-plugin correctly registers it to
java.net.Authenticator.setDefault(Authenticator)

How to exclude single domains from your proxy server you need to "google".
(I just ask our network department to open destination URL for internal IP servers)
In case you are running a squid proxy digging into your squid.conf may help:
https://serverfault.com/questions/307503/squid-proxy-authorize-some-site-without-authentication

[siddharthgrd]

Hi Stefen,

I'm checking this with Mulesoft team to change as you advised. But is there any option for Maven Release to work with Mule Maven plugin with proxy authentication ?

Thanks,
Siddharth

[rscadrde]

Hi Siddharth,
For release you may try:

mvn -Dresume=false -U -P no-tests clean release:prepare release:perform -DpreparationGoals=clean -Darguments="-DskipMunitTests=true -Dmaven.test.skip=true"

with

		<profile> 
			<id>no-tests</id> 
			<properties> 
				<maven.test.skip.exec>true</maven.test.skip.exec> 
				<maven.javadoc.skip>true</maven.javadoc.skip>
			</properties> 
		</profile> 

in your ~/.m2/settings.xml

[siddharthgrd]

Hi Stefen,

Apologies is the above is for 407 proxy issue?
On the other note -I tried implementing the logic which Dwaller has suggested but it failed in NTLM authentication and we need Basic AuthScheme.

Do you know where to update in the mule maven plugin to use as stated below?

https://stackoverflow.com/questions/27442177/disable-ntlm-on-apache-httpclient-4-3-6

[INFO] WARN 2018-12-17 16:40:52,882 [main] org.apache.http.impl.auth.HttpAuthenticator: NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
[INFO] WARN 2018-12-17 16:40:52,887 [main] org.apache.http.impl.auth.HttpAuthenticator: NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials
[INFO] [ERROR] Failed: 407 Proxy Authorization Required: <TITLE>Proxy Authorization Required</TITLE>
Thanks,
Siddharth