🚀 Announcing BYOC and the OpenTelemetry Distribution BuilderRead more

Proxy Configuration

Forward Proxy

Bindplane and Bindplane Collector support the use of an HTTP forward proxy for (egress) connections. The Proxy is configured using the HTTP_PROXY and HTTPS_PROXY environment variables.

Configure Bindplane

You can configure the proxy environment variables by using a Systemd override. Run the following command:

bash
1sudo systemctl edit bindplane

Modify the unit file's override to look like this:

observIQ docs - Proxy Systemd Override - image 1

Note that this example is using http for both HTTP_PROXY and HTTPS_PROXY. This is because the proxy server is not configured to use TLS. Connections to https sites (such as github.com and Google Cloud API) are still encrypted with TLS. See TLS for more details.

After saving the file, you can reload systemd and restart Bindplane.

bash
1sudo systemctl daemon-reload
2sudo systemctl restart bindplane

Bindplane will now proxy outgoing requests using the configured proxy.

Configure Bindplane Collector on Linux

The process for Bindplane Collector is identical to Bindplane.

Create a Systemd override.

bash
1sudo systemctl edit observiq-otel-collector

Configure the HTTP_PROXY and HTTPS_PROXY environment variables.

override
1[Service]
2Environment=HTTP_PROXY=http://proxy.corp:8000
3Environment=HTTPS_PROXY=http://proxy.corp:8000

Reload systemd and restart the service.

bash
1sudo systemctl daemon-reload
2sudo systemctl restart observiq-otel-collector

Configure Bindplane Collector on Windows

Create an environment registry entry and define the HTTP_PROXY and HTTPS_PROXY keys. Please modify the proxy.corp:8000 with your proxy server and port. If you need to define a password it would be user:pass@proxycorp.8000:

cmd
1reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\observiq-otel-collector" /v Environment /t REG_MULTI_SZ /d "HTTP_PROXY=http://proxy.corp:8000\0HTTPS_PROXY=http://proxy.corp:8000" /f

Restart the observiq-otel-collector service:

cmd
1net stop observiq-otel-collector
2net start observiq-otel-collector

Authentication

Username and password authentication is supported using the following form:

bash
1HTTP_PROXY=http://user:password@proxy.corp:3128

TLS

TLS is always used between the proxy and the destination when connecting to a TLS secured endpoint, such as https://logging.googleapis.com or https://otlp-gateway-prod-us-central-0.grafana.net/otlp.

This is often confusing because TLS is not required for the connection between Bindplane / Bindplane Collector and the proxy.

If your proxy has a TLS listener, you can use TLS for the connection between Bindplane / Bindplane Collector and the proxy like this:

bash
1HTTP_PROXY=https://proxy.corp.net:3128
2HTTPS_PROXY=https://proxy.corp.net:3128

This will proxy http and https requests using TLS between your proxy client and server.

Note that your Bindplane server and your Bindplane Collectors must trust the certificate that is in use by the proxy.

You can read more about adding ca certificates to your servers by reviewing the following:

X