Errors when edit proxy settings in VCSA 6.7
When needed, you can configure a proxy server to automatically download VCSA updates in Appliance Management Interface (VAMI) [Port 5480] under Networking –> Proxy Settings. You have the options to configure proxy for HTTP, HTTPS and FTP.
When set a proxy server in VAMI, you could see these errors:
Error 1 (Syntax error)
HTTP Error in method invocation expected string or bytes-like object]
Problem: You have to put protocol in front.
Solution: Instead of eg.:
Error 2 (not reachable)
HTTP Proxy server unreachable.]
Problem: Set address cannot be “ping”. So either ICMP or Echo request/reply is blocked by firewall.
Solution: Let ICMP traffic pass the firewall.
Notes for proxy settings in VCSA 6.7
- What works: enable Echo request/reply, set proxy and deny Echo request/reply again.
- IMHO it is not necessary to block ICMP/ping wherever possible. There are other ways to check available services behind an IP-address. ICMP furthermore eg. can send control-messages for too long packages, which can be very useful. This does not work, when ICMP is blocked.
- When user authentication is necessary, password is saved in clear-text in
- Alternatively to setup proxy in GUI, configure proxy settings in
/etc/sysconfig/proxy. To save user and password, use this syntax:
- When you try to setup proxy in API-Explorer:
https://vcsa_address/apiexplorer/#/networking_proxy_you will also get an error when server is not ping-able.
- In VCSA 6.5 there was a bug when using HTTPS-proxy (here). This bug seems to be fixed in 6.7.
- According to appliance configuration guide (here, page 36), you can use API commands within VCSA to configure proxy settings. This seems to be a copy/paste error in documentation because these commands do not work anymore.