Axigen Community Forum

  • If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

Axigen behind firewall.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Axigen behind firewall.

    Hi,

    I am new to Axigen, just installed the Docker version.

    In our environment we close outgoing connectivity and generally it is required to access the internet via proxy. Of course it is possible to open specific ports, etc.

    I have been looking at KB, Documentation and Forum, but I could not find the following information:

    - How do you configure Axigen to use an out proxy? like most systems do with HTTP_PROXY environment variable, etc. I can only find the setting for 3rd party spam/antivirus modules.
    - What ports/comms do you need to open up for axigen to work? This questions excludes the core SMTP, DNS, IMAP, POP... ports which are well documents

    So far I have noticed that, and created rules for,

    - access to letsencrypt ACME (to request certs, etc),
    - access to Axigen web (I guess to check for updates, or licenses),

    Our preference is always to go via proxy, but if not possible: is there a list of the required out connections that Axigen requires to work?


    #2
    Hello,

    From your message I understand that you are wondering how to set HTTP proxy rules for accessing letsencrypt ACME and notifications for Axigen updates.

    Both of them are using libcurl and this is why my suggestion (till we'll support a more friendly method) is to add the following line at the end of the service config file (present in /etc/sysconfig/axigen)

    Code:
    export ALL_PROXY="<your-HTTP-PROXY-config"
    After adding this line to the service config file please restart Axigen service ( in your case docker restart <container_id> ) so the service process will ran with the new environment variable.

    Please let us know if this change works for you.

    BR,
    Ioan

    Comment


      #3
      I am not sure this the proposed solution applies to the Docker version.

      The image does no seem to use init daemon but instead uses the run_axigen.sh script that calls axigen directly (as it is the recommended practice).

      However in this case, I think the environment variables provided in the Docker command line should be passed to the axigen process.

      I have tried using Docker environment variables without success, and I have also patched the run_axigen.sh script with an export ALLPROXY... just before calling axigen, but that does not make any difference, I still dont see any trafic via the proxy. ( I am clicking on check for updates for a quick test).

      So, it is strange, but I have no idea of what is going on.

      Comment


        #4
        I can now see letsencrypt requests via the PROXY, by using the ALL_PROXY as an environment variable passed using the docker command line.

        I cannot see the requests to Axigen yet (check updates, etc).

        Comment


          #5
          Hello,

          I have double check with our dev team and it seems you are right - requests sent to Axigen (like checking for updates and opening support tickects) are ignoring the proxy setup and this is why you do not see them via your configured PROXY.

          Thanks to your report this will be corrected in the next version (X3); unfortunately we could not bypass the hard-coded value for current Axigen version.

          HTH,
          Ioan

          Comment


            #6
            OK, Thanks!

            that is good to know. I leave that one rule open in the firewall. then I will test once X3 is out to remove it.

            Comment

            Working...
            X