By default, the communication between Java Proxy and Python Agent is not encrypted. This page describes how to configure communication between Java Proxy and Python Agent and encrypt and authenticate using CurveZMQ. CurveZMQ is an authentication and encryption protocol for ZeroMQ.
To set up CurveZMQ, perform these steps:
- Generate Certificates
- Enable Curve Encryption
- Enable Curve Authentication
Generate Certificates
The Python Agent and Java Proxy automatically generate CurveZMQ certificates if you enable the Curve encryption. CurveZMQ uses certificates to encrypt and authenticate communication between Python Agent and Java Proxy. To generate the certificates manually, use this Python script:
import appdynamics.agent
import appdynamics_bindeps.zmq.auth
# This creates a <cert_name>.key and <cert_name>.key_secret in the <certs_directory>
# public_file and secret_file will be set to the public keyfile name and secret keyfile name respectively
public_file, secret_file = appdynamics_bindeps.zmq.auth.create_certificates(certs_directory, cert_name)
|
You must ensure that these environment variables point to the correct CurveZMQ certificates:
APPDYNAMICS_CURVE_AGENT_PUBLIC_KEY_FILEAPPDYNAMICS_CURVE_AGENT_SECRET_KEY_FILE APPDYNAMICS_CURVE_PROXY_PUBLIC_KEY_FILEAPPDYNAMICS_CURVE_PROXY_SECRET_KEY_FILE
See the Curve Environment Variables table.
Enable Curve Encryption
To enable and encrypt the communication between Java Proxy and Python Agent, set the APPDYNAMICS_CURVE_ENABLED variable to Yes.
Enable Curve Authentication
Before enabling Curve authentication (ZAP or ZeroMQ Authentication Protocol), ensure that:
- The Python Agent public keys (which to connect to the proxy) and the Java Proxy public keys are located in a directory.
- Java Proxy can access the directory or the directory is located inside the Java Proxy container.
- The
APPDYNAMICS_CURVE_PUBLIC_KEY_DIR environment variable points to that directory.
To enable Curve authentication, set the APPDYNAMICS_CURVE_ZAP_ENABLED variable to True.
The proxy then authenticates the agent if the agent's public keys are available in APPDYNAMICS_CURVE_PUBLIC_KEY_DIR. The proxy does not accept connection requests from the agent if the public keys are not available.
Curve Environment Variables
This table describes the available Curve environment variables.
Environment Variable | Description |
|---|
APPDYNAMICS_CURVE_ENABLED
| Sets whether Curve is enabled. |
APPDYNAMICS_CURVE_ZAP_ENABLED
| Sets whether Curve ZAP (authentication) is enabled. |
APPDYNAMICS_CURVE_PUBLIC_KEY_DIR
| Location of the Curve public certificates. |
APPDYNAMICS_CURVE_SECRET_KEY_DIR
| Location of the Curve secret certificates. |
APPDYNAMICS_CURVE_AGENT_PUBLIC_KEY_FILE
| Curve public key file for the agent. If the file does not exist, then the agent attempts to create it. |
APPDYNAMICS_CURVE_AGENT_SECRET_KEY_FILE
| Curve secret key file for the agent. If the file does not exist, then the agent attempts to create it. |
APPDYNAMICS_CURVE_PROXY_PUBLIC_KEY_FILE
| Curve public key file for the proxy. If the file does not exist, then the proxy attempts to create it. |
APPDYNAMICS_CURVE_PROXY_SECRET_KEY_FILE
| Curve secret key file for the proxy. If the file does not exist, then the proxy attempts to create it. |