Configure a Proxy for the Synthetic Server

This page describes how to configure your on-prem Synthetic Server to use a proxy server to communicate with the SaaS EUM Server and SaaS Synthetic Server. You are recommended to set up a proxy to add a security layer for your on-prem Synthetic Server. 

The configuration consists of the following steps:

Synthetic Server Proxy Architecture

You can also, optionally, set up a proxy to forward traffic from the SaaS Synthetic Server Feeder to the on-prem Synthetic Server Client Feeder, but your proxy server must support WebSockets. 

Proxy for Downstream Traffic (Recommended)

The proxy often resides in the DMZ for the network and presents a virtual IP address to forward requests from the on-prem Synthetic Server to SaaS Synthetic Server through the SaaS EUM Server as shown below.

Connection	Source	Destination	Protocol	Default Port(s)
	The on-prem Synthetic Scheduler sends the job requests to the proxy server, which then forwards the requests to the SaaS EUM Server	SaaS EUM Server	HTTP(S)	7001/7002
	The  SaaS EUM Server forwards the job requests to the SaaS Synthetic Server.	SaaS Synthetic Server	HTTP(S)	N/A

The on-prem Synthetic Server Client Feeder communicates with the SaaS Synthetic Server Feeder through a bi-directional WebSocket connection that is not made through the proxy server. 

Proxy for Downstream and Upstream (Optional)

When setting a proxy for downstream and upstream traffic, the proxy must support WebSocket. The on-prem Synthetic Server Client Feeder initializes the WebSocket connection with the SaaS Synthetic Server Feeder through the proxy server. Once the WebSocket connection is established, the on-prem Synthetic Server Client Feeder and the SaaS Synthetic Server Feeder can use the persistent connect to make bi-directional requests.

Connection	Source	Destination	Protocol	Default Port(s)
	The on-prem Synthetic Server (Scheduler) sends the job requests to the proxy server, when then forwards the requests to the SaaS EUM Server.	SaaS EUM Server	HTTP(S)	7001/7002
	The SaaS EUM Server forwards the requests to the  SaaS Synthetic Server.	SaaS Synthetic Server	HTTP(S)	N/A
	The   on-prem Synthetic Server (Client Feeder) establishes a WebSocket connection with the SaaS Synthetic Server (Synthetic Server Feeder) through the proxy server.	SaaS Synthetic Server	HTTP(S)	80/443
		on-prem Synthetic Server	HTTP(S)	80/443
	The SaaS Synthetic Server (Synthetic Server Feeder) and on-prem Synthetic Server (Client Feeder) communicate bi-directionally through the proxy server. Most of the traffic is from the SaaS Synthetic Server Feeder to the on-prem Synthetic Client Feeder.	on-prem Synthetic Server	WebSocket	16101
		SaaS Synthetic Server	WebSocket	16001

Configure the Synthetic Server to Use Proxy

You need to configure the Synthetic Server to use the proxy to forward traffic to the SaaS EUM Server. In the examples configurations below, the proxy URL is 127.0.0.1 and the proxy port is 3128. You will need to replace those values with the URL and port of your proxy server.

Synthetic Shepherd

From the host machine of the Synthetic Server, set the proxyUrl and proxyPort properties in the <synthetic-server_installation_dir>/synthetic-processor/conf/synthetic-server.yml file to point to the URL and port of the proxy server, which the Synthetic Shepherd will send requests.

saasLink:
  proxyUrl: "127.0.0.1"
  proxyPort: 3128
  proxyUsername: "squid"
  proxyPassword: "squid" 

Synthetic Scheduler 

Set the proxyUrl and proxyPort properties in the <synthetic-server_installation_dir>/synthetic-processor/conf/synthetic-scheduler.yml file to point to the URL and port of the proxy server so that Synthetic Shepherd also send requests to the proxy. 

saasLink:
  proxyUrl: "127.0.0.1"
  proxyPort: 3128
  proxyUsername: "squid"
  proxyPassword: "squid" 

Synthetic Feeder Client 

Finally, set the proxyUrl and proxyPort properties in the <synthetic-server_installation_dir>/synthetic-processor/conf/synthetic-feeder.yml file to point to the URL and port of the proxy server so that Synthetic Server Client Feeder also send requests to the proxy.

websocketConfiguration:
    proxyUrl: "127.0.0.1"
    proxyPort: 3128
    proxyUsername: "squid"
    proxyPassword: "squid"

Set the Proxy URL in the On-Prem Controller

1. Access the Administration Console of your on-prem Controller.
2. Navigate to the Controller Settings page.
3. Find the properties eum.synthetic.shepherd.host and eum.synthetic.scheduler.host, and enter the proxy URLs with the proxy port as the values for the properties as shown below. Make sure not to include the protocol with the URL.
   
4. Click Save for each property.

Configure Your Proxy Server

You can use Squid, Apache, Nginx, or another proxy server, but these instructions only cover Squid. If you are using a proxy to forward traffic between the on-prem Synthetic Server Client Feeder and the Synthetic Server Feeder, your proxy will need to support the WebSocket protocol.

Squid

1. Add the following configurations to the Squid configuration file at /etc/squid/squid.conf.

   http_access allow localhost
   http_access allow all
   http_port 3128

   TEXT

2. Restart squid.