Advanced Settings

Working through a proxy

Docker

If https://docker.mitigator.ru is accessed through a proxy, you need to configure Docker.

On systems running systemd, you need to:

  1. Create a drop-in to the Docker service, specifying the proxy in the environment (replace the details of connecting to the proxy with the current ones):

    mkdir -p /etc/systemd/system/docker.service.d
    cat >/etc/systemd/system/docker.service.d/proxy.conf <<END
    [Service]
    Environment=HTTP_PROXY=http://user:password@proxy.local:1234
    Environment=HTTPS_PROXY=http://user:password@proxy.local:1234
    Environment=NO_PROXY=docker.local
    END
  2. Add proxy certificate to Docker’s trusted ones (/path/to/proxy.crt replace with the path to the proxy certificate):

    mkdir -p /etc/docker/certs.d/docker.mitigator.ru
    cp /path/to/proxy.crt /etc/docker/certs.d/docker.mitigator.ru/ca.crt
  3. Update the description of the Docker service and restart it:

    systemctl daemon-reload
    systemctl restart docker

MITIGATOR

If MITIGATOR will communicate with the license server (ls.mitigator.ru), the mail server and the Vestochka service through a proxy, you need to specify environment variables. To do this, you need to create a docker-compose.override.yml file with content like this::

version: "2.2"

services:
  backend:
    environment:
      HTTP_PROXY: "http://user:password@proxy.local:3128"
      HTTPS_PROXY: "http://user:password@proxy.local:3128"

If necessary, also set NO_PROXY (addresses that need to be accessed without a proxy), you need to include .mitigator, localhost, 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12 in it:

NO_PROXY: "<new servers>,.mitigator,localhost,127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"

After that, you need to restart the backend service:

docker-compose up -d backend

Do not use proxy settings in ~/.docker/config.json configuration file. If these settings are required for non-MITIGATOR containers, specify them only for such containers.

Custom TLS certificate

To replace the self-signed certificate cert.crt with the key cert.key with your own, you need to mount the certificate and key via /srv/mitigator/docker-compose.override.yml:

version: "2.2"
services:
  nginx:
    volumes:
    - ./example.com.crt:/etc/nginx/cert.crt:ro
    - ./example.com.key:/etc/nginx/cert.key:ro

After that, you need to restart the Nginx service:

docker-compose rm -s nginx && docker-compose up -d nginx

Syslog Sender Hostname

To configure the syslog sender hostname, modify docker-compose.override.yml file as follows:

version: "2.2"
services:
  gateway:
    hostname: "desired sender name"

After that, restart MITIGATOR:

docker-compose down && docker-compose up -d