Proxy Usage
We recommend using a transparent proxy! A transparent proxy can hide its settings, hence it is safer and requires no additional configuration on the target machine.
This feature is available from Sandbox version 1.9.3
Proxy server configuration
The following URLs are recommended to bypass on the proxy server:
- https://api.metadefender.com/ (For OPSWAT Reputation lookup)
- https://activation.dl.opswat.com/ (To reach the OPSWAT license server)
Sandbox server configuration
The following configuration is necessary for the installer and the product to work properly behind a non-transparent HTTP proxy.
Before Sandbox installation
Set the following configuration settings before installation.
System-wide proxy configuration
Update the /etc/environment config, copy the proxy variables to the end of the file as described below. This will be used by tools like WGET, CURL, APT.
Always set the NO_PROXY variable to precisely match the example below. The IP address ranges: 172.16.0.0/12 and 192.168.0.0/16 are used by Docker, do not reuse them for other purposes.
Use your own proxy URLs instead of the example proxy.example.com:3128.
The proxy format is <protocol>://<user>:<password>@<domain or IP address>:<port> where <user> and <password> are URL encoded strings.
http_proxy=http://proxy.example.com:3128https_proxy=https://proxy.example.com:3128HTTP_PROXY=http://proxy.example.com:3128HTTPS_PROXY=https://proxy.example.com:3128NO_PROXY=localhost,172.16.0.0/12,192.168.0.0/16,fsio,broker,transform,reverse_proxyOnce the file is updated log out and log in again for these changes to take effect:
exitDocker proxy configuration
Create the docker daemon proxy configuration file.
sudo mkdir -p /etc/systemd/system/docker.service.dsudo touch /etc/systemd/system/docker.service.d/http-proxy.confUpdate the proxy settings similarly to the system-wide proxy configuration:
[Service]Environment="HTTP_PROXY=http://proxy.example.com:3128"Environment="HTTPS_PROXY=https://proxy.example.com:3128"Environment="NO_PROXY=localhost,172.16.0.0/12,192.168.0.0/16,fsio,broker,transform,reverse_proxy"Optionally, if the docker daemon is already installed on your system, restart it:
sudo systemctl daemon-reloadsudo service docker restartInstall Sandbox as described on the Installation page.
Online license activation is not working when a proxy is used!
Please follow the "Offline license activation" section of the License Activation page.
After Sandbox installation (optional)
Sandbox will use the system proxy settings from HTTP_PROXY and NO_PROXY environment variables if available and no other proxy settings are defined.
Optionally, you can override the system-wide proxy configuration if you modify the transform.cfg property file as described in proxy settings. These changes only affect the transform component.
For other Docker containers, it is possible to change the proxy configuration without reinstalling Sandbox if you modify /home/sandbox/.docker/config.json (the path may differ if you installed Sandbox under a different user):
{ "proxies": { "default": { "httpProxy": "http://proxy.example.com:3128", "httpsProxy": "https://proxy.example.com:3128", "noProxy": "localhost,172.16.0.0/12,192.168.0.0/16,fsio,broker,transform,reverse_proxy" } }}Then please restart the sandbox service to remove and restart all Docker containers:
sudo service sandbox restartYou can check the currently used proxy configuration for a given Docker container, e.g. for transform:
docker inspect --format='{{range .Config.Env}}{{println .}}{{end}}' transformThis is the expected output:
HTTP_PROXY=http://proxy.example.com:3128http_proxy=http://proxy.example.com:3128HTTPS_PROXY=https://proxy.example.com:3128https_proxy=https://proxy.example.com:3128NO_PROXY=localhost,172.16.0.0/12,192.168.0.0/16,fsio,broker,transform,reverse_proxyno_proxy=localhost,172.16.0.0/12,192.168.0.0/16,fsio,broker,transform,reverse_proxyPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binUNAME=sandbox
