VMware Cloud Community
Raudi
Expert
Expert
‎09-29-2021 04:12 AM

How to enable proxy in VCSA 7.0.2?

Hi,

 

today i need to use a proxy in a vcsa 7.0.2 to get the latest vcsa updates and to download the patches for the LCM.

 

I configured the proxy in the appliance management and after restarting the applmgmt service i was able to download and install the latest vcsa patch.

 

But the LCM can't download, i restarted the vlcm and vmware-updatemgr service, but no success. In the firewall log the admin found a entry, that now the vcenter want's to talk with http://vcenter-fqdn:9084/vci/downloads/health.xml so i inserted the hostname and FQDN in the NO_PROXY of the /etc/sysconfig/proxy file and made a reboot.

 

After this reboot the VCSA don't work, i got a message, afer login to the client, that the client can't communicate with the vcenter-fqdn:443/sdk.

 

So i removed the whole proxy config, made again a reboot and all is working fine again.

 

What is the correct proxy config? That the proxy will be used only for external traffic?

 

0 Kudos
5 Replies
IRIX201110141
Champion
Champion
‎09-29-2021 05:59 AM

Some time ago i had problem with a vSAN Setup where the customer also provides a local proxy to reach certain addresses in the internet for security reasons. As soon as enabling and configuring the proxy things like LCM work fine but monitoring/healthcheck related vSAN stuff breaks.

At the end we insert the following

NO_PROXY="localhost, 127.0.0.1,<vcsa_fqdn>, <vcsa_ip> "

 This help with  all stuff which task directly ON the vcsa. At least it solved my problems 🙂

Regards,
Joerg

 

 

0 Kudos
Raudi
Expert
Expert
‎09-29-2021 06:05 AM

o.k. i will test again, i had no entry for the IP, only for the hostname and the fqdn...

 

I will report...

0 Kudos
Raudi
Expert
Expert
‎09-29-2021 09:32 AM

No it don't work. I still got after login to the client in a blue bar on the top:

 

Could not connect to one or more vCenter Server systems:https://vcenter.fqdn:443/sdk

0 Kudos
IRIX201110141
Champion
Champion
‎09-29-2021 09:36 AM

Than you should open an #SR.

 

 

0 Kudos
Raudi
Expert
Expert
‎09-30-2021 11:37 AM

It is etremely important that the order in the "NO_PROXY" value is correct! The first two localhost entries must be the first entries, if not it don't work!

 

So the solution is to add additional entries at the end of the line...

 

A additional problem is, that the update manager don't use the root certificates from the VCSA Certificate Management, so a proxy entry for HTTPS which uses in the url HTTPS don't work.

0 Kudos