Internet Proxy Setup for HSA VMs
For HSA VMs that require controlled internet access, deploy TinyProxy on an Ubuntu VM in the SSA zone, then configure HSA VMs to use that proxy.
Prerequisites
- An Ubuntu 20.04 VM in the SSA zone.
- Internet access from that SSA VM on ports
80,443, and53. - SSH access to the SSA VM with administrative privileges.
- Basic Linux command-line knowledge.
Warning
A proxy in SSA can expose HSA workloads if it is misconfigured. Limit access with firewall rules and review proxy logs regularly.
Setting Up TinyProxy in SSA
Update the VM
SSH to the Ubuntu VM and update the package index:
sudo apt update
Install TinyProxy
Install the TinyProxy package:
sudo apt install tinyproxy
Configure TinyProxy
Open the TinyProxy configuration file:
sudo nano /etc/tinyproxy/tinyproxy.conf
Configure the required settings:
| Setting | Description |
|---|---|
| Port | The port TinyProxy listens on, for example 3128. |
| Allow | The IP addresses or ranges allowed to use the proxy, for example Allow 0.0.0.0/0. |
| Anonymous | Disable anonymous access. |
Save the file and exit the editor.
Restart TinyProxy
Restart the service after changing the configuration:
sudo systemctl restart tinyproxy
Configuring Firewall Rules
Allow connections to the proxy VM on the proxy port, for example tcp/3128, using Cloud Portal firewall rules.
Tip
Allow inbound proxy traffic only from the sources that need it. Restrict incoming connections on the proxy port to necessary sources.
Configuring Proxy on VMs
Windows VMs
- Open Settings.
- Open Network & Internet.
- Open Proxy.
- Under Manual proxy setup, turn on Use a proxy server.
- Save the configuration.
Linux VMs
Open /etc/environment:
vi /etc/environment
Add the proxy variables:
http_proxy=http://your_proxy_IP:3128/
https_proxy=http://your_proxy_IP:3128/
Save the file and exit the editor.
Safety and Security
- Keep Ubuntu and TinyProxy updated with security patches.
- Review TinyProxy logs at
/var/log/tinyproxy/tinyproxy.log. - Investigate unusual or unauthorized proxy access attempts.
Glossary and References
| Term | Meaning |
|---|---|
| TinyProxy | A lightweight open-source HTTP and HTTPS proxy server. |
| SSH | Secure Shell, used for secure remote server access. |
References: