Discussion:
[otrs] OTRS6b1 - how to force OTRS outbound connections, to go via proxy?
Alex Mihičinac
2017-11-20 08:08:44 UTC
Permalink
Hi all,

can someone tell me, if it's possible to force OTRS's outbound connections to go via proxy? My otrsbox has no direct internet connection, so all connections need to go via proxy. Now I'd like to test v6b1 and it's working slow as hell, since it's waiting for network timeout of this specific connection:

tcp 0 1 otrsbox:55984 portal-nodef04.ot:https SYN_SENT

Until now, I have tried those scenarios and unfortunately none of them worked:

- env setting
export https_proxy=http://proxybox:3128
export http_proxy=http://proxybox:3128

- iptables
-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128
-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128

- apache
ProxyRemote * http://proxybox:3128 <http://proxybox:3128/>

- otrs
$Self->{'Package::Proxy'} = 'http://proxybox:3128/';

Any hint more than welcome!

Best regards,

Alex
Alex Mihičinac
2017-11-20 09:16:02 UTC
Permalink
Hello Renée,

thanks for your help! Unfortunately the problem still exists. Package::Proxy setting overwrites "WebUserAgent::Proxy". I have them both set, but nothing changes.
e.g. (no proxy mentioned?):

---------
$ ./otrs.Console.pl Maint::CloudServices::ConnectionCheck
Checking OTRS cloud service connectivity...
Sending request with the following options:
Timeout: 15 second(s)
---------

I've googled some hits, that demonstrate proxy setting in place, like this one:

---------
[***@OTRS otrs]# bin/otrs.CheckCloudServices.pl
Sending request with the following options:
Proxy Address: http://127.0.0.1
Proxy Port: 3128
Timeout: 15 second(s)
---------

How can I achieve this?

Best regards,

Alex
Hi Alex,
there are more Proxy settings in the SysConfig. E.g. Framework -> Core::WebUserAgent -> WebUserAgent::Proxy
Try to set those settings, too.
Kind regards,
Renée
Post by Alex Mihičinac
Hi all,
tcp 0 1 otrsbox:55984 portal-nodef04.ot:https SYN_SENT
- env setting
export https_proxy=http://proxybox:3128 <http://proxybox:3128/>
export http_proxy=http://proxybox:3128 <http://proxybox:3128/>
- iptables
-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128
-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128
- apache
ProxyRemote * http://proxybox:3128 <http://proxybox:3128/> <http://proxybox:3128/> <http://proxybox:3128/>
- otrs
$Self->{'Package::Proxy'} = 'http://proxybox:3128/ <http://proxybox:3128/>';
Any hint more than welcome!
Best regards,
Alex
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/ <http://otrs.org/>
Archive: http://lists.otrs.org/pipermail/otrs <http://lists.otrs.org/pipermail/otrs>
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs <http://lists.otrs.org/mailman/listinfo/otrs>
--
Perl / OTRS development: http://perl-services.de <http://perl-services.de/>
OTRS AddOn repository: http://opar.perl-services.de <http://opar.perl-services.de/>---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
Dimitrakakis Georgios
2017-11-20 10:34:23 UTC
Permalink
Hi Alex,

my installation is also behind a proxy and what I did was the following:


1) Core::Package set option Package::Proxy to your proxy like this http://proxy.domain.com:3128/

2) Core::Session set option SessionCheckRemoteIP to NO

3) Core::WebUserAgent set option WebUserAgent::Proxy to your proxy like this http://proxy.domain.com:3128/

then re-start your OTRS Daemon.

Of course you have to ask your network team to do the proper settings in the proxy to allow traffic from your OTRS server’s IP address.

Best,

G.


From: otrs [mailto:otrs-***@lists.otrs.org] On Behalf Of Alex Mihicinac
Sent: Monday, November 20, 2017 11:16 AM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] OTRS6b1 - how to force OTRS outbound connections, to go via proxy?

Hello Renée,

thanks for your help! Unfortunately the problem still exists. Package::Proxy setting overwrites "WebUserAgent::Proxy". I have them both set, but nothing changes.
e.g. (no proxy mentioned?):

---------
$ ./otrs.Console.pl Maint::CloudServices::ConnectionCheck
Checking OTRS cloud service connectivity...
Sending request with the following options:
Timeout: 15 second(s)
---------

I've googled some hits, that demonstrate proxy setting in place, like this one:

---------
[***@OTRS otrs]# bin/otrs.CheckCloudServices.pl
Sending request with the following options:
Proxy Address: http://127.0.0.1
Proxy Port: 3128
Timeout: 15 second(s)
---------

How can I achieve this?

Best regards,

Alex


On 20. nov. 2017, at 09:21, Renee B <***@perl-services.de<mailto:***@perl-services.de>> wrote:

Hi Alex,

there are more Proxy settings in the SysConfig. E.g. Framework -> Core::WebUserAgent -> WebUserAgent::Proxy

Try to set those settings, too.

Kind regards,
Renée

Am 20.11.2017 um 09:08 schrieb Alex Mihičinac:

Hi all,



can someone tell me, if it's possible to force OTRS's outbound connections to go via proxy? My otrsbox has no direct internet connection, so all connections need to go via proxy. Now I'd like to test v6b1 and it's working slow as hell, since it's waiting for network timeout of this specific connection:



tcp 0 1 otrsbox:55984 portal-nodef04.ot:https SYN_SENT



Until now, I have tried those scenarios and unfortunately none of them worked:



- env setting

export https_proxy=http://proxybox:3128<http://proxybox:3128/>

export http_proxy=http://proxybox:3128<http://proxybox:3128/>



- iptables

-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128

-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128



- apache

ProxyRemote * http://proxybox:3128<http://proxybox:3128/> <http://proxybox:3128/><http://proxybox:3128/>



- otrs

$Self->{'Package::Proxy'} = 'http://proxybox:3128/';



Any hint more than welcome!



Best regards,



Alex




---------------------------------------------------------------------

OTRS mailing list: otrs - Webpage: http://otrs.org/

Archive: http://lists.otrs.org/pipermail/otrs

To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
--
Perl / OTRS development: http://perl-services.de<http://perl-services.de/>

OTRS AddOn repository: http://opar.perl-services.de<http://opar.perl-services.de/>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs

______________________________________________________________________________
΀ο περιεχόΌεΜο αυτού του ηλεκτροΜικού ΌηΜύΌατος και τυχόΜ συΜηΌΌέΜα αρχεία είΜαι εΌπιστευτικά. ΑπευΞύΜεται ΌόΜο στους αΜαφερόΌεΜους παραλήπτες. ΑΜ λάβατε αυτό το ΌήΜυΌα εκ παραΎροΌής, παρακαλείσΞε Μα επικοιΜωΜήσετε αΌέσως Όε τοΜ αποστολέα του ΌηΜύΌατος ή τοΜ Ύιαχειριστή του συστήΌατος και Μα ΌηΜ αποκαλύψετε σε καΜέΜα το περιεχόΌεΜο. Οι απόψεις που εκφράζοΜται αΜήκουΜ στοΜ συγγραφέα και ΎεΜ εκφράζουΜ κατ' αΜάγκη τις απόψεις της Παγκρήτιας ΣυΜεταιριστικής ΀ράπεζας.

The contents of this email and any attachments are confidential. It is intended for the named recipients only. If you have received this email in error please notify the system administrator or the sender immediately and do not disclose the contents to anyone. Any views or opinions presented are of the author and not necessarily represent those of Pancretan Cooperative Bank
Alex Mihičinac
2017-11-20 11:29:46 UTC
Permalink
Hello Georgios,

this is it! It's working now, thanks for your assistance.

Best regards,

Alex
Hi Alex,
1) Core::Package set option Package::Proxy to your proxy like this http://proxy.domain.com:3128/ <http://proxy.domain.com:3128/>
2) Core::Session set option SessionCheckRemoteIP to NO
3) Core::WebUserAgent set option WebUserAgent::Proxy to your proxy like this http://proxy.domain.com:3128/ <http://proxy.domain.com:3128/>
then re-start your OTRS Daemon.
Of course you have to ask your network team to do the proper settings in the proxy to allow traffic from your OTRS server’s IP address.
Best,
G.
Sent: Monday, November 20, 2017 11:16 AM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] OTRS6b1 - how to force OTRS outbound connections, to go via proxy?
Hello Renée,
thanks for your help! Unfortunately the problem still exists. Package::Proxy setting overwrites "WebUserAgent::Proxy". I have them both set, but nothing changes.
---------
$ ./otrs.Console.pl Maint::CloudServices::ConnectionCheck
Checking OTRS cloud service connectivity...
Timeout: 15 second(s)
---------
---------
Proxy Address: http://127.0.0.1 <http://127.0.0.1/>
Proxy Port: 3128
Timeout: 15 second(s)
---------
How can I achieve this?
Best regards,
Alex
Hi Alex,
there are more Proxy settings in the SysConfig. E.g. Framework -> Core::WebUserAgent -> WebUserAgent::Proxy
Try to set those settings, too.
Kind regards,
Renée
Hi all,
tcp 0 1 otrsbox:55984 portal-nodef04.ot:https SYN_SENT
- env setting
export https_proxy=http://proxybox:3128 <http://proxybox:3128/>
export http_proxy=http://proxybox:3128 <http://proxybox:3128/>
- iptables
-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128
-A PREROUTING -s otrsbox/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination proxybox:3128
- apache
ProxyRemote * http://proxybox:3128 <http://proxybox:3128/> <http://proxybox:3128/> <http://proxybox:3128/>
- otrs
$Self->{'Package::Proxy'} = 'http://proxybox:3128/ <http://proxybox:3128/>';
Any hint more than welcome!
Best regards,
Alex
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/ <http://otrs.org/>
Archive: http://lists.otrs.org/pipermail/otrs <http://lists.otrs.org/pipermail/otrs>
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs <http://lists.otrs.org/mailman/listinfo/otrs>
--
Perl / OTRS development: http://perl-services.de <http://perl-services.de/>
OTRS AddOn repository: http://opar.perl-services.de <http://opar.perl-services.de/>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/ <http://otrs.org/>
Archive: http://lists.otrs.org/pipermail/otrs <http://lists.otrs.org/pipermail/otrs>
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs <http://lists.otrs.org/mailman/listinfo/otrs>
______________________________________________________________________________
΀ο περιεχόΌεΜο αυτού του ηλεκτροΜικού ΌηΜύΌατος και τυχόΜ συΜηΌΌέΜα αρχεία είΜαι εΌπιστευτικά. ΑπευΞύΜεται ΌόΜο στους αΜαφερόΌεΜους παραλήπτες. ΑΜ λάβατε αυτό το ΌήΜυΌα εκ παραΎροΌής, παρακαλείσΞε Μα επικοιΜωΜήσετε αΌέσως Όε τοΜ αποστολέα του ΌηΜύΌατος ή τοΜ Ύιαχειριστή του συστήΌατος και Μα ΌηΜ αποκαλύψετε σε καΜέΜα το περιεχόΌεΜο. Οι απόψεις που εκφράζοΜται αΜήκουΜ στοΜ συγγραφέα και ΎεΜ εκφράζουΜ κατ' αΜάγκη τις απόψεις της Παγκρήτιας ΣυΜεταιριστικής ΀ράπεζας.
The contents of this email and any attachments are confidential. It is intended for the named recipients only. If you have received this email in error please notify the system administrator or the sender immediately and do not disclose the contents to anyone. Any views or opinions presented are of the author and not necessarily represent those of Pancretan Cooperative Bank
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/ <http://otrs.org/>
Archive: http://lists.otrs.org/pipermail/otrs <http://lists.otrs.org/pipermail/otrs>
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs <http://lists.otrs.org/mailman/listinfo/otrs>
Loading...