Skip to main content
Skip table of contents

Configuring a Proxy Server

The following sections describe how to build and configure a proxy server.

Click here for the video tutorial on configuring a proxy server.

A proxy server allows Lucidum connectors that run on your SaaS account to fetch data securely from your on-premises assets.

Deploy and Prep the Virtual Machine or Server

The proxy server must meet these requirements:

Example

•Server is AWS t2.micro (free tier)

•1GB memory

•16GB storage

•64-bit (required for Docker)

•Ubuntu 22.04 (LTS preferred for support)

Validate Network Connectivity

Use the following sections to validate network connectivity on the proxy server.

Update Linux Packages

After configuring Linux on the proxy server, best practice is to update all packages. To do this:

  1. Either log in to the console of the proxy server or use SSH to access the server.

  2. On the proxy server, open a shell session.

  3. At the shell prompt, type:

sudo apt update

sudo apt upgrade -y

These commands not only update the packages on the new server but also test internet connectivity and DNS resolution.

Check NTP Connection

After configuring Linux on the proxy server, check the NTP connection. To do this:

  1. Either log in to the console of the proxy server or use SSH to access the server.

  2. On the proxy server, open a shell session.

  3. To check the NTP source, at the shell prompt, type:

    chronyc sources

  4. To check the health of the system clock, at the shell prompt, type:

    chronyc tracking

Check Lucidum Tunnel Connection

The proxy server must have network connectivity to the Lucidum appliance via outbound port 1194.

To test this connectivity:

  1. Either log in to the console of the proxy server or use SSH to access the server.

  2. On the proxy server, open a shell session.

  3. To check the tunnel connection at port 1194, at the shell prompt, type:

    nmap -Pn -p 1194 tunnel.[fully qualified domain name]

    where:

    fully qualified domain name is the fully qualified domain name of the Lucidum SaaS instance. Usually the fqdn is <customer_name>.lucidum.cloud

To view the fully qualified domain name of the Lucidum SaaS instance, you can view the contents of the client.conf file that Lucidum sends you. To do so:

cat client.conf

The nmap command validates that the TCP port 1194 is open outbound from the proxy server and open inbound on the Lucidum SaaS instance.

Install and Configure Docker

The proxy server requires Docker. To install and configure Docker:

  1. Either log in to the console of the proxy server or use SSH to access the server.

  2. On the proxy server, open a shell session.

  3. Create a user called “lucidum”. To do this, at the shell prompt, type:

    sudo adduser lucidum

  4. Make note of the password you created for “lucidum”.

  5. Add lucidum user to the admin group. This allows lucidum to use sudo commands. At the shell prompt, type:

    sudo usermod –a –G admin lucidum

  6. Install docker. For details on installing Docker on all Linux operating systems, see https://docs.docker.com/engine/install/

  7. In our example, we will install Docker on Ubuntu and install from repository. For details, see https://docs.docker.com/engine/install/ubuntu/

    • Set up the repository

    • Install the Docker engine

  8. Create a “docker” group. At the shell prompt, type:

    sudo groupadd docker

  9. Add the “lucidum” user to the “docker” group. This allows lucidum to run docker commands. At the shell prompt, type:

    sudo usermod –a –G docker lucidum

  10. To force the proxy server to read the group memberships, log out of the proxy server and log back in.

Copy client.conf to the Proxy Server

To create the proxy server, Lucidum supplies a file called client.conf.

  1. Login to your Lucidum system.

  2. Go to Settings > Tunnel Proxy Settings.

  3. In the Tunnel Proxy Settings page, click the Download (down arrow) icon.

    tunnel_proxy_settings_updated.png

  4. In the Tunnel Proxy Settings page, click the Download (down arrow) icon.

  5. Lucidum will download a file named client.conf to your local computer.

  6. The client.conf file includes:

    • FQDN and port for the tunnel endpoint

    • Keys

    • TLS certs

  7. Either log in to the console of the proxy server or use SSH to access the server.

  8. Using a tool like WinSCP or FTP, copy client.conf to your home directory on the proxy server.

  9. On the proxy server, open a shell session.

  10. Create the directory /usr/lucidum/tunnel. To do this, at the shell prompt, type:

    mkdir -p /usr/lucidum/tunnel

  11. Navigate to the directory where you stored client.conf.

  12. Copy client.conf to the directory /usr/lucidum/tunnel. To do this, at the shell prompt, type:

    sudo cp ./client.conf /usr/lucidum/tunnel

  13. Make the directory that contains client.conf read-only. To do this, at the shell prompt, type:

    chmod a=r /usr/lucidum/tunnel

Start Docker and Run the Docker Image

Next, you must start docker and run the docker image.

  1. On the proxy server, login as user “lucidum”. Either log in to the console of the proxy server or use SSH to access the server.

  2. On the proxy server, open a shell session.

  3. See if Docker is running. To do this, at the shell prompt, type:

    docker ps

  4. If you see the message “Cannot connect to Docker daemon…”, you must start Docker.

  5. Start Docker. To do this, at the shell prompt, type:

    sudo systemctl start docker

  6. See if Docker is running. To do this, at the shell prompt, type:

    docker ps

  7. Start the new Docker container. To do this, at the shell prompt, type:
    docker run -d --cap-add=NET_ADMIN \

    --device=/dev/net/tun \

    --restart=unless-stopped \

    --network=bridge \

    -v /usr/lucidum/tunnel:/data \

    --name=lucidum-tunnel \

    public.ecr.aws/lucidum/tunnel-client:v1.1.2

    NOTE: If you are using Red Hat Enterprise Linux, you must add an additional line to start the Docker container. Use this script and note the additional line that begins with “--unlimit”.

    docker run -d --cap-add=NET_ADMIN \

    --device=/dev/net/tun \

    --restart=unless-stopped \

    --network=bridge \

    -v /usr/lucidum/tunnel:/data \

    --name=lucidum-tunnel \

    --ulimit nofile=1048576:1048576 \

    public.ecr.aws/lucidum/tunnel-client:v1.1.2

  8. When you have completed configuration on your proxy server and on your Lucidum system, contact Lucidum Customer Success to test your connection and help you troubleshoot if necessary.

Verify Tunnel Connection

To view the logs for the tunnel connection between Lucidum and the proxy server:

  1. On the proxy server, login as user “lucidum”. Either log in to the console of the proxy server or use SSH to access the server.

  2. On the proxy server, open a shell session.

  3. View the logs for the tunnel connection. To do this, at the shell prompt, type:

    docker logs lucidum-tunnel

  4. The log should look something like this:

Configuring Connectors to Use the Proxy Server

  1. Navigate to the Lucidum UI

  2. In the left pane, click the Connectors icon.

  3. In the Connectors page, you can view the list of connectors.

  4. Look for the connector in the Errors, Disabled, or Enabled category. These are connectors that have already been configured.

  5. In the Settings page, scroll down the field in the right pane. If the connector supports a proxy, it will include the Proxy field.

  6. Enter the following in the Proxy field:

    • 192.168.255.6:3128

    This is the IP address and port number of the proxy service inside the docker container on the proxy server.

Note that this IP value appeared in the log file in the section above.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close