Set an Access Gateway proxy server
This procedure describes how to set a proxy for Access Gateway.
Worker nodes retrieve information from the admin node over HTTPS. The following traffic is routed through the proxy:
- Communication to the Identity Provider.
- Communication with the YUM repositories.
- Access to your Okta org URL (<your-org>-admin.okta.com). Verify that this URL is excluded from SSL decryption.
Setting or unsetting a proxy requires a system restart. Set aside sufficient restart downtime.
Access Gateway doesn't support SSL decryption.
Before you begin
Configure nodes, workers, and admin nodes in the following ways before setting a proxy for Access Gateway:
- All nodes must be in the proxy bypass when you sync nodes.
- The worker node requires that the admin node is in the proxy bypass. Set a bypass proxy for the ha-admin.service.oag host. This is an internal host that Access Gateway uses for high-availability deployment.
- The admin node requires that the worker nodes are in the proxy bypass.
Set the proxy for Access Gateway
-
Sign in to the Access Gateway Management console.
Use ssh oag-mgmt@admin. With virtual environments, like Oracle VirtualBox, use the command window provided by the environment.
Username: oag-mgmt Password: <default-password>Change the default password the first time you sign in to Access Gateway Management console. See Sign in for the first time: Access Gateway Management console.
- Enter 1 - Network.
- Enter 5 - Proxy settings. See Proxy settings for a complete list of all proxy-related commands.
- Choose either 1 - Set proxy or 2 - Unset proxy. Enter Ctrl + c at any time to cancel.
- If you're setting a proxy, configure these options:
- Enter proxy host: Enter the proxy host name or the IP address of the proxy.
- Enter proxy port: Enter the port number where the proxy listens.
- Enter hosts that need to bypass proxy: Enter a comma-separated list of hosts that bypass the proxy.
- Enter y to confirm or N to cancel.
- If you're unsetting a proxy, enter y to unset a proxy, or N to cancel.
- If you're setting a proxy, configure these options:
- Enter x to return to the Proxy settings menu.
- Enter x to return to the Network menu.
- Enter x to return to the main menu.
- Enter 5 - System.
- Enter 5 - Reboot.
- Enter y to confirm reboot.
Repeat these steps on all high-availability cluster members.