Configure Proxy for HTTP Workers
Orkes Conductor lets you configure outbound proxy settings for HTTP workers, enabling secure communication in environments with restricted network access.
In enterprise environments, direct outbound internet access is often restricted. To comply with security and compliance policies, all external HTTP requests must pass through a proxy server. Orkes Conductor enables proxy configuration for HTTP tasks, allowing workflows to interact with external systems while adhering to corporate networking policies.
When to use proxy configuration
Enable proxy settings for HTTP workers when:
- You’re running a self-hosted Orkes Conductor deployment behind a firewall or proxy.
- Your organization mandates that all outbound requests go through a proxy.
Enable proxy on HTTP workers
To configure a proxy, add the following properties to the application-local.properties file in your Conductor server configuration.
# Basic proxy configuration
conductor.http.proxy.host=localhost
conductor.http.proxy.port=8888
conductor.http.proxy.type=HTTP
conductor.http.proxy.username=testuser
conductor.http.proxy.password=testpass
conductor.http.proxy.non-proxy-hosts=orkes-api-tester.orkesconductor.com,*.orkesconductor.com,localhost,127.0.0.1
| Property | Description | Required/Optional |
|---|---|---|
| conductor.http.proxy.host | Hostname or IP address of the server. For example, proxy.mycompany.com or 192.168.1.100. | Required. |
| conductor.http.proxy.port | Port number for the proxy server. | Required. |
| conductor.http.proxy.type | The proxy protocol type. Supported values:
| Optional. |
| conductor.http.proxy.username | The username for proxy authentication. | Optional. |
| conductor.http.proxy.password | The password for proxy authentication. | Optional. |
| conductor.http.proxy.non-proxy-hosts | Comma-separated hosts that bypass the proxy. It can be hostnames, IP addresses, or wildcard patterns. | Optional. |
Getting started
- Get proxy details from your network or security team.
- Add the required proxy configuration properties to the
application-local.propertiesfile in your Conductor server setup. - Test proxy routing using a simple workflow with HTTP tasks.
- Configure authentication if needed.
- Fine-tune the
non-proxy-hostslist to optimize traffic.
Best practices
Security considerations
- Use environment variables for sensitive credentials, such as passwords.
- Implement proper access controls on configuration files.
- Rotate proxy credentials regularly as per your security policy.
- Monitor proxy logs for unusual activity.
Performance optimization
- Use bypass rules effectively. Avoid routing internal traffic through external proxies.
- Consider proxy caching to improve performance by storing frequently accessed resources.
- Monitor latency to identify bottlenecks caused by proxy routing.
Examples
Enterprise environment with authentication
# Production proxy with corporate authentication
conductor.http.proxy.host=proxy.acmecorp.com
conductor.http.proxy.port=8080
conductor.http.proxy.type=HTTP
conductor.http.proxy.username=conductor-service
conductor.http.proxy.password=${PROXY_PASSWORD}
conductor.http.proxy.non-proxy-hosts=*.acmecorp.com,*.orkesconductor.com,localhost
Development environment with local proxy
# Development setup with local proxy for testing
conductor.http.proxy.host=localhost
conductor.http.proxy.port=8888
conductor.http.proxy.type=HTTP
conductor.http.proxy.non-proxy-hosts=localhost,127.0.0.1,*.local
Environment-specific proxy
# Use different proxies for different environments
conductor.http.proxy.host=${PROXY_HOST:proxy.default.com}
conductor.http.proxy.port=${PROXY_PORT:8080}
conductor.http.proxy.username=${PROXY_USER:}
conductor.http.proxy.password=${PROXY_PASS:}