Configure Proxy for HTTP Workers
Orkes Conductor lets you configure outbound proxy settings for HTTP workers, enabling secure communication in environments with restricted network access.
In enterprise environments, direct outbound internet access is often restricted. To comply with security and compliance policies, all external HTTP requests must pass through a proxy server. Orkes Conductor enables proxy configuration for HTTP and HTTP Poll tasks, allowing workflows to interact with external systems while adhering to corporate networking policies.
When to use proxy configuration
Enable proxy settings for HTTP workers when:
- You’re running a Orkes Conductor deployment behind a firewall or proxy.
- Your organization mandates that all outbound requests go through a proxy.
Enable proxy on HTTP workers
Proxy configuration for HTTP workers depends on your deployment type:
- For a self-hosted Orkes Conductor deployment, you must configure the proxy settings manually in the Conductor server configuration.
- For Orkes Cloud-deployed clusters, the proxy settings must be configured via the Cloud portal.
Proxy configuration parameters
Use the following properties to define proxy settings for HTTP workers:
| Property | Description | Required/Optional |
|---|---|---|
| conductor.http.proxy.host | Hostname or IP address of the server. For example, proxy.mycompany.com or 192.168.1.100. | Required. |
| conductor.http.proxy.port | Port number for the proxy server. | Required. |
| conductor.http.proxy.type | The proxy protocol type. Supported values:
| Optional. |
| conductor.http.proxy.username | The username for proxy authentication. | Optional. |
| conductor.http.proxy.password | The password for proxy authentication. | Optional. |
| conductor.http.proxy.non-proxy-hosts | Comma-separated hosts that bypass the proxy. It can be hostnames, IP addresses, or wildcard patterns. | Optional. |
Configure HTTP proxy settings
- Self-hosted Orkes Conductor deployment
- Orkes Cloud deployed clusters
Add the following properties to the application configuration file in your Conductor server configuration:
# Basic proxy configuration
conductor.http.proxy.host=localhost
conductor.http.proxy.port=8888
conductor.http.proxy.type=HTTP
conductor.http.proxy.username=testuser
conductor.http.proxy.password=testpass
conductor.http.proxy.non-proxy-hosts=orkes-api-tester.orkesconductor.com,*.orkesconductor.com,localhost,127.0.0.1
To configure proxy settings in Orkes Cloud-deployed clusters, update your cluster’s application properties from the Cloud Portal.
You can either:
- Contact your Orkes account representative to enable proxy settings for your cluster.
- Enable it manually from your Cloud portal using the following steps. Orkes Cloud access is required to perform this action.
For Conductor version 5.0.1 and above:
- Go to Clusters from the left navigation menu on your Orkes Cloud portal.
- Select your cluster and go to Select an Action > Upgrade Deployment.
- In Resource Type, select Conductor Server.
- Select + button, and add the proxy configuration as key-value pairs:
- Select Confirm.
For Conductor version below v5.0.1
- Go to Clusters from the left navigation menu on your Orkes Cloud portal.
- Select your cluster and go to Select an Action > Upgrade Deployment.
- In Resource Type, select Conductor Server.
- Select + button, and add the proxy configuration as key-value pairs.
- Select Confirm.
- Again, go to Select an Action > Upgrade Deployment.
- In Resource Type, select Conductor Workers.
- Select + button, and add the proxy configuration as key-value pairs:
- Select Confirm.
Once done, create workflows with HTTP or HTTP Poll tasks. Outbound calls from these tasks will be routed through the configured proxy.
Best practices
Security considerations
- Use environment variables for sensitive credentials, such as passwords.
- Implement proper access controls on configuration files.
- Rotate proxy credentials regularly as per your security policy.
- Monitor proxy logs for unusual activity.
Performance optimization
- Use bypass rules effectively. Avoid routing internal traffic through external proxies.
- Consider proxy caching to improve performance by storing frequently accessed resources.
- Monitor latency to identify bottlenecks caused by proxy routing.
Examples
Enterprise environment with authentication
# Production proxy with corporate authentication
conductor.http.proxy.host=proxy.acmecorp.com
conductor.http.proxy.port=8080
conductor.http.proxy.type=HTTP
conductor.http.proxy.username=conductor-service
conductor.http.proxy.password=${PROXY_PASSWORD}
conductor.http.proxy.non-proxy-hosts=*.acmecorp.com,*.orkesconductor.com,localhost
Development environment with local proxy
# Development setup with local proxy for testing
conductor.http.proxy.host=localhost
conductor.http.proxy.port=8888
conductor.http.proxy.type=HTTP
conductor.http.proxy.non-proxy-hosts=localhost,127.0.0.1,*.local
Environment-specific proxy
# Use different proxies for different environments
conductor.http.proxy.host=${PROXY_HOST:proxy.default.com}
conductor.http.proxy.port=${PROXY_PORT:8080}
conductor.http.proxy.username=${PROXY_USER:}
conductor.http.proxy.password=${PROXY_PASS:}