Skip to main content

Configure Proxy for HTTP Workers

Orkes Conductor lets you configure outbound proxy settings for HTTP workers, enabling secure communication in environments with restricted network access.

In enterprise environments, direct outbound internet access is often restricted. To comply with security and compliance policies, all external HTTP requests must pass through a proxy server. Orkes Conductor enables proxy configuration for HTTP and HTTP Poll tasks, allowing workflows to interact with external systems while adhering to corporate networking policies.

When to use proxy configuration

Enable proxy settings for HTTP workers when:

  • You’re running a Orkes Conductor deployment behind a firewall or proxy.
  • Your organization mandates that all outbound requests go through a proxy.

Enable proxy on HTTP workers

Proxy configuration for HTTP workers depends on your deployment type:

  • For a self-hosted Orkes Conductor deployment, you must configure the proxy settings manually in the Conductor server configuration.
  • For Orkes Cloud-deployed clusters, the proxy settings must be configured via the Cloud portal.

Proxy configuration parameters

Use the following properties to define proxy settings for HTTP workers:

PropertyDescriptionRequired/Optional
conductor.http.proxy.hostHostname or IP address of the server. For example, proxy.mycompany.com or 192.168.1.100.Required.
conductor.http.proxy.portPort number for the proxy server.Required.
conductor.http.proxy.typeThe proxy protocol type. Supported values:
  • HTTP
  • SOCKS
Default is HTTP.
Optional.
conductor.http.proxy.usernameThe username for proxy authentication.Optional.
conductor.http.proxy.passwordThe password for proxy authentication.Optional.
conductor.http.proxy.non-proxy-hostsComma-separated hosts that bypass the proxy. It can be hostnames, IP addresses, or wildcard patterns.Optional.

Configure HTTP proxy settings

Add the following properties to the application configuration file in your Conductor server configuration:

# Basic proxy configuration
conductor.http.proxy.host=localhost
conductor.http.proxy.port=8888
conductor.http.proxy.type=HTTP
conductor.http.proxy.username=testuser
conductor.http.proxy.password=testpass
conductor.http.proxy.non-proxy-hosts=orkes-api-tester.orkesconductor.com,*.orkesconductor.com,localhost,127.0.0.1

Once done, create workflows with HTTP or HTTP Poll tasks. Outbound calls from these tasks will be routed through the configured proxy.

Best practices

Security considerations

  • Use environment variables for sensitive credentials, such as passwords.
  • Implement proper access controls on configuration files.
  • Rotate proxy credentials regularly as per your security policy.
  • Monitor proxy logs for unusual activity.

Performance optimization

  • Use bypass rules effectively. Avoid routing internal traffic through external proxies.
  • Consider proxy caching to improve performance by storing frequently accessed resources.
  • Monitor latency to identify bottlenecks caused by proxy routing.

Examples

Enterprise environment with authentication
# Production proxy with corporate authentication
conductor.http.proxy.host=proxy.acmecorp.com
conductor.http.proxy.port=8080
conductor.http.proxy.type=HTTP
conductor.http.proxy.username=conductor-service
conductor.http.proxy.password=${PROXY_PASSWORD}
conductor.http.proxy.non-proxy-hosts=*.acmecorp.com,*.orkesconductor.com,localhost
Development environment with local proxy
# Development setup with local proxy for testing
conductor.http.proxy.host=localhost
conductor.http.proxy.port=8888
conductor.http.proxy.type=HTTP
conductor.http.proxy.non-proxy-hosts=localhost,127.0.0.1,*.local
Environment-specific proxy
# Use different proxies for different environments
conductor.http.proxy.host=${PROXY_HOST:proxy.default.com}
conductor.http.proxy.port=${PROXY_PORT:8080}
conductor.http.proxy.username=${PROXY_USER:}
conductor.http.proxy.password=${PROXY_PASS:}