Environments with no internet access (Forward proxy)
A forwarding proxy can be used when running the UXM Desktop Agent in a restricted network where TCP/443 (HTTPs) traffic is blocked.
Setup Forward proxy on Linux Ubuntu
Use nginx proxy_connect module from https://github.com/chobits/ngx_http_proxy_connect_module#install
NGINX can be compiled and setup with forwarding proxy via the following command lines:
sudo -i apt-get update apt-get install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libxml2 libxml2-dev uuid-dev cd /tmp/ wget http://nginx.org/download/nginx-1.24.0.tar.gz tar -xzvf nginx-1.24.0.tar.gz git clone https://github.com/chobits/ngx_http_proxy_connect_module.git cd nginx-1.24.0/ patch -p1 < /tmp/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch ./configure \ --user=www-data --group=www-data \ --prefix=/var/www/nginx \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log \ --with-pcre \ --lock-path=/var/lock/nginx.lock \ --pid-path=/var/run/nginx.pid \ --with-http_ssl_module \ --with-stream \ --with-stream_ssl_preread_module \ --with-stream_ssl_module \ --add-dynamic-module=/tmp/ngx_http_proxy_connect_module make && make install
Afterwards edit /etc/nginx/nginx.conf
load_module /var/www/nginx/modules/ngx_http_proxy_connect_module.so; user www-data; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 3128; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } } }
Configure nginx service and start the service
Edit the systemd service file: `nano /lib/systemd/system/nginx.service` and add:
[Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx ExecReload=/usr/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
Restart the nginx service and check status:
systemctl restart nginx.service systemctl status nginx.service systemctl enable nginx.service
Deploy UXM Desktop agent with proxy configured
The UXM Desktop agent needs to be deployed with proxy_auto_detect, proxy_server and proxy_port configured, see options in Deploying Desktop Agent (EXE)
UXM_Desktop_Agent_YYYY.MM.DD.exe /verysilent /norestart /closeapplications /agent_key=UXM_AGENT_KEY /collector=https://customername.uxmapp.com /log /enable_ui_plugin=true /enable_chrome_plugin=false /enable_firefox_plugin=false /force_activation=false /proxy_auto_detect=false /proxy_server=ip_of_proxy_Server /proxy_port=proxy_port
Restart the UXM Desktop Agent service and verify in logfile C:\ProgramData\Systemslab\UXM PC Agent\Logs\PCAgent.exe.log that it can send the data and receive configuration.
Successful logs when connecting through proxy server:
... 2023-05-24 11:17:30 HTTPClient: [Information] Using collector: https://dev-emea-hf.uxmapp.com, verify_ssl_certificate: 1 2023-05-24 11:17:30 HTTPClient: [Information] Using proxy settings: 10.166.15.192 port 3128, auth: , AutoConfigUrl: ... 2023-05-24 11:26:38 HTTPClient: [Information] Received ... 2023-05-24 11:18:30 HTTPClient: [Information] Sending MultiMessage queue, size: 5489, max size is 10485760 ...
Unsuccessful logs when connecting through proxy server:
... 2023-05-24 11:17:30 HTTPClient: [Information] Using collector: https://dev-emea-hf.uxmapp.com, verify_ssl_certificate: 1 2023-05-24 11:17:30 HTTPClient: [Information] Using proxy settings: 10.166.15.192 port 3128, auth: , AutoConfigUrl: ... 2023-05-24 11:23:25 HTTPClient: [Information] Sending MultiMessage queue, size: 10985, max size is 10485760 2023-05-24 11:23:26 HTTPClient: [Error] ConnectionRefusedException collector: https://dev-emea-hf.uxmapp.com, displayText: Connection refused 2023-05-24 11:28:37 HTTPClient: [Error] OnTimer exception collector: https://dev-emea-hf.uxmapp.com, what: HTTP Exception, message: Cannot establish proxy connection: Not Allowed ...
Browser extensions
Currently browser extensions use Windows proxy settings and will only allow traffic if the proxy settings in the browser is configured to send through the forwarding proxy.
It's on the roadmap that browser extensions sends the data through the UXM Desktop Agent service.
Security
Traffic send to UXM will use HTTPs encryption through the forwarding proxy, SSL and custom HTTPs certificates needs to be configured on the proxy if proxy authorization is required.