Multiple Proxy Configuration
The Cloud Agent has support for multiple proxy servers defined in the Proxy URL. Cloud Agent will use the first proxy server in the list for its connection, if it fails to connect, the agent will use the next configured proxy server in the list until all proxy servers are attempted. You can have up to five proxy servers included in the proxy URL.
Each time the Cloud Agent connects to the Qualys Platform, it always uses the first proxy server in the ordered list. You can use the Configuration Tool to set the proxy order to be sequential or random. The agent does not maintain a history of the last proxy server used.
This proxy configuration can be used with the Qualys Gateway Service or third-party proxy servers. The failover proxy servers do not need to be on the same subnet as the first proxy server; as long as the Cloud Agent can connect to other proxy servers on other subnets, the agent will use those proxy server(s) if the first proxy server is not available.
You can configure multiple proxies in any of the files mentioned in the section What are my options?
Multiple proxies can be configured with qualys_https_proxy
or https_proxy
environment variables. It is recommended that you provide multiple proxies in the qualys_https_proxy
environment variable.
The following example shows how to set multiple proxies:
qualys_https_proxy=”https://[<username>:<password>@]<host1>:<port>;
https://[<username>:<password>@]<host2>:<port>; https://[<username>:<password>@]<host3>:<port>”
The list of proxies must be given in double quotes (“...”) and separated by a semi-colon (;), and if ";" is embedded in username/password, you must url-encode it. You can use the Proxy Configuration Encryption Utility to encrypt the user name and/or password that you provide to the proxy environment variable.
You can combine multiple proxy certificates into a single file, and place it at same location as earlier /etc/opt/qualys/cloud-agent/cert/custom-ca.crt
. Ensure that all certificates are valid, else you might get SSL/certificate errors.