This topic describes how to use NGINX as a forward proxy to connect your application to Application Real-Time Monitoring Service (ARMS) Application Monitoring.
Scenarios
You can connect an application deployed in a data center or a third-party cloud service to Application Monitoring, as long as the application is accessible to the ARMS server over a network. You can use the Internet or an Express Connect circuit. For more information, see Application Monitoring overview.
In financial systems and scenarios that require network security, if some hosts in the environment where the application is located are not accessible to the Internet, you can use a forward proxy.
Prerequisite
NGINX is deployed and running as expected.
Architecture
As shown in the figure, the Java application in the application deployment area of the data center cannot access the Internet. Only the DMZ can access the Internet. You can perform the following steps to configure forward proxy redirection:
Deploy NGINX in the DMZ. This topic provides an NGINX configuration script to forward the monitoring data that is reported by the ARMS agent to the ARMS server.
Modify the configuration of the ARMS agent to use NGINX as the target for reporting monitoring data.
Configure NGINX
Step 1: Install and deploy NGINX
Make sure that NGINX is installed and can access the Internet. For more information about how to install NGINX, see NGINX official documentation.
Step 2: Obtain the ARMS endpoint
Obtain the ARMS endpoint and the IP address of the ACM engine based on the Alibaba Cloud region where you want to deploy the application. For more information, see Network configurations required by the ARMS agent for Java.
Step 3: Obtain the ID of your Alibaba Cloud account
Obtain the ID of your Alibaba Cloud account. For more information, see How do I view the ID of an Alibaba Cloud account?
Step 4: Modify the NGINX configuration file
Modify the /etc/nginx/site-available/default file and add the following content:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name arms-service;
ignore_invalid_headers off;
# Replace "1672753017******" with the ID of the Alibaba Cloud account obtained in Step 3.
location /1672753017****** {
# Replace the URL with the continuous profiling endpoint obtained in Step 2.
proxy_pass http://arms-profiling-cn-shenzhen.oss-cn-shenzhen.aliyuncs.com;
}
location / {
# Replace the URL with the trace endpoint obtained in Step 2.
proxy_pass http://arms-dc-sz.aliyuncs.com;
}
}
server {
listen 9990;
server_name arms-meta;
ignore_invalid_headers off;
location / {
# Replace the URL with the trace endpoint obtained in Step 2.
proxy_pass http://arms-dc-sz.aliyuncs.com:9990;
}
}
server {
listen 80;
server_name arms-metrics;
ignore_invalid_headers off;
location / {
# Replace the URL with the metric endpoint obtained in Step 2.
proxy_pass http://cn-shenzhen.arms.aliyuncs.com;
}
}
server {
listen 8080;
server_name arms-acm;
ignore_invalid_headers off;
location / {
return 200 $server_addr;
}
}
server {
listen 8848;
server_name arms-acm;
ignore_invalid_headers off;
location / {
# Replace the IP address with the IP address of the ACM engine obtained in Step 2.
proxy_pass http://139.196.XX.XX:8848;
}
}Modify the /etc/nginx/nginx.conf file and add the following content:
stream {
upstream arms-arthas {
# Replace the URL with the trace endpoint obtained in Step 2.
server arms-dc-sz.aliyuncs.com:9092;
}
server {
listen 9092;
proxy_pass arms-arthas;
}
}Configure the ARMS agent
The forward proxy mode of ARMS supports ARMS agents that are manually installed or ARMS agents that are automatically installed in Kubernetes environments. For more information, see Manually install an ARMS agent and Automatically install an ARMS agent in an open-source Kubernetes cluster. After the ARMS agent is installed, data is reported to the public endpoint of ARMS. The Java application cannot access ARMS because it is not accessible to the Internet. Perform the steps in the section to change the target of data reporting to NGINX.
Agents V4.x and later
Manual installation
Step 1: Modify the hosts file
Add the following to the /etc/hosts file on the server where the application is located. Replace the IP address with the one of NGINX.
10.0.0.201 arms-service
10.0.0.201 arms-metrics
10.0.0.201 arms-meta
10.0.0.201 arms-acm
# Replace cn-shanghai in the domain with the Alibaba Cloud region code.
10.0.0.201 arms-profiling-cn-shanghai.arms-serviceStep 2: Modify agent network settings
Method 1: Create an
arms-agent.configfile with the following parameters in the agent's root directory:# The following 5 parameters exist in all versions of ARMS agents: profiler.collector.trace.endpoint=arms-service profiler.collector.metric.endpoint=arms-metrics profiler.collector.meta.endpoint=arms-meta profiler.collector.endpoint=arms-service profiler.acm.endpoint=arms-acm profiler.oss.endpoint=arms-serviceAdd
-Darms.config.file=${/path/to/arms-agent.config}to the application's startup parameters, where${/path/to/arms-agent.config}is the absolute path of arms-agent.config.Method 2: Add the following agent startup parameter:
-Dprofiler.collector.trace.endpoint=arms-service -Dprofiler.collector.metric.endpoint=arms-metrics -Dprofiler.collector.meta.endpoint=arms-meta -Dprofiler.acm.endpoint=arms-acm -Dprofiler.oss.endpoint=arms-service
Automatic installation in Kubernetes environments
To configure a forward proxy for an ARMS agent automatically installed in a Kubernetes environment, first update the agent to V3.2.0 or later.
Step 1: Obtain the configuration file content of the ARMS agent
For a Java application that has an ARMS agent automatically installed, log on to one pod. You can find the configuration file of the ARMS agent in the /home/admin/.opt/ArmsAgent/arms-agent.config directory and copy the content.
Step 2: Create a ConfigMap
Modify the values of the following configuration items in the configuration file content:
profiler.collector.trace.endpoint=arms-service
profiler.collector.metric.endpoint=arms-metrics
profiler.collector.meta.endpoint=arms-meta
profiler.collector.endpoint=arms-service
profiler.acm.endpoint=arms-acm
profiler.oss.endpoint=arms-serviceCreate a ConfigMap named arms-agent-proxy-mode.config and paste the modified configuration items:
apiVersion: v1
kind: ConfigMap
metadata:
name: arms-agent-proxy-mode.config
data:
arms-agent.config: |-
### Paste the modified configuration items.
profiler.collector.trace.endpoint=arms-service
profiler.collector.metric.endpoint=arms-metrics
profiler.collector.meta.endpoint=arms-meta
profiler.collector.endpoint=arms-service
profiler.acm.endpoint=arms-acm
profiler.oss.endpoint=arms-service
### Paste the modified configuration items.Step 3: Modify the YAML file of the application
Modify the YAML file of the workload to which the application belongs.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: spring-boot-demo
name: spring-boot-demo
spec:
replicas: 1
selector:
matchLabels:
app: spring-boot-demo
template:
metadata:
labels:
app: spring-boot-demo
armsPilotAutoEnable: "on"
armsPilotCreateAppName: spring-boot-demo
spec:
hostAliases:
# Replace the IP address with the IP address of NGINX.
- ip: "192.168.172.171"
hostnames:
- "arms-service"
- "arms-metrics"
- "arms-meta"
- "arms-acm"
# Replace "cn-shanghai" in the endpoint with the ID of the Alibaba Cloud region.
- "arms-profiling-cn-shenzhen.arms-service"
containers:
- env:
# Enter information about the new configuration file.
- name: ARMS_CONFIG_FILE
value: /home/admin/.opt/ArmsAgent/arms-agent-proxy-mode.config
image: >-
registry.cn-hangzhou.aliyuncs.com/ahas_apsara_adp/spring-boot-demo:wt-test
imagePullPolicy: Always
name: spring-boot-demo
ports:
- containerPort: 80
protocol: TCP
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
# Mount the new configuration file into the directory of the ARMS agent.
- mountPath: /home/admin/.opt/ArmsAgent/
name: arms-agent-proxy-mode
imagePullSecrets:
- name: wt-test
volumes:
# Map the configMap to a volume named arms-agent-proxy-mode.
- configMap:
name: arms-agent-proxy-mode.config
name: arms-agent-proxy-modeTake note of the annotations in the preceding YAML file.
Agents V3.x and earlier
Manual installation
Step 1: Modify the hosts file
Add the following to the /etc/hosts file on the server where the application is located. Replace the IP address with the one of NGINX.
10.0.0.201 arms-service
10.0.0.201 arms-metrics
10.0.0.201 arms-meta
10.0.0.201 arms-acm
# Replace cn-shanghai in the domain with the Alibaba Cloud region code.
10.0.0.201 arms-profiling-cn-shanghai.arms-serviceStep 2: Modify the agent configuration file
Find the arms-agent.config configuration file in the agent's directory and modify the values of the following parameters:
# The following 5 parameters exist in all versions of ARMS agents:
profiler.collector.trace.endpoint=arms-service
profiler.collector.metric.endpoint=arms-metrics
profiler.collector.meta.endpoint=arms-meta
profiler.collector.endpoint=arms-service
profiler.acm.endpoint=arms-acm
# The profiler.oss.endpoint parameter is added in agents V3.2.0 and later. Change its value to arms-service.
profiler.oss.endpoint=arms-serviceAutomatic installation in Kubernetes environments
To configure a forward proxy for an ARMS agent automatically installed in a Kubernetes environment, first update the agent to V3.2.0 or later.
Step 1: Obtain the configuration file content of the ARMS agent
For a Java application that has an ARMS agent automatically installed, log on to one pod. You can find the configuration file of the ARMS agent in the /home/admin/.opt/ArmsAgent/arms-agent.config directory and copy the content.
Step 2: Create a ConfigMap
Modify the values of the following configuration items in the configuration file content:
profiler.collector.trace.endpoint=arms-service
profiler.collector.metric.endpoint=arms-metrics
profiler.collector.meta.endpoint=arms-meta
profiler.collector.endpoint=arms-service
profiler.acm.endpoint=arms-acm
profiler.oss.endpoint=arms-serviceCreate a ConfigMap named arms-agent-proxy-mode.config and paste the modified configuration items:
apiVersion: v1
kind: ConfigMap
metadata:
name: arms-agent-proxy-mode.config
data:
arms-agent.config: |-
### Paste the modified configuration items.
profiler.collector.trace.endpoint=arms-service
profiler.collector.metric.endpoint=arms-metrics
profiler.collector.meta.endpoint=arms-meta
profiler.collector.endpoint=arms-service
profiler.acm.endpoint=arms-acm
profiler.oss.endpoint=arms-service
### Paste the modified configuration items.Step 3: Modify the YAML file of the application
Modify the YAML file of the workload to which the application belongs.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: spring-boot-demo
name: spring-boot-demo
spec:
replicas: 1
selector:
matchLabels:
app: spring-boot-demo
template:
metadata:
labels:
app: spring-boot-demo
armsPilotAutoEnable: "on"
armsPilotCreateAppName: spring-boot-demo
spec:
hostAliases:
# Replace the IP address with the IP address of NGINX.
- ip: "192.168.172.171"
hostnames:
- "arms-service"
- "arms-metrics"
- "arms-meta"
- "arms-acm"
# Replace "cn-shanghai" in the endpoint with the ID of the Alibaba Cloud region.
- "arms-profiling-cn-shenzhen.arms-service"
containers:
- env:
# Enter information about the new configuration file.
- name: ARMS_CONFIG_FILE
value: /home/admin/.opt/ArmsAgent/arms-agent-proxy-mode.config
image: >-
registry.cn-hangzhou.aliyuncs.com/ahas_apsara_adp/spring-boot-demo:wt-test
imagePullPolicy: Always
name: spring-boot-demo
ports:
- containerPort: 80
protocol: TCP
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
# Mount the new configuration file into the directory of the ARMS agent.
- mountPath: /home/admin/.opt/ArmsAgent/
name: arms-agent-proxy-mode
imagePullSecrets:
- name: wt-test
volumes:
# Map the configMap to a volume named arms-agent-proxy-mode.
- configMap:
name: arms-agent-proxy-mode.config
name: arms-agent-proxy-modeVerify the result
Log on to the ARMS console. In the left-side navigation pane, choose . Restart the application and wait for about 2 minutes. If the application appears on the Application List page and has data reported, the application is connected to Application monitoring.