Interconnection between on-premises and cloud applications supports Kubernetes, SSH, and SOCKS proxies. This topic describes how to configure proxies.
Prerequisites
For Kubernetes proxies, the following requirements are met:
kubectl is installed and configured in your on-premises environment, so that Kubernetes clusters can be accessed through kubectl and kubeconfig files.
For SSH or SOCKS proxies, the following requirements are met:
An Elastic Compute Service (ECS) instance that can be accessed over SSH is prepared to establish channels between on-premises and cloud applications. For more information, see Create and manage an ECS instance in the console (express version).
ImportantMake sure that the ECS instance and the applications to be interconnected are deployed in the same virtual private cloud (VPC).
The SSH channel requires password logon. Key pair logon is not supported.
Configure the Kubernetes proxy
Start IntelliJ IDEA.
In the top navigation bar, choose .
In the left-side navigation pane of the Preferences dialog box, choose .
On the Proxy page, click AddProfile to create an empty proxy.
In the Profile Detail section, click Add on the right side.
In the Proxy Configuration dialog box, configure the parameters related to a Kubernetes proxy and click OK.
Parameter
Description
Proxy Type
Select Kubernetes.
Configuration File
Specify a kubeconfig file in your machine.
Namespace
The namespace in the Kubernetes cluster. The default namespace of Kubernetes clusters is named "default".
When you run your applications in on-premises process mode or on-premises container mode, Alibaba Cloud Toolkit creates a temporary proxy container that consumes 64 MB to 128 MB of memory in that namespace. When the on-premises application is stopped, Alibaba Cloud Toolkit deletes the proxy container.
NoteThe name of the proxy container is prefixed by etrans-.
Configure the SSH or SOCKS proxy
You can configure a single SSH proxy or, in complex scenarios, configure cascading SSH or SOCKS proxies. The cascaded proxy nearest to the cloud service must be an SSH proxy.
Configure an SSH proxy
Start IntelliJ IDEA.
In the top navigation bar, choose .
In the left-side navigation pane of the Preferences dialog box, choose .
On the Proxy page, click AddProfile to create an empty proxy.
In the Profile Detail section, click Add on the right side.
In the Proxy Configuration dialog box, configure the account and password for the SSH proxy, and click OK.
Parameter
Description
Proxy Type
Select SSH.
Proxy IP and Port
Enter the IP address and port of the proxy server.
Accounts
Enter the account of the proxy server.
Password
Enter the password of the proxy server.
Configure cascading proxies
For projects that have high security requirements, SSH logons from external users may be limited. In this scenario, you can configure cascading proxies to enable the interconnection between on-premises and cloud applications. This helps meet security compliance requirements.
When you configure cascading proxies for a cloud service, make sure that the cascaded proxy nearest to the cloud service is an SSH proxy.
Start IntelliJ IDEA.
In the top navigation bar, choose .
In the left-side navigation pane of the Preferences dialog box, choose .
On the Proxy page, click AddProfile to create an empty proxy.
NoteCascading proxies are configured by using the same profile. The settings of proxies that use the same profile take effect at the same time. This enables proxy cascading.
Configure an SSH proxy.
In the Profile Detail section, click Add on the right side.
In the Proxy Configuration dialog box, configure the account and password for the SSH proxy, and click OK.
Parameter
Description
Proxy Type
Select SSH.
Proxy IP and Port
Enter the IP address and port of the proxy server.
Accounts
Enter the account of the proxy server.
Password
Enter the password of the proxy server.
Configure a SOCKS proxy.
In the Profile Detail section, click Add on the right side.
In the Proxy Configuration dialog box, configure the IP address and port of the SOCKS proxy, and click OK.
Parameter
Description
Proxy Type
Select SOCKS.
Proxy IP and Port
Enter the IP address and port of the proxy server.
Accounts
Enter the account of the proxy server. If the SOCKS proxy does not provide authentication, leave this parameter empty.
Password
Enter the password of the proxy server. If the SOCKS proxy does not provide authentication, leave this parameter empty.
(Optional) Manually initialize a proxy
In most cases, you can use Alibaba Cloud Toolkit to easily initialize a proxy. The initialization of an SSH proxy requires the temporary root permissions on the SSH proxy server. The proxy can be used after the configuration is complete. The account information of the proxy can be reused, and you do not need to initialize the proxy again for later use. Alibaba Cloud Toolkit does not save the key for the root user. The key is not used for other purposes. If you do not want to provide the root permissions, perform the following operations to initialize a proxy:
To manually initialize a proxy, make sure that a jump server is available.
Edit the sshd_config file.
sudo vi /etc/ssh/sshd_configAdd the following configurations to enable request forwarding by using the account of the SSH proxy:
ClientAliveInterval 60 //The SSH proxy server sends requests to an on-premises client every 60 seconds. This operation keeps connections alive and prevents disconnections. Configure this parameter based on your requirements. Match User <yourSSHAccount> //The account name of the SSH proxy. GatewayPorts yesRestart the SSH proxy.
Debian or Ubuntu:
sudo systemctl restart sshCentOS, Red Hat Enterprise Linux (RHEL), or Fedora:
sudo systemctl restart sshd