Requirements for a MITM proxy¶
For MOSK, the feature is generally available since MOSK 23.1.
While bootstrapping a Container Cloud management or regional cluster using proxy, you may require Internet access to go through a man-in-the-middle (MITM) proxy. Such configuration requires that you enable streaming and install a CA certificate on a bootstrap node.
Enable streaming for MITM¶
./mitmdump --set stream_large_bodies=1
Install a CA certificate for a MITM proxy on a bootstrap node¶
Log in to the bootstrap node.
apt install ca-certificates
Copy your CA certificate to the
/usr/local/share/ca-certificates/directory. For example:
sudo cp ~/.mitmproxy/mitmproxy-ca-cert.cer /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
~/.mitmproxy/mitmproxy-ca-cert.cerwith the path to your CA certificate.
The target CA certificate file must be in the
PEMformat with the
Apply the changes:
Now, proceed with bootstrapping your management or regional cluster.