Use a web proxy

Mirantis Secure Registry (MSR) makes outgoing connections to check for new versions, automatically renew its license, and update its vulnerability database. If MSR cannot access the Internet, you must manually apply any updates.

One option to keep your environment secure while still allowing MSR access to the Internet is to use a web proxy. If you have an HTTP or HTTPS proxy, you can configure MSR to use it. To avoid downtime, you should do this configuration outside business peak hours.

To configure MSR for web proxy use:

  1. Log in as an administrator to a node where MSR is deployed.

  2. Reconfigure MSR to use a web proxy:

    docker run -it --rm \
      mirantis/dtr:2.9.16 reconfigure \
      --http-proxy http://<domain>:<port> \
      --https-proxy https://<doman>:<port> \
      --ucp-insecure-tls
    

    If the web proxy requires authentication, submit your user name and password:

    docker run -it --rm \
      mirantis/dtr:2.9.16 reconfigure \
      --http-proxy username:password@<domain>:<port> \
      --https-proxy username:password@<doman>:<port> \
      --ucp-insecure-tls
    

    Note

    MSR does not display the password portion of the URL when it is presented in the MSR UI.

  3. Verify that your web proxy is properly configured:

    1. Log in to the MSR web UI.

    2. In the left-side navigation panel, navigate to System.

    3. Scroll down to Domains & Proxies and review the values of HTTP proxy and HTTPS proxy.