# Proxy

## Forward Proxy

Bindplane and Bindplane Collector support the use of an HTTP forward proxy for (egress) connections. The Proxy is configured using the `HTTP_PROXY` and `HTTPS_PROXY` environment variables.

## Configure Bindplane

You can configure the proxy environment variables by using a [Systemd override](https://wiki.archlinux.org/title/systemd). Run the following command:

```bash
sudo systemctl edit bindplane
```

Modify the unit file's override to look like this:

<figure><img src="/files/4JyZ4PC6gkjoHMPfKTn6" alt="Bindplane docs - Proxy - image 1"><figcaption></figcaption></figure>

Note that this example is using `http` for both `HTTP_PROXY` and `HTTPS_PROXY`. This is because the proxy server is not configured to use TLS. Connections to `https` sites (such as github.com and Google Cloud API) are still encrypted with TLS. See [TLS](#tls) for more details.

After saving the file, you can reload systemd and restart Bindplane.

```bash
sudo systemctl daemon-reload
sudo systemctl restart bindplane
```

Bindplane will now proxy outgoing requests using the configured proxy.

#### Configure Bindplane Collector on Linux

The process for Bindplane Collector is identical to Bindplane.

Create a [Systemd override](https://wiki.archlinux.org/title/systemd).

```bash
sudo systemctl edit observiq-otel-collector
```

Configure the `HTTP_PROXY` and `HTTPS_PROXY` environment variables.

```override
[Service]
Environment=HTTP_PROXY=http://proxy.corp:8000
Environment=HTTPS_PROXY=http://proxy.corp:8000
```

Reload systemd and restart the service.

```bash
sudo systemctl daemon-reload
sudo systemctl restart observiq-otel-collector
```

#### Configure Bindplane Collector on Windows

Create an environment registry entry and define the `HTTP_PROXY` and `HTTPS_PROXY` keys. Please modify the proxy.corp:8000 with your proxy server and port. If you need to define a password it would be user:pass\@proxycorp.8000:

```cmd
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\observiq-otel-collector" /v Environment /t REG_MULTI_SZ /d "HTTP_PROXY=http://proxy.corp:8000\0HTTPS_PROXY=http://proxy.corp:8000" /f
```

Restart the `observiq-otel-collector` service:

```cmd
net stop observiq-otel-collector
net start observiq-otel-collector
```

### Authentication

Username and password authentication is supported using the following form:

```bash
HTTP_PROXY=http://user:password@proxy.corp:3128
```

### TLS

TLS is always used between the proxy and the destination when connecting to a TLS secured\
endpoint, such as [https://logging.googleapis.com](https://logging.googleapis.com/) or <https://otlp-gateway-prod-us-central-0.grafana.net/otlp>.

This is often confusing because TLS is not required for the connection between Bindplane / Bindplane Collector and the proxy.

If your proxy has a TLS listener, you can use TLS for the connection between Bindplane / Bindplane\
Collector and the proxy like this:

```bash
HTTP_PROXY=https://proxy.corp.net:3128
HTTPS_PROXY=https://proxy.corp.net:3128
```

This will proxy `http` and `https` requests using TLS between your proxy client and server.

Note that your Bindplane server and your Bindplane Collectors must trust the certificate that is in use\
by the proxy.

You can read more about adding ca certificates to your servers by reviewing the following:

* [Debian based systems](https://manpages.debian.org/buster/ca-certificates/update-ca-certificates.8.en.html)
* [RHEL based systems](https://www.redhat.com/sysadmin/ca-certificates-cli)
* [Windows](https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bindplane.com/configuration/bindplane/proxy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.