Discuss.FOLIO.org is no longer used. This is a static snapshot of the website as of February 14, 2023.

Local demo install / Okapi behind proxy

mathieugrimault
25 Nov '19

Hi, i’m following github.com/folio-org/folio-install/tree/master/runbooks/single-server (on a debian bustler) and it seems that okapi/pull don’t behave correctly behind a proxy :

okapi.log :
2019-11-25 12:16:32,155 INFO PullManager pull for […]://folio-registry.aws.indexdata.com failed with status connection timed out: folio-registry.aws.indexdata.com/3.88.110.24:80

I have put env vars, proxy settings in okapi conf file or proxy settings in jdk properties without success.

From what i see in github, there is no support ?

Mathieu

jroot
26 Nov '19

This is very interesting - we use Okapi behind a load balancer, which does work for us. I have https traffic on a URL being forwarded to Okapi running in a container, which is running on port 9130. I am setting the env vars for Okapi’s port to 9130 and Internal URL to: http://okapi:9130

koehlers
27 Nov '19

Hi Folks,

we at Leipzig University Library run into the same problem with Okapi in a private subnet and outgoing traffic.

@jroot. This affects the outgoing traffic if initialized by okapi itself. Or is your outgoing traffic NATed?

So for example pull requests to the folio-registry timed out. I have setup a simple nginx-Proxy reachable by okapi which forwards the requests to the registry.
Another module which would need this ability is the mod-agreements module as it connects to external knowledge bases like the gokbt.gbv.de.

The httpclient of Vert.x does not take note of the variables which define the http proxy.

According to Vert.x Core Manual Chapter “Using a proxy for HTTP/HTTPS connections” this could be done programmatically, but nobody has this done yet.

mathieugrimault
28 Nov '19

@koehlers Can you share your trick with nginx-Proxy ? I have tried an apache2 proxypass without success :confused:

I will try to submit a PR to github/okapi, most of the challenge is in having a functional dev and build environment.

koehlers
29 Nov '19

In the virtual host we have defined a location:

location /okapi/ {
        rewrite ^/okapi(/.*)$ $1 break;
        proxy_pass http://folio-registry.aws.indexdata.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect    off;
    }

and the pull request will be

cat > /tmp/pull.json <<END
{"urls" : [ "http://my.internal.server/okapi:80" ]}
END

curl -w '\n' -X POST -d@/tmp/pull.json http://okapiurl/_/proxy/pull/modules
mathieugrimault
3 Dec '19

Thanks ! I’m probably dumb but i can’t make this (or an apache version) to work. Where do you tell nginx to use your corporate proxy (Squid) ?

An attempt to be clear on my environment :
okapi_server -> nginx trick “Proxy” ->corporate Squid -> Internet

I made a try to modify okapi sources with some success but Java/Vertx proxy support is really not friendly and i encounter some bugs in vertx. There is a lot to modify and sometimes re-invent the wheel :confused:
I manage to make okapi loading modules from the central repo but then okapi is not behaving correctly with locals urls.

koehlers
4 Dec '19

Oh, i did not use a squid proxy. We have private subnets (which the kubernetes cluster is in) and public subnets. The nginx runs on a server which has a public ip and direct internet connection.

Maybe you could setup your own squid as transparent proxy and then use your corporate squid with the cache_peer directive. Or checkout okapi’s source code an set the proxy parameters i mentioned above.

Or if you have the possibility to connect to the internet from another computer in your network install a"okapi-in-the-middle" und pull from there.