I have 3 environments (let’s call them A, B, and C).
Environment A contains the Octopus Server, and needs to talk to a tentacle sitting in environment C.
However, environment A cannot see C, but A can see B, and B can see C. ( A -> B -> C )
Is there a way to set up Octopus to allow for this?
We have (I think) a similar requirement; there’ll be a firewall between the Octopus server and the tentacles, and we don’t want to have to punch loads of holes though our firewall . I’ve seen two options:
Isolated Deploy servers: https://octopus.com/docs/patterns/isolated-octopus-deploy-servers
The proxy option sounds better for us: “You can specify a proxy server for Octopus to use when communicating with a Tentacle” (we don’t think we need the web request bit). However, that article only explains how to configure the Octopus server & tentacles to use a proxy and says nothing about the proxy server itself (other than it cannot be SOCKS). What can we actually use to be this proxy server?
(If it was suitable, Johan might be able to put one in his environment B)
[Edit: we would be using listening tentacles, not polling]
Hi! Nailed it!
At this point those are the two best options, with Proxy Support offering the best possible result. You get the benefits of network zone isolation and communication flow control, along with a fully-connected Octopus Deploy setup.
You can put a proxy server in network zone B and configure either Listening or Polling Tentacles so long as you configure the networking routes and permissions correctly.
We have tested with a few different HTTP proxy servers and all of them worked OK out of the box, so you should be able to configure any HTTP proxy server. The only requirement I can think of is that it should support HTTP 1.1.
I have personally tested with CCProxy, Wingate and Squid.
We deliberately leave the configuration of the proxy server up to you since the requirements for each situation can vary significantly.
Hope that helps!
Thanks for the quick reply. I understand you might not be able to recommend any particular products but it’s useful to know which ones have actually been tried
Hopefully this might help Johan as well
I’ve just updated our docs to include some more details which should help: https://octopus.com/docs/installation/installing-tentacles/proxy-support#Choosing-a-proxy-server
Hope that helps!