Problem connecting polling tentacle via proxy

Hi,

I have installed a polling tentacle on one of our machines. The machine is only allowed to connect to octopus via a proxy (which I cannot control). The installation works well and the tentacle is visible in Octopus however the connection via 10943 does not work (so the health check fails).

Here some fact which are already tested:

  • The Proxy-Settings on the tentacle is set to “Use the proxy server configured in IE”
  • The port 10943 is open on Octopus server.
  • The Url https://my-octopus-server:10943/mx/v1 opened in Chrome on the tentacle machine brings up the Certificate dialog (the certificate is not trusted but OK) and then 404
  • The Url https://my-octopus-server:10943/mx/v1 opened in IE on the tentacle machine brings up the Certificate dialog (the certificate is not trusted but OK) and then an authentication dialog
  • The tentacle log shows:

2014-11-06 12:33:11.5029 INFO Waiting for service to start. Current status: StartPending
2014-11-06 12:33:12.5113 INFO Waiting for service to start. Current status: Running
2014-11-06 12:33:13.5175 INFO Service started
2014-11-06 12:33:13.5046 INFO Distribution service listening on: 10933
2014-11-06 12:33:39.5450 ERROR Error posting to: https://my-octopus-server:10943/mx/v1
System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time or established connection failed because connected host has failed to respond XX.XXX.XX.XXX:10943
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Pipefish.Transport.SecureTcp.Client.SecureTcpClient.Send(SecureTcpRequest request) in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\Client\SecureTcpClient.cs:line 55
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.PerformExchange() in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 330
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.Run() in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 182

I have no idea how I can bring the tentacle to work.

Any ideas?

Regards

Dirk

Hi Dirk,

Thanks for getting in touch! Tentacles behind proxy’s cannot communicate with Octopus. However this will be a little confusing because some things below have worked so lets see if I can explain it a bit.
Installing a Tentacle on a server should just happen regardless of if it can communicate or not. When you installed the Tentacle did you then register the machine in Octopus or did the tentacle do that itself?
Browsing to the Tentacle on its own server wont effect anything and the certificate thing also doesn’t matter, we don’t use those protocols or ports.
Sometimes you can troubleshoot listening tentacles by opening the page on the Octopus server to see if it can see the tentacle, but as this is a polling situation that won’t work either.

To confirm if they could possibly communicate we have two little tools that ping-pong between the servers to find any network issues, if these cant see each other direct Octopus <-> Tentacle communication won’t be available.

Let me know what you find.
Vanessa

Hi Vanessa,

sorry for the late reply. I needed some time to figure out what happens here because the Environment is not always available for me.

First: I tried the suggested tool ‘TentaclePing’ but with no success - which is really not a big surprise. As I have mentioned there is no DIRECT Access to the Octopus Server - only via Proxy. But after checking the source code i figured out You are using TcpClient which cannot connect via proxy.

However, on the TantacleManager I can configure a Proxy - so this must be something different.

So why I can configure a Proxy there when the communication:
Tentacle (polling) --> Proxy --> Octopus
is not supported? That sounds wired…

Also I did not browse the Tentacle on it’s own host but the Octopus server on port 10943 (which the polling tentacle tries to conect to). And this works via a Proxy!
Ah, and Yes the tentacle registered itself on the Octopus Server (via Proxy)…

So the real question is: Is a POLLING tentacle behind a PROXY supported or not. And if not why I can configure a proxy-Server on the Tentacle Manager?

Best Regards

Dirk

Hi Dirk,

Octopus->Tentacle communication doesn’t currently work via a proxy server. The proxy configuration in Octopus is designed for other tasks that use proxies - e.g., NuGet package downloads, web service API calls, etc.

Proxy support for Octopus->Tentacle (and Tentacle->Octopus) is something we hope to add in the future.

Paul

Polling Tentacle->Octopus via a proxy server is important for my company as well.

Is there any sort of work around? like manually copying a release and having the tentacle apply it?

Hi Brad,

Thanks for getting in touch! In 3.0 we have a feature coming called Offline Deployments which will allow you to create a deployment to then be run on a machine that Octopus cannot connect to or something that is not allowed external access. The current timeline has 3.0 for release in first quarter 2015. There is no other work around. Some customers at the moment use WiX for these situations.

Vanessa

Hey Paul,

Thanks for making the point about Octopus->Tentacle (and Tentacle->Octopus) not supporting comms over HTTP proxy… I spent endless hours researching and trying different things, and I lead my client to believe that it would work :frowning:

This also explains why proxy details can’t be specified during the Tentacle instance setup stage. Being able to specify proxy details “post setup” had me totally confused until now.

Is there any chance that “full proxy support” could be added to 2.x for those of us feeling the pain?

Cheers, Alex

PS, guys, let Paul know how much we want this :slight_smile:

1 Like