IBM Support

Configuring Cloud Storage Solutions for i to use a proxy server.

How To


Summary

With PTF SI73401, ICC can be configured to use a proxy server

Steps

To configure Cloud Storage Solutions for i to use a proxy, run the following commands:
  • CRTDTAARA DTAARA(QICC/QICCS3PRXY) TYPE(*CHAR) LEN(256)
  • CHGDTAARA DTAARA(QICC/QICCS3PRXY *ALL) VALUE('xx.xx.xx.xx') 
    Where xx.xx.xx.xx is the IP address of the Proxy Server
To display what the current value for the Proxy server is, run the following commands
    DSPDTAARA DTAARA(QICC/QICCS3PRXY)
    
To stop using the Proxy server, delete the data area
    DLTDTAARA DTAARA(QICC/QICCS3PRXY)

 
Troubleshooting:
  1. If you just applied SI73401 or a superseding PTF, be sure to sign off/on if doing interactive transfers, otherwise ICC can continue to use the old program that does not check for the proxy.
  2. Be sure your QICC/QICCS3PRXY *DTAARA is *CHAR with a length of 256, and contains the proxy IP address.
  3. Make sure your ICC resource has the cloud endpoint.  Do not put the proxy IP address in the ICC resource.
  4. For COS, use either the private endpoint or the direct endpoint, if one doesn't work, try the other.  The public endpoint will not work.
  5. For Amazon Cloud, resource URI is always s3.amazonaws.com.  Do not add anything about your region to the beginning.
  6. For Google CLoud, resource URI is always storage.googleapis.com. Do not add anything about your region to the beginning.
Notes:
  1. Limited testing has been done on this.  It has only been tested that use IBM Cloud Object Storage.  No testing has been done with other cloud providers.
  2. If you are using BRMS to do full system saves, you need to add any IFS objects needed for the proxy to the QCLDIPL *LNK List that is saved as part of QCLDBIPLxx control group so it is there for recovery.
Support for the nginx reverse proxy server:
The nginx reverse proxy server is open source, and is not supported by IBM, however the following is the server section from a nginx reverse proxy config that is known to work with Cloud Storage Solutions:
 
server {
  listen 80;
  server_name myicos.com;
  proxy_buffering off;
  client_body_buffer_size 1100M;
  client_max_body_size 1300M;
  location /
  { autoindex on;
     autoindex_exact_size off;
     proxy_pass http://s3.private.us-east.cloud-object-storage.appdomain.cloud;
     proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr;
     proxy_http_version 1.1;
     proxy_set_header Connection "";}
}

You need to change the endpoint in the proxy_pass and possibly the server name.  It is important that if you are listening on port 80, the URL in your proxy is http, not https.  If you listen on port 80, but use https, your transfer will fail.

IBM support does not assist with configuring your nginx (or other) reverse proxy servers, you can likely find support on various forums online.  Here is a document with information on support for IBM i open source:
https://www.ibm.com/support/pages/open-source-support-ibm-i

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.2.0"}]

Document Information

Modified date:
05 January 2023

UID

ibm16425649

Page Feedback