Using FME Server with a Proxy Server
A proxy server is a computer on your LAN that allows you to connect to external servers without compromising the security of your internal network. If you are consuming FME Server Web Services and your organization uses a proxy server on your network, you can configure FME Server to connect through the proxy.
1. Set Up the Proxy Server Connection
To connect FME Server to a proxy server, follow the appropriate set of instructions, depending on the Windows account that is running the FME Server System Services:
Note: To determine the account that is running the FME Server System Services, run services.msc
. In the Services dialog, the account that is running any of the FME Server-related services is listed under Log On As.
- On all machines hosting FME Engines, log on to Windows using an administrator account.
- Run the Windows Command Prompt as administrator, and execute the following commands:
netsh
winhttp
set proxy <ProxyServerName>:<Port_No>
Where <ProxyServerName> is the proxy server name, and <Port_No> is the port through which communication with the proxy server takes place.
For example:
netsh
winhttp
set proxy myproxy:80
Note: For more information about the set proxy
syntax, see https://technet.microsoft.com/en-us/library/cc731131.aspx#BKMK_5
- On all machines running FME Engines, log on to Windows using the account that runs the FME Engines.
- From the Start menu, choose Control Panel > Internet Options > Connections > LAN settings.
- Check the box beside Use a proxy server for your LAN.
- Enter the address and port number for your proxy server. Click OK.
- Test the connection to your proxy server. Open a browser and navigate to a web site. If the connection is set up properly, you are prompted to provide proxy server credentials before the web site opens.
2. Make the FME Engines Aware of the Proxy Server
- Run the Windows Command Prompt as administrator, and navigate to:
$(FME_SERVER_HOME)\Server\fme
- Run the following commands:
- <Basic|Digest|NTLM> is Basic, Digest, or NTLM, depending on the authentication method used by the proxy server. If not specified,
Basic
is assumed. - <UserName> is the user name for running the proxy server.
- <password> is the password for the proxy server account.
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Setting" "Use System Proxy"
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Authentication Method" "<Basic|Digest|NTLM>"
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Server Require Authentication" "true"
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Username" "<UserName>"
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Password" "fme_encrypt(<password>)"
Where:
3. Restart the FME Server Engines (Windows Service)
After configuring, restart the FME Server Engines (Windows Service). For more information, see Starting and Stopping FME Server Manually.
Specifying Custom Proxy Maps
You can specify custom proxy maps in addition to, or instead of, using the system proxy. A custom proxy map allows you to map access to specific URLs through an alternative proxy on your system. Use a custom proxy map if you need to bypass your network's default rules or system proxy settings in order to access these URLs.
The following syntax specifies how to map access to one or more URLs through a custom proxy. Repeat all parameters for each URL, as shown:
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Custom Proxy Map" "<Source_URL>,<Proxy_URL>,<Proxy_Port>,<Requires_Authentication>,<UserName>,fme_encrypt(<Password>),<Authentication_Method>[,<Source_URL>,<Proxy_URL>,<Proxy_Port>,<Requires_Authentication>,<UserName>,fme_encrypt(<Password>),<Authentication_Method>]"
Where:
Other Notes
To use a proxy server without authentication, instead specify:
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Server Require Authentication" "false"
To stop using the proxy server, run:
fme.exe APPLY_SETTINGS SYSTEM "Proxy/Proxy Setting" "No Proxy"
1. Set Up the Proxy Server Connection
A proxy connection must be configured on all machines hosting FME Engines.
You can use a graphical administration tool specific to your Linux distribution. For example, using the Ubuntu graphical tool, proxy servers are configured under Network > Network Proxy.
Alternatively, open the /etc/environment file in an editor and edit it directly:
- Add the following lines, modifying appropriately.
- In some Linux releases, the apt-get update command clears all environment variables when used with
sudo
. To maintain thehttp_proxy
value configured above, edit file /etc/sudoers as follows:- Run the following command to open the file for editing safely:
- Locate the following line:
- After this line, add the following line:
visudo
Defaults env_reset
Defaults env_keep = "http_proxy ftp_proxy"
- Log out and reboot to make sure the changes take effect.
http_proxy="http://<my_proxy.server.com>:<my_proxy_port>/"
https_proxy="http://<my_proxy.server.com>:<my_proxy_port>/"
no_proxy="localhost,127.0.0.1,<my_local_address>,.<my_local_domain.com>"
HTTP_PROXY="http://<my_proxy.server.com>:<my_proxy_port>/"
HTTPS_PROXY="http://<my_proxy.server.com>:<my_proxy_port>/"
NO_PROXY="localhost,127.0.0.1,<my_local_address>,.<my_local_domain.com>"
2. Make the FME Engines Aware of the Proxy Server
- Run the Linux command line and navigate to: /opt/fme-engine-<year>, where <year> is the FME Server release version, such as 2016.
- Run the following commands:
- <Basic|Digest|NTLM> is Basic, Digest, or NTLM, depending on the authentication method used by the proxy server. If not specified,
Basic
is assumed. - <UserName> is the user name for running the proxy server.
- <password> is the password for the proxy server account.
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Setting" "Use System Proxy"
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Authentication Method" "<Basic|Digest|NTLM>"
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Server Require Authentication" "true"
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Username" "<UserName>"
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Password" "fme_encrypt(<password>)"
Where:
Specifying Custom Proxy Maps
You can specify custom proxy maps in addition to, or instead of, using the system proxy. A custom proxy map allows you to map access to specific URLs through an alternative proxy on your system. Use a custom proxy map if you need to bypass your network's default rules or system proxy settings in order to access these URLs.
To map access to a URL through a custom proxy, run this command for each URL:
./fme APPLY_SETTINGS SYSTEM "Proxy/Custom Proxy Map" "<Source_URL>,<Proxy_URL>,<Proxy_Port>,<Requires_Authentication>,<UserName>,<Password>,<Authentication_Method>"
Where:
- <Source_URL> is the URL you want to access. The URL must be an exact match with the URL in the request; for example, http://www.lib.uwaterloo.ca/locations/umd/digitization_project/Roads_NTDB.zip.
- <Proxy_URL> is the URL of the proxy server on your system that will handle requests to the <Source_URL>.
- <Proxy_Port> is the port number on the proxy server through which requests are handled.
- <Requires_Authentication> is true or false, depending on whether the proxy server requires authentication to access. If true, provide <UserName>, <Password>, and <Authentication_Method> (Basic, Digest, or NTLM).
Other Notes
To use a proxy server without authentication, instead specify:
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Server Require Authentication" "false"
To stop using the proxy server, run:
./fme APPLY_SETTINGS SYSTEM "Proxy/Proxy Setting" "No Proxy"