Set proxy with credentials on Server

I am unable to set proxy with credentials (eg. authentication) on KNIME Server.

I tried:

  • exporting preferences to preferences.epf file and saving it to /config folder on the server. Proxy settings do get saved in this file but without username and password used to authenticate on the proxy.
  • using -Dhttp.proxy* settings in knime.ini file with login info.
  • copying secure_storage file to the server and setting -eclipse.keyring in knime.ini file pointing it to the directory that holds secure storage file (result: cannot start JVM; unrecognized option).

I have no other idea how to allow KNIME workflows access outside world via proxy.

Any thoughts?

Hi,

Hm, I don't have a solution to it as we don't have a password protected proxy.You already seem pretty advanced with your trials. Just to double-check you also included the -Dhttp.proxyUser and password in your knime.ini file?

Also double check it finds the correct knime.ini file on the server. It uses the knime.ini in /knime.ini (or /config/knime.ini starting with 4.0) if present. Otherwise it uses the knime.ini file located in the KNIME RMI folder.

Hope this helps,

Bernd

PS: You might also be able to write a java snippet and extract all system properties into a table. This you could then run in the server and check that the output contains the settings as expected.

I have used knime.ini file located in folder specified by com.knime.server.executor.knime_exe property in knime-server.config file. From what I can see the settings are used. I have created a simple workflow that uses "Extract System Properties" node and I can see that my settings are printed (see picture systemprop.png). I sitll get an exception NoRouteToHostException when trying to access external web page (see picture noroute.png).

Do you think that might be a problem in GET (REST) nodes?

Regards,

Primož

noroute.png

systemprops.png

Hi Primož,

that's a tricky question. I have been in contact with some other user/customer on a similar topic and it could be that the REST nodes don't inherit the java environment due to the library being used (jersey). Only rumors so far - I have not verified this.

Can you design a workflow that downloads/reads a file with a node other than the KREST nodes? So for instance a "File Reader" pointing to
http://samplecsvs.s3.amazonaws.com/Sacramentorealestatetransactions.csv

Thanks,
Bernd

No, unfortunately, is still does not work. On the desktop client with proxy set it retrieves the file from amazon without problem, but on the server it again ouputs that there is "no route to host".

What is interesting is that if I remove proxy settings from desktop client it says "connection timeout", but on the server it says "no route to host". I will have to speak to our sysadmins on this - it just might be, that our company firewall blocks the connection, but proxy authentication works.

Thanks anyway for your help. Much obliged.

Primož

Hello,

Did anybody find a solution for this? I also need to go through a corporate proxy with authentication. From the KNIME Analytics Platfor it is no problem since proxy settings can easily be set in preferences, but I just don’t know how to do this in the server.

Ok, after some experimentation, this worked for me:

  1. Add the following lines to the knime.ini file:

-Dhttps.proxyHost=
-Dhttps.proxyPort=
-Dhttps.proxyUser=
-Dhttps.proxyPassword=

  1. Remove all existent runtime-knime-rmi* directories located at …workflow_repository/runtime/runtime_knime-rmi

  2. Restart the Tomcat and make sure that the new runtimes created have taken the proxy settings you set in the knime.ini.

My only concern about this way of solving the problem is that there is a password in plain-text in this file, which feels like a vulnerability.

1 Like

Hi @marioaae,

This is indeed the correct way to setup a proxy with authentication on KNIME Server. The standard way to set preferences on the server would be via the preferences.epf, located in the workflow repository. However, it is not possible to store a password in this preference file, so the knime.ini should be the preferred option here.

Cheers,
Roland

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.