Help:Proxy

This page is about using a proxy to reach Cloud VPS servers from the internet. For reaching the internet from production servers, see HTTP proxy.

Wikimedia Cloud documentation This is a documentation page for Wikimedia Cloud. If you can improve it, please do that. You can also request help on #wikimedia-cloud connect. For all documentation pages, please see the List of all documentation pages for Wikimedia Cloud. If you are seeking a help with a specific project, please contact the project owners.

There are two reasons why web pages cannot be served by a default Cloud VPS (Labs) instance:

• Instances are closed off from outside networks with a firewall. You must open holes in the firewall by editing the security groups for your project.
• Instances are assigned private IP addresses that are only visible from within Cloud VPS. This can be addressed by assigning your instance a public IP or by creating a web proxy.

This page describes how to create a simple web proxy for an instance.

Important: Make sure you have set up your security groups properly before attempting to create a web proxy.

Creating a web proxy

You must be a projectadmin of the project that contains the instance you wish to proxy. You must also have two-factor authentication enabled for your developer account. You can enable two-factor authentication on Wikitech by visiting Preferences->User Profile and clicking Enable two-factor authentication.

1. Go to https://horizon.wikimedia.org/
2. Select your project in the center of the top menu.
3. Click "DNS" in the left navigation menu.
4. Click "Web Proxies" inside the expanded "DNS" section of the left navigation menu.
5. Click the "Create Proxy" button in the upper right of the page.
6. In the "Hostname" field, enter the hostname that you wish to have as the publicly-visible name for your instance. Important: Enter just the hostname (e.g. 'webtastic'), not the fully qualified name (e.g. 'webtastic.wmflabs.org').
7. Specify the domain for your instance using the “Domain” selector. If you want a domain that is not already present in the menu, a cloud admin (most likely a staff member) will need to create it for you.
8. Select the instance that you're creating a proxy for in the “Backend Instance” selector.
9. Enter the “Backend port” that the proxy should connect to on your instance. This will probably be either the default value of 80 if you are running a normal web server or 8080 if you are using MediaWiki-Vagrant.
10. Click “Create proxy”.

If all goes well, you will see an entry for the new proxy in the proxy table.

You may need to update your security group settings as well before you can access your instance on an external browser. Some projects have setup a 'web' security group to make this easier or already added the common 80 and 8080 ports to their default security group.

1. Find "Security Groups" under the "Network" section in the left-hand navigation bar, and select the project you want to make available externally.
2. Add a new rule to open up your proxied port for outside access.
3. Set the start and end port in the rule form to the value you entered for “Backend port” when creating the proxy.
4. Select "tcp" as the protocol
5. CIDR range: 172.16.0.0/21
6. Click "Submit"

You may also have to apply this new (or existing) security group to the instance you want to make available: navigate to "Instances" (in the "Compute" section) and select "Edit Security Groups" from the "actions" menu of the appropriate instance.

Deleting a web proxy

Once your instance is no longer in use, please clean up after yourself by clicking the “Delete Proxy” button next to your unused proxy entry.