Skip to content

Installing and configuring proxy server

Resilio Connect Proxy is supported for Windows and Linux OS, x64 both.

Deploy Proxy on a dedicated hardware

Do not install Proxy on the system running any Resilio Active Everywhere Agent or Management Console. Do not install several Proxy servers on the same system. Such setup is not supported and is not going to work.

For system requirements, see System Requirements - Proxy. Proxy is capable of handling up to 20 million files and 2 thousand agents without significant performance degradation.

A basic Resilio Active Everywhere deployment with a Proxy is illustrated below

Connect Proxy Connection K B

Prerequisites

Prior to installing a Proxy, some preparations will be required:

Forward ports in the firewalls

By using the Active Everywhere Proxy you don’t need to have any open ports for incoming connections on the corporate firewall. You need to have these outgoing ports

  Port Protocol Description
Outgoing 1080 TCP Connection from the Management Console to proxy
Outgoing 3000 TCP Connection to tracker server
Outgoing 3328 TCP/UDP Data traffic from internal agent to external agent through the proxy. Additionally, it can be a custom bind port illustrated in the examples below, in case it's necessary to forward traffic between external and internal proxy interfaces

Agents installed in WAN

  Port Protocol Description
Outgoing 3328 TCP/UDP Data and Management Console traffic to the proxy
Outgoing 3000 TCP/UDP Connection to to tracker

Agents installed in LAN

Firewall Port Protocol Description
No (internal) 8444,8445 TCP Connection to the Management Console
No (internal) 3839 TCP/UDP Data traffic between Agents inside LAN
Yes (external, outgoing) 3328 TCP/UDP Data traffic from internal agent to external agent through the proxy. Additionally, it can be a custom bind port illustrated in the examples below, in case it's necessary to forward traffic between external and internal proxy interfaces
Yes (external, outgoing) 3000 TCP/UDP Connection to tracker server

Proxy server installed in DMZ

  Port Protocol Description
Incoming 1080 TCP Connection from Management Console
Incoming 3328 TCP/UDP Connection to Proxy server. Additionally, it can be a custom bind port illustrated in the examples below, in case it's necessary to forward traffic between external and internal proxy interfaces

Tracker server installed in DMZ or in WAN

  Port Protocol Description
Incoming 3000 TCP/UDP Agents discovery

If several proxy servers are configured, they will work in load balancing mode. High availability of proxy servers is not supported.

First configured proxy in the list will be used for Agents to connect to the Management Console by default - if different Agents connect to MC through different proxies, those that connect through second, third, etc, will appear offline on MC. The workaround is to specifically indicate the proxy address in those Agents' configuration file. For information on configuring Agents to use proxy connection, see Configuring Agents To Use Proxy Connection For Service And Data Traffic.

Install Resilio Proxy

To install Resilio Active Everywhere Proxy:

  1. Install Resilio Proxy package.

    Windows
    1. Download Resilio-Connect-Agent_x64_proxy.msi.

    2. Launch the installer and complete the installation.

      Info

      The Proxy will be installed into C:\Program Files\Resilio Connect Agent Proxy directory, register a new service and listen on port 1080 awaiting connection from the Management Console. Proxy Server Net Stat

    Linux
    1. Download and unpack the Resilio Proxy tar archive.

    2. Run the binary with command:

      `./rslproxy --config /path/to/sync.conf --proxy`

      Note

      The --config parameter is optional. If the configuration file is used and contains the "proxy_server_enabled": true parameter, there's no need to add --proxy to start the command. Otherwise, --proxy parameter is compulsory for pre-3.0.0 version and can be ommited for proxy v3.0.0.

      The process will start and listen on port 1080 by default.

  2. In the Management Console, select Settings > Auxiliary Servers and click + ADD PROXY SERVER. Add Proxy Server

  3. Provide an IPv4 or IPv6 IP address, or a DNS name of the server where the Proxy is installed. Keep the default port number 1080.

    Tip

    Use a DNS hostname in case you need to change the location of the MC later.

  4. (Optional) Uncheck the Automatically add tracker with specified host and port 3000 option if you don't want to run a tracker service along the Proxy server.

    Note

    • Tracker service must be installed separately. For details, see Installing And Configuring Local Tracker Server.
    • In order to have the tracker configuration automatically added, the tracker service must be configured to work on the default port number 3000.

  5. (Optional) Uncheck the Mark tracker as default option if don't want this tracker instance to be the default one.

  6. Click Test connection.

    Proxy Configure Proxy Server Connect

    Info

    The Management Console tries to establish connection to the Proxy server. If successful, you'll be redirected to the CONFIGURE tab.

  7. On the CONFIGURE tab, provide the following:

    • Bind port - Data traffic port between Agents, that proxy listens on. Can be changed manually and be different from default 3328 if it's necessary to route traffic internally. The port can be pre-filled from the configuration file and be not editable on this screen.
    • Primary connection - Primary IP address/hostname and port number for Agent connections to this Proxy server instance.
    • Additional addresses - Additional IP address/hostname and port number combinations that can be used for connecting to this Proxy server instance.
    • Define local subnets - The networks to and from which proxy will route traffic. Can be pre-filled from configuration file. Can be in format IP/mask or IP/bits. MC IP address must fall into this subnet for proxy to route traffic between Agents and MC.

    Proxy Configure Proxy Server Configure

  8. Click Save.

Info

  • Once configured, the proxy will appear on the list. It may take a few seconds for it to be marked with a green dot though. Upon installation, when the MC is establishing connection to the proxy server, the Resilio Proxy undergoes regular authentication on the MC. If it fails, the Proxy Is Not Authenticated To Communicate With The Management Console error is reported.

Proxy List

The established connection between proxy and the Management Console will be kept open.

Advanced settings can be used to allow routing traffic across WAN.

Proxy Advanced Settings

Reinstall Resilio Proxy

To reinstall the Proxy service:

  1. Stop the Resilio proxy process.
  2. Remove proxy's storage folder.
  3. Delete proxy configuration from the Management Console. !!! warning This step is mandatory. Without deleting the existing proxy configuration, the new proxy process won't be authorized by the Management Console.
  4. Install new proxy and connect it to the Management Console.

Connect Resilio Proxy to a different Management Console

Generally, it's advisable to use DNS address of the MC when configuring Proxy connection. However, if there's need to change the address of the MC and connect the Proxy by the new address, follow the steps:

  1. Stop Resilio proxy process.
  2. Remove proxy's storage folder.
  3. Run proxy and configure connection to it on the new Management Console.

Not compulsory: prepare configuration file

The file must contain address and connection information to the Management Console. It can be downloaded from the Management Console, having some excessive parameters removed. The minimal config shall contain the following information:

{  
"management_server": {
 "host": "192.168.1.166:8444",
 "cert_authority_fingerprint": "8.....b049",
 "bootstrap_token": "IAL....IL4Q",
  "disable_cert_check": false
  }
}

Additional pre-configured settings can be, but not necessarily must be, added:

  • "listening_port": 12345 the port for data traffic between agents. Proxy will bind on this port on all local network interfaces.
  • "proxy_server_local_addrs": [ "192.168.1.0/24" ] array of subnets through which the traffic shall go indirectly through proxy, inside and outside.
  • "socks_server_port" : 1080 the port proxy will wait Management Console to connect
  • "proxy_server_enabled": true can be used for a proxy installed on a Linux