How to get Bamboo agent work through a Web proxy that needs NTLM credentials?

I have a Bamboo agent that needs to connect to Bamboo server via a http proxy.

I see it timing out. Then I added the following to wrapper.conf file.

 

wrapper.java.additional.3=-Dhttps.proxyHost=proxy.ins.dell.com
wrapper.java.additional.4=-Dhttps.proxyPort=80

 

Then it is failing with the following errors.

What is the trick to get Bamboo work through a proxy?

The version of Bamboo server is 5.9.0.

 

Thanks

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++

INFO   | jvm 5    | 2015/06/03 15:49:50 | 2015-06-03 15:49:50,085 INFO [WrapperSimpleAppMain] [AgentContext] Requesting fingerprint, url: https://bamboo.kace.com/agentServer/GetFingerprint.action?hostName=8187K5TX1.aus.amer.dell.com&version=3&agentUuid=fcb45982-d658-4220-acdc-3191be5f8a57
INFO   | jvm 5    | 2015/06/03 15:49:50 | 2015-06-03 15:49:50,133 INFO [WrapperSimpleAppMain] [AuthChallengeProcessor] ntlm authentication scheme selected
INFO   | jvm 5    | 2015/06/03 15:49:50 | 2015-06-03 15:49:50,134 INFO [WrapperSimpleAppMain] [HttpMethodDirector] No credentials available for NTLM <any realm>@proxy.ins.dell.com:80
INFO   | jvm 5    | 2015/06/03 15:49:50 | Exiting due to fatal exception.
INFO   | jvm 5    | 2015/06/03 15:49:50 | com.atlassian.bamboo.agent.bootstrap.RemoteAgentHttpException: HTTP status code 407 received in response to fingerprint request.
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentContext.initFingerprint(AgentContext.java:133)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentContext.initServerSession(AgentContext.java:98)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentContext.run(AgentContext.java:89)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.run(AgentBootstrap.java:93)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.main(AgentBootstrap.java:40)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at java.lang.Thread.run(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 | 2015-06-03 15:49:50,136 FATAL [WrapperSimpleAppMain] [AgentBootstrap] Exiting due to fatal exception.
INFO   | jvm 5    | 2015/06/03 15:49:50 | com.atlassian.bamboo.agent.bootstrap.RemoteAgentHttpException: HTTP status code 407 received in response to fingerprint request.
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentContext.initFingerprint(AgentContext.java:133)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentContext.initServerSession(AgentContext.java:98)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentContext.run(AgentContext.java:89)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.run(AgentBootstrap.java:93)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.main(AgentBootstrap.java:40)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
INFO   | jvm 5    | 2015/06/03 15:49:50 |     at java.lang.Thread.run(Unknown Source)
DEBUG  | wrapper  | 2015/06/03 15:49:50 | JVM process exited with a code of 1, setting the wrapper exit code to 1.
ERROR  | wrapper  | 2015/06/03 15:49:50 | JVM exited while starting the application.

 

 

4 answers

depending on your version of java i have found that i need to set the following to get passed ntlm proxy

http.proxyHost=proxy.domain.com
http.proxyPort=80
http.proxyUser=username
http.proxyPassword=password
http.nonProxyHosts='*.myowndomain.com|localhost'
http.auth.ntlm.domain=DOMAIN
http.proxyAuth=basic,digest,ntlm

I also set the 'https' versions as well, but you might only need the http version.. 

Because of the # of extra parameter you might need, you could also use the wrapper additional file option instead of additional.3, additional.4

wrapper.java.additional_file

http://wrapper.tanukisoftware.com/doc/english/prop-java-additional-n.html#file

 

1 vote

Note that Bamboo uses JMS communication too. If you have an enforced proxy between agent and the server, it won't work even if you make the HTTP traffic work.

Right.. Forgot all about the JMS channel

Finally I found a way to get past proxy authentication. In wrapper.conf, all I had to configure were https.proxyPort=80, https.proxyHost=proxydnsaddress and java.net.useSystemProxies=true. The last property did the trick. Now I see the agent get past initial finger print handshake without any timeouts or exceptions.

Now it is failing that it can't connect to tcp://bambooserverdns:54663. Our firewall doesn't allow any port other than 80, 443 going outward. That could be the reason.

I see Bamboo agent uses ActiveMQ for broker protocol handshake. Apache ActiveMQ site describes many other transports besides tcp. I believe ActiveMQ supports payload go over https. I am wondering how to use https transport instead of tcp for the broker handshake. That will make it work without having to open any firewall ports.

 

The wrapper I have is 3.2.3. It doesn't support wrapper.java.additional_file property.

I tried proxyUser and proxyPassword (both http.* and https.*). It still doesn't work. I am still getting the 407 error.

 

Was wrapper ever tested behind a corporate proxy that requires Active directory credentials (using NTLM)?

 

I am trying to get the ports on our firewall/proxy opened for agent to work. Are there any other ports besides 80, 443 and 54663 outbound from the agent box to the server that need to be opened (i.e. No proxy/firewall intervening in middle)?

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,561 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you