Environments with no internet access (Forward proxy)

Using a Forwarding Proxy with UXM Desktop Agent

A forwarding proxy can be used when running the UXM Desktop Agent in a restricted network where TCP/443 (HTTPS) traffic is blocked.

Setup Forward Proxy on Linux Ubuntu

Use the nginx proxy_connect module from https://github.com/chobits/ngx_http_proxy_connect_module#install

NGINX can be compiled and set up with forwarding proxy via the following command lines:

sudo -i
apt-get update
apt-get install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libxml2 libxml2-dev uuid-dev
cd /tmp/
wget http://nginx.org/download/nginx-1.24.0.tar.gz
tar -xzvf nginx-1.24.0.tar.gz
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
cd nginx-1.24.0/
patch -p1 < /tmp/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
./configure \
--user=www-data --group=www-data \
--prefix=/var/www/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--with-pcre \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--with-http_ssl_module \
--with-stream \
--with-stream_ssl_preread_module \
--with-stream_ssl_module \
--add-dynamic-module=/tmp/ngx_http_proxy_connect_module
make && make install

Edit NGINX Configuration

Edit the file /etc/nginx/nginx.conf:

load_module /var/www/nginx/modules/ngx_http_proxy_connect_module.so;
user  www-data;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 3128;
        resolver  8.8.8.8;

        proxy_connect;
        proxy_connect_allow            443;
        proxy_connect_connect_timeout  10s;
        proxy_connect_read_timeout     10s;
        proxy_connect_send_timeout     10s;

        location / {
            proxy_pass http://$host;
            proxy_set_header Host $host;
        }
    }
}

Configure NGINX Service

Edit the systemd service file:

nano /lib/systemd/system/nginx.service

Add the following:

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Restart and enable the service:

systemctl restart nginx.service
systemctl status nginx.service
systemctl enable nginx.service

Deploy UXM Desktop Agent with Proxy Configuration

Deploy the UXM Desktop Agent with proxy options:

UXM_Desktop_Agent_YYYY.MM.DD.exe /verysilent /norestart /closeapplications /agent_key=UXM_AGENT_KEY \
/collector=https://customername.uxmapp.com /log /enable_ui_plugin=true \
/enable_chrome_plugin=false /enable_firefox_plugin=false /force_activation=false \
/proxy_auto_detect=false /proxy_server=ip_of_proxy_Server /proxy_port=proxy_port

Restart the UXM Desktop Agent service and check its logs:

C:\ProgramData\Systemslab\UXM PC Agent\Logs\PCAgent.exe.log

Successful Connection Log Example

2023-05-24 11:17:30 HTTPClient: [Information] Using collector: https://dev-emea-hf.uxmapp.com, verify_ssl_certificate: 1
2023-05-24 11:17:30 HTTPClient: [Information] Using proxy settings: 10.166.15.192 port 3128, auth: , AutoConfigUrl:
...
2023-05-24 11:26:38 HTTPClient: [Information] Received ...
2023-05-24 11:18:30 HTTPClient: [Information] Sending MultiMessage queue, size: 5489, max size is 10485760

Unsuccessful Connection Log Example

2023-05-24 11:17:30 HTTPClient: [Information] Using collector: https://dev-emea-hf.uxmapp.com, verify_ssl_certificate: 1
2023-05-24 11:17:30 HTTPClient: [Information] Using proxy settings: 10.166.15.192 port 3128, auth: , AutoConfigUrl:
...
2023-05-24 11:23:25 HTTPClient: [Information] Sending MultiMessage queue, size: 10985, max size is 10485760
2023-05-24 11:23:26 HTTPClient: [Error] ConnectionRefusedException collector: https://dev-emea-hf.uxmapp.com, displayText: Connection refused
2023-05-24 11:28:37 HTTPClient: [Error] OnTimer exception collector: https://dev-emea-hf.uxmapp.com, what: HTTP Exception, message: Cannot establish proxy connection: Not Allowed

Browser Extensions

Currently, browser extensions use Windows proxy settings and will only allow traffic if the browser proxy configuration is set to use the forwarding proxy.

It’s on the roadmap that browser extensions will send data through the UXM Desktop Agent service.

Security

Traffic sent to UXM uses HTTPS encryption through the forwarding proxy.
SSL and custom HTTPS certificates need to be configured on the proxy if proxy authorization is required.

Using a Forwarding Proxy with UXM Desktop Agent

Setup Forward Proxy on Linux Ubuntu​

Edit NGINX Configuration​

Configure NGINX Service​

Deploy UXM Desktop Agent with Proxy Configuration​

Successful Connection Log Example​

Unsuccessful Connection Log Example​

Browser Extensions​

Security​