Problems to connect a BuildAgent running on azure with a tc server behind reverse proxy

Hello,
i have the following setup:

TeamCity Server hosted inside a DMZ (Windows Server), there is a reverse proxy between the public internet and the DMZ. Teamcity is available @https://teamcity.example.net. Internally its hosted on srv-tc.internal:1337. There are build agents inside the DMZ, they are connected and everything is fine. The access to the TC web ui works fine.

We want to add another build agent (ubuntu) which is hosted in azure (build-agent.azure-url.com). A wget on srv-tc.interal works:

wget -e http_proxy=proxy01.internal:8080 build-agent.azure-url.com
--2014-09-04 14:43:33--  http://build-agent.azure-url.com/
Connecting to proxy01.internal:8080... connected.
Proxy request sent, awaiting response... 400 Bad Request

the connection should work!

somehow i'm not able to configure the TeamCity server to use the proxy server. I followed http://www.diaryofaninja.com/blog/2013/06/17/teamcity-and-git-behind-a-corporate-ntlm-proxy-server to configure java to use these proxy settings. I still get the following error in xml-rpc.log:

[2014-09-04 14:46:35,435]   WARN -   jetbrains.buildServer.XMLRPC - Exception while calling XML-RPC handler: jetbrains.buildServer.serverSide.impl.XmlRpcBasedServer.registerAgent3([<?xml version="1.0" encoding="UTF-8"?>
<agentDetails agentName="gpx-ubuntu" agentAddress="build-agent.azure-url.com" agentPort="80" authToken="" pingCode="KaqK1xswBSyNZOJGIhZzBHbMxcAYMVOQ" osName="Linux, version 3.13.0-32-generic">
....
</agentDetails>

]), error: jetbrains.buildServer.CannotPingAgentException: Unable to ping agent gpx-ubuntu. Check firewall and/or try to specify 'ownAddress' in the agent configuration. Details: Agent 'gpx-ubuntu' cannot be accessed by any of the addresses: [build-agent.azure-url.com], (port 80) (enable debug to see whole stacktrace)

ownAddress is configured to be build-agent.azure-url.com (which should be ok).


Thank you for helping me out!
Tobi
3 comments
Comment actions Permalink

Hi,

It is not possible to set up such configuration it TeamCity now. Server could not connect to agent through proxy. Please watch/vote for related feature request - https://youtrack.jetbrains.com/issue/TW-12443.
On the same time we do not recommend to configure agent to connect to server using proxy. The connection from agent to server is not secure, because HTTP protocol is used (please see this section). And usually it is not necessary to access agent from the internet. We would recommend to configure VPN tunnel between agent and server. (answer copied from email)

0
Comment actions Permalink

Hi Alina,
thank you very much for your good support!

I'm just wondering from a techinical point of view why this communication is not possible. Basically both server can reach each other (the proxy is transparent), so i don't get why it's not possible.

I still think that there should be a way to make the communication secure without the hassle of vpn. A good example is Octopusdeploy: http://docs.octopusdeploy.com/pages/viewpage.action?pageId=360622.

Regards,
Tobi

0
Comment actions Permalink

Hi Tobias,

It is not possible because when server try to connect to agent it uses java module (not the same which is used when TeamCity try to download files from the Internet) in which the following properties -Dproxyset, -Dhttp.proxyHost, -Dhttp.proxyPort and so on are not passed. It is just how it is implemented in TeamCity now.

0

Please sign in to leave a comment.