Use the Rapid7 Collector as a proxy for tCell

You can use a Rapid7 collector as a proxy for tCell agents, even if the collector is already deployed. With a Rapid7 collector as a proxy, tCell can leverage the same Rapid7 collector used by other Rapid7 products in the organization to communicate data to Rapid7. This is especially helpful if your organization requires a single outbound connection from their environment to the Insight Platform.

The Rapid7 Collector can serve as a proxy for Insight products to:

  • Reduce the manual IP allow listing.
  • Improve flexibility in locking down the network.
  • Improve network and data security in communications with Rapid7.

tCell supports multiple proxies

tCell is proxy-agnostic and can use multiple types of proxies, not just the Rapid7 Collector.

tCell logs show proxy setup, configuration, and other related information through INFO, DEBUG, and WARN messaging. For more information about setting up the Rapid7 Collector, see the Rapid7 Collector Overview.

Requirements

The tCell Agent can only communicate through proxies that meet the following protocol requirements and authentication schemes.

Supported HTTPS Proxies

Your proxy must support the Request For Comments (RFC) 2817 standard, which specifies the HTTP CONNECT verb.

Authentication Schemes

Currently, only BASIC authentication is supported.

Setting up the Rapid7 Collector as a proxy for the tCell Agent

To set up the Rapid7 Collector as a proxy for the tCell Agent, configure the tcell_agent.config file.

  1. Browse to your tCell Agent installation folder.
  2. Open the tcell_agent.config file in a text editor.
  3. Configure the proxy_url, proxy_username, and proxy_password.
    • proxy_url: The url of the proxy that you proxy your traffic through. It should include the protocol, host and port. The proxy port for the R7 Collector is 8037.
    • proxy_username: If your proxy uses basic authentication, enter the username.
    • proxy_password: If your proxy uses basic authentication, enter the password.
      1
      "proxy_url": "http://myr7collector:8037"
      2
      "proxy_username": "jsmith"
      3
      "proxy_password": "T3stP@ssword3"

Configuration warnings and errors

HTTP and HTTPS. Although HTTP is supported, if an HTTP URL is supplied to the proxy config, tCell will log this warning advising users to switch to HTTPS.

  • Proxy URL uses unencrypted HTTP - consider using an HTTPS URL

Authentication credentials. Both proxy_username and proxy_password are optional fields when configuring a proxy, however if one is specified and not the other, the proxy basic auth will not be established and tCell will issue this warning in the logs.

  • Proxy basic auth config is missing username, skipping proxy auth config

Authentication URL. If authentication credentials are supplied but no URL, tCell will ignore the proxy and log this error.

  • Proxy URL is missing but proxy basic auth credentials are provided, skipping proxy config

Troubleshooting

Connection failures. The following errors from tCell logs may indicate that the agent cannot connect to the proxy.

  • WARN Failed to update policies: error sending request for url...

  • WARN Failed to send events: error sending request for url...

  • For proxy connection troubleshooting, try running: curl -v <proxy_url> from the host running the tCell agent. If the request hangs or the connection is refused, the agent is unable to reach the proxy, and additional network or proxy server configuration is necessary.

Invalid Proxy URL. The following error indicates that an invalid proxy_url was specified.

  • WARN Failed to create a proxy instance: builder error: relative URL without a base
  • Ensure that your proxy_url includes a supported protocol.