Appendix - Set up the Universal Orchestrator to Use a Forwarding Proxy

Typically with services that use a forwarding proxy, there is a specific proxy configuration done within the application, but the Universal OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. doesn't have such a configuration. Instead, it makes use of an environment variable to retrieve this information on either Windows or Linux.

On Windows, configure a system environment variable of either HTTP_PROXY or HTTPS_PROXY (this is not case sensitive on Windows) pointing to your proxy's URL, including port, then restart the Universal Orchestrator service if the orchestrator is already installed.

Figure 637: System Environment Variable to Define a Proxy URL for Use by the Universal Orchestrator on Windows

On Linux, there are multiple approaches to setting an environment variable. One method for setting a system-wide environment variable that will be retained after reboot is to add an environment variable statement to the /etc/environment file using a command similar to the following (as root):

echo https_proxy=https://myproxy.keyexample.com:3128/" >> /etc/environment

After setting the environment variable, restart the Universal Orchestrator service if the orchestrator has already been installed.

Note:  If you've configured an HTTPS_PROXY environment variable because you're using a secure channel to communicate with Keyfactor Command (SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers.), you will most likely also need an HTTP_PROXY environment variable for the orchestrator to do revocation status (CRLClosed A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.) checking unless you disable revocation status checking.
Tip:  If you encounter issues with the orchestrator reading the proxy settings from the environment variable(s) on Linux, you can try setting this information directly in the service startup file for the orchestrator. This is not the recommended configuration and should only be done if the recommended solution (above) is not working as expected. To set the value(s) for the proxy environment variables directly in the service startup file for the orchestrator, use a text editor to edit the following file:
/etc/systemd/system/keyfactor-orchestrator-default.service

In the [Service] section, add an entry similar to the following for each proxy you wish to set:

Environment=https_proxy=https://myproxy.keyexample.com:3128

For example:

Copy
[Unit]
Description=Keyfactor Orchestrator (default)

[Service]
ExecStart=/usr/bin/dotnet ./Orchestrator.dll
Environment=https_proxy=https://myproxy.keyexample.com:3128
Environment=http_proxy=http://myproxy.keyexample.com:8080
WorkingDirectory=/opt/keyfactor/orchestrator
User=keyfactor-orchestrator
Group=keyfactor-orchestrator
Restart=on-failure
SyslogIdentifier=keyfactor-orchestrator
PrivateTmp=true

[Install]
WantedBy=multi-user.target