Lab Tips - Setting up a Proxy Server for VCF Home Lab

In a home lab environment, your lab VMs are typically on an internal network without internet access. This is the safest and recommended setup. However, there are instances where you might need your lab VMs to connect to the internet, but only when necessary.

Let’s consider the following use case:

In this post, we will look at deploying a Linux VM and use TinyProxy to setup an HTTP proxy server for the lab environment and then demonstrate the use-case by configuring VCF9 installer to use the proxy for downloading binaries.

Step 1: Deploy a Linux VM running Ubuntu Server (Minimal)

Here is the VM configuration:

• vCPUs: 2

• Memory : 2 GB

• Hard Disk : 25 GB

• Network Adapters (2):  The VM should have two Network adapaters — one connecting to the internal lab network and the other to the External Network(with access to the internet)

• Guest OS : Ubuntu Server (Minimized) with OpenSSH Server installed

Once deployed, SSH into the VM and instal VMware tools,

sudo apt update
sudo apt install open-vm-tools -y

Restart the VM before proceeding

sudo shutdown -r now

Install the following essentials:

sudo apt install vim -y
sudo apt install nano -y
sudo apt install netplan.io -y

Step 2 : Configure Linux Network Interfaces

Once we have the VM ready, we will need to configure the network interfaces. We will be using netplan for the same.

We start by reviewing the available network interfaces, by running the following command:

ip link show 

In this case, we see that there are two interfaces ens33 and ens34 excluding the loopback. The interfaces are enumerated in the order they were added to the VM. However, to confirm which interface is connected to which network, you can run the ip addr show <device_name> to determine the network they are connected to. They should have already picked up network addresses if there are any DHCP server on that network.

ip addr show ens33
ip addr show ens34

Once we have identified the network interface connected to the internal lab network we will set the configuration for that device using netplan.

This is done by creating a yaml file "lab-proxy-netcfg.yaml" under /etc/netplan with the following configuration.

network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      addresses: [192.168.78.112/24]
    ens34:
      dhcp4: true

Update the permissions of the file to allow only the owner to read+write; Group & others should have no access.

Run following command to set the correct permissions:

sudo chmod 600 lab-proxy-netcfg.yaml

Once done, run the following command to apply the configuration.

sudo netplan apply

Run "ip address show ens33" to check if the interface has taken the configuration.

Step 3: Install and Configure TinyProxy

Once you have the Linux network interfaces configured correctly, the final step is to install and configure TinyProxy.

TinyProxy is a lightweight HTTP/HTTPS proxy daemon designed for POSIX compatible systems like Linux.

To install TinyProxy run the following command:

sudo apt update
sudo apt install tinyproxy -y

Edit the tiinyproxy configuration to set the Listening IP to the IP address of the proxy VM and allow only the lab network subnet to connect to the proxy. Leave default port number 8888 and the timeout value 600 unmodified.

Once the configuration file has been updated, restart and enable the tinyproxy service using the following commands:

sudo systemctl restart tinyproxy
sudo systemctl enable tinyproxy

You should now able to configure the appliances use to this proxy.

For the use case mentioned at the beginning of this post, the VCF9 installer permits the use of a proxy. Here is the procedure to enable a proxy in its depot settings.

1. From the VCF9 Installer home screen, click on DEPOT SETTINGS

2. On the Depot Settings page, click on EDIT DEPOT CONNECTION

3. Toggle Enable Proxy server

4. Select the protocol as HTTP and use the IP address and the port # of the new proxy that we just deployed.