1. Administering Oracle Blockchain Platform
  2. Manage Oracle Blockchain Platform
  3. Configure a Proxy

Configure a Proxy

If your instance runs in a private network without internet connectivity, you must configure a proxy for the blockchain services.

Complete the following tasks to set up a proxy for your blockchain instances.

Create a Service Entry

Use the following configuration to create an Istio ServiceEntry object as an external proxy in your instance namespace. You must create a TCP (not HTTP) ServiceEntry object to enable Istio-controlled traffic to the external proxy. For more information, see Configure traffic to external HTTPS proxy in the Istio documentation. 

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: obpee-ext-proxy
  namespace: <INSTANCE_NAMESPACE>
spec:
  hosts:
  - <PROXY-HOST-FQDN>
  addresses:
  - <PROXY-IP-ADDRESS>
  exportTo:
  - "."
  location: MESH_EXTERNAL
  ports:
  - number: <PROXY-PORT-NUMBER>
    name: tcp
    protocol: TCP

Configure the Proxy Environment

The Oracle Blockchain Platform Enterprise Edition distribution package includes the setProxy.sh script, which you can use to configure the proxy environment for all services of the blockchain instance. Run the following commands from the command line. When the setProxy.sh script runs, it restarts the required blockchain services in your Kubernetes cluster. 

# Configure environment variables before running the script
export mspId="<INSTANCE_NAME>"
export httpProxy="<HTTP_PROXY>"
export httpsProxy="<HTTPS_PROXY>"
export noProxy="<NO_PROXY>"
 
# Go to the distribution package dir
cd <distribution-package-dir>
 
# Run the setProxy.sh script
./setProxy.sh