Resilio Connect Proxy is supported for Windows and Linux OS, x64 both.
Use a separate computer for Proxy
Do not install Proxy on same computer with any Resilio Connect Agent or Management Console. Do not install several proxy servers on same computer.Such setup is not supported and is not going to work.
See system requirements here.
Proxy is capable of handling up to 20 million files and 2 thousand agents without significant performance degradation.
Basic schema with a proxy involved is illustrated below
(image is clickable)
Prior to installing a Proxy, some preparations will be required:
Forward ports in the firewalls
By using the Connect Proxy you don’t need to have any open ports for incoming connections on the corporate firewall. You need to have these outgoing ports
Port |
Protocol |
Description |
|
Outgoing |
1080 |
TCP |
Connection from the Management Console to proxy |
Outgoing |
3000 |
TCP |
Connection to tracker server |
Outgoing |
3328 |
TCP/UDP |
Data traffic from internal agent to external agent through the proxy. Additionally, it can be a custom bind port illustrated in the examples below, in case it's necessary to forward traffic between external and internal proxy interfaces |
Agents installed in WAN
Port |
Protocol |
Description |
|
Outgoing |
3328 |
TCP/UDP |
Data and Management Console traffic to the proxy |
Outgoing |
3000 |
TCP/UDP |
Connection to to tracker |
Agents installed in LAN
Firewall |
Port |
Protocol |
Description |
No (internal) |
8444,8445 |
TCP |
Connection to the Management Console |
No (internal) |
3839 |
TCP/UDP |
Data traffic between Agents inside LAN |
Yes (external, outgoing) |
3328 |
TCP/UDP |
Data traffic from internal agent to external agent through the proxy. Additionally, it can be a custom bind port illustrated in the examples below, in case it's necessary to forward traffic between external and internal proxy interfaces |
Yes (external, outgoing) |
3000 |
TCP/UDP |
Connection to tracker server |
Proxy server installed in DMZ
|
Port |
Protocol |
Description |
Incoming |
1080 |
TCP |
Connection from Management Console |
Incoming |
3328 |
TCP/UDP |
Connection to Proxy server. Additionally, it can be a custom bind port illustrated in the examples below, in case it's necessary to forward traffic between external and internal proxy interfaces |
Tracker server installed in DMZ or in WAN
|
Port |
Protocol |
Description |
Incoming |
3000 |
TCP/UDP |
Agents discovery |
If several proxy servers are configured, they will work in load balancing mode. High availability of proxy servers is not supported.
First configured proxy in the list will be used for Agents to connect to the Management Console by default - if different Agents connect to MC through different proxies, those that connect through second, third, etc, will appear offline on MC. The workaround is to specifically indicate the proxy address in those Agents' configuration file. See this guide to configure Agents to use proxy connection for more details.
To install Resilio Connect Proxy, follow the steps below.
Download Resilio-Connect-Agent_x64_proxy.msi. Start the msi and complete the installation. The Proxy will be installed into C:\Program Files\Resilio Connect Agent Proxy directory, register a new service and listen on port 1080 awaiting connection from the Management Console On the Management Console go to Settings -> Auxiliary Servers and click "Add proxy" button. Fill in the IP or DNS name of the server where the Proxy was installed, IPv6 is supported. It's advisable to use DNS in case you'll need to change the location of MC later. Keep the default port 1080.
Additionally it's possible to install a tracker server on the same computer as proxy. Option to add a tracker server, if checked, automatically adds tracker configuration to the Management Console.
Note, the tracker server must be installed manually!
Note, this checkbox only works if tracker uses default port 3000.
Checking tracker as 'default' can ease further utilization of tracker
Management Console will create socks5 tunnel to the Proxy. If all was set correctly, test connection will be successful and you'll be redirected to Configuration tab.
Bind port: data traffic port between agent, that proxy listens on. Can be changed manually and be different from default 3328 if it's necessary to route traffic internally. The port can be pre-filled from the configuration file and be not editable on this screen.
Proxy available at: it's pre-filled from the IP of the proxy entered on previous step with the default interface port 3328 that the proxy binds to, and the custom port that the proxy listens to locally. If necessary, fill in another interface and click "+".
Define local subnets: the networks to and from which proxy will route traffic. Click "+" to add it. Can be pre-filled from configuration file. Can be in format ip/mask or ip/bits. MC address must fall into this subnet for proxy to route traffic between Agents and MC.
Once configured, the proxy will appear in the table. It may take a few seconds for it to be marked with a green dot though
See here to learn how to use it further for the data traffic.
./rslproxy --config /path/to/sync.conf --proxy
Argument --config is optional. If configuration file is used and contains parameter
"proxy_server_enabled": true
, no need to add --proxy
to start command. Otherwise, --proxy
parameter is compulsory for pre-3.0.0 version and can be ommited for proxy v3.0.0.The process will start and listen on port 1080 by default.
On the Management Console go to Settings -> Auxiliary Servers and click "Add proxy" button. Fill in the IP or DNS name of the server where the Proxy was installed, IPv6 is supported. t's advisable to use DNS in case you'll need to change the location of MC later. Keep the default port 1080.
Additionally it's possible to install a tracker server on the same computer as proxy. Option to add a tracker server, if checked, automatically adds tracker configuration to the Management Console.
Note, the tracker server must be installed manually!
Note, this checkbox only works if tracker uses default port 3000.
Checking tracker as 'default' can ease further utilization of tracker
Management Console will create socks5 tunnel to the Proxy. If all was set correctly, test connection will be successful and you'll be redirected to Configuration tab.
Bind port: data traffic port between agent, that proxy listens on. Can be changed manually and be different from default 3328 if it's necessary to route traffic internally. The port can be pre-filled from the configuration file and be not editable on this screen.
Proxy available at: it's pre-filled from the IP of the proxy entered on previous step and from the listening port in configuration file. If necessary, fill in another interface and click "+".
Define local subnets: the networks to and from which proxy will route traffic. Click "+" to add it. Can be pre-filled from configuration file. Can be in format ip/mask or ip/bits. MC address must fall into this subnet for proxy to route traffic between Agents and MC.
Once configured, the proxy will appear in the table. It may take a few seconds for it to be marked with a green dot though.
See here to learn how to use it further for the data traffic.
The established connection between proxy and the Management Console will be kept open.
Advanced settings can be used to allow routing traffic across WAN.
Re-install Resilio Connect Proxy
Reinstalling proxy server requires some additional steps:
1. Stop Resilio proxy process.
2. Remove proxy's storage folder
3. Compulsory step: Delete proxy configuration from the Management Console. If this is not done, new proxy process won't be authorised by the Management Console
4. Install new proxy and connect it to the Management Console.
Connect Resilio Proxy to a different Management Console
Generally, it's advisable to use DNS address of the MC when configuring Proxy connection. However, if there's need to change the address of the MC and connect the Proxy by the new address, follow the steps:
1. Stop Resilio proxy process.
2. Remove proxy's storage folder
3. Run proxy and configure connection to it on the new Management Console.
Not compulsory: prepare configuration file
The file must contain address and connection information to the Management Console. It can be downloaded from the Management Console, having some excessive parameters removed. The minimal config shall contain the following information:
{
"management_server": { "host": "192.168.1.166:8444", "cert_authority_fingerprint": "8.....b049", "bootstrap_token": "IAL....IL4Q", "disable_cert_check": false } }
Additional pre-configured settings can be, but not necessarily must be, added:
"listening_port": 12345
the port for data traffic between agents. Proxy will bind on this port on all local network interfaces"proxy_server_local_addrs": [ "192.168.1.0/24" ]
array of subnets through which the traffic shall go indirectly through proxy, inside and outside
"socks_server_port" : 1080
the port proxy will wait Management Console to connect
"proxy_server_enabled": true
can be used for a proxy installed on a Linux