Configuring a SOCKS Proxy for Amazon EC2
For security purposes, Cloudera recommends that you connect to your cluster using a SOCKS proxy. A SOCKS proxy allows a client (your computer, for example) to connect directly and securely to a server (the Director instance).
To set up a SOCKS proxy for your Google Chrome web browser, follow the steps below.
Step 1: Create a Proxy Autoconfig File
The proxy autoconfig (PAC) file contains the rules required for Cloudera Director. To create a PAC file, perform the following tasks:
- Open a text editor and enter the following text:
function regExpMatch(url, pattern) { try { return new RegExp(pattern).test(url); } catch(ex) { return false; } } function FindProxyForURL(url, host) { // Important: replace 172.31 below with the proper prefix for your VPC subnet if (shExpMatch(url, "*172.31.*")) return "SOCKS5 localhost:8157"; if (shExpMatch(url, "*ec2*.amazonaws.com*")) return 'SOCKS5 localhost:8157'; if (shExpMatch(url, "*.compute.internal*") || shExpMatch(url, "*://compute.internal*")) return 'SOCKS5 localhost:8157'; if (shExpMatch(url, "*ec2.internal*")) return 'SOCKS5 localhost:8157'; return 'DIRECT'; }
- Save the file.
Step 2: Set Up SwitchySharp
- Open Google Chrome and go to Chrome Extensions.
- Search for Proxy SwitchySharp and add to it Chrome.
- In the SwitchySharp Options screen, click the Proxy Profiles tab and do the following:
- In the Profile Name field, enter AWS-Cloudera.
- Click Automatic Configuration.
- Click Import PAC File and import your PAC file.
- Click Save.
- Click the General tab and do the following:
- Click Quick Switch.
- Drag [Direct Connection] and AWS-Cloudera to the Cycled Profiles area.
- Set Startup Profile to [Direct Connection].
- Click Save.
Step 3: Set Up a SOCKS Proxy with SSH
Set up a SOCKS proxy to access the EC2 instance running Cloudera Director. For example, in RHEL, run the following command (with your instance information):
ssh -i "your-key-file.pem" -CND 8157 ec2-user@instance_running_director_server
where
- C sets up compression.
- N suppresses any command execution once established.
- D 8157 sets up the SOCKS 5 proxy on the port.
You are now ready to install Cloudera Director.