Configuring a SOCKS Proxy for Amazon EC2

For security purposes, Cloudera recommends that you connect to your cluster using a SOCKS proxy. A SOCKS proxy allows a client (your computer, for example) to connect directly and securely to a server (the Director instance).

To set up a SOCKS proxy for your Google Chrome web browser, follow the steps below.

Step 1: Create a Proxy Autoconfig File

The proxy autoconfig (PAC) file contains the rules required for Cloudera Director. To create a PAC file, perform the following tasks:

  1. Open a text editor and enter the following text:
    function regExpMatch(url, pattern) {    
      try { return new RegExp(pattern).test(url); } catch(ex) { return false; }    
    }
      
    function FindProxyForURL(url, host) {
        // Important: replace 172.31 below with the proper prefix for your VPC subnet
        if (shExpMatch(url, "*172.31.*")) return "SOCKS5 localhost:8157";
        if (shExpMatch(url, "*ec2*.amazonaws.com*")) return 'SOCKS5 localhost:8157';
        if (shExpMatch(url, "*.compute.internal*") || shExpMatch(url, "*://compute.internal*")) return 'SOCKS5 localhost:8157';
        if (shExpMatch(url, "*ec2.internal*")) return 'SOCKS5 localhost:8157';
        return 'DIRECT';
    }
  2. Save the file.

Step 2: Set Up SwitchySharp

  1. Open Google Chrome and go to Chrome Extensions.
  2. Search for Proxy SwitchySharp and add to it Chrome.
  3. In the SwitchySharp Options screen, click the Proxy Profiles tab and do the following:
    1. In the Profile Name field, enter AWS-Cloudera.
    2. Click Automatic Configuration.
    3. Click Import PAC File and import your PAC file.
    4. Click Save.
  4. Click the General tab and do the following:
    1. Click Quick Switch.
    2. Drag [Direct Connection] and AWS-Cloudera to the Cycled Profiles area.
    3. Set Startup Profile to [Direct Connection].
    4. Click Save.

Step 3: Set Up a SOCKS Proxy with SSH

Set up a SOCKS proxy to access the EC2 instance running Cloudera Director. For example, in RHEL, run the following command (with your instance information):

ssh -i "your-key-file.pem" -CND 8157 ec2-user@instance_running_director_server

where

  • C sets up compression.
  • N suppresses any command execution once established.
  • D 8157 sets up the SOCKS 5 proxy on the port.

You are now ready to install Cloudera Director.