Configuring a SOCKS Proxy for Microsoft Azure

For security purposes, Cloudera recommends that you connect to your cluster using a SOCKS proxy. A SOCKS proxy changes your browser to do lookups directly from your Microsoft Azure network and allows you to connect to services using private IP addresses and internal FQDNs.

This approach will do the following:
  • Set up a single SSH tunnel to one of the hosts on the network (the Cloudera Director host in this example), and create a SOCKS proxy on that host.
  • Change the browser configuration to do all lookups via that SOCKS proxy host.

Network Prerequisites

The following are prerequisites for connecting to your cluster using a SOCKS proxy:
  • The host that you proxy to must be reachable from the public internet (or the network that you’re connecting from).
  • The host that you proxy to must be able to reach the Cloudera Director server via private IP (proxying directly to the Cloudera Director server works as well).

Start the SOCKS Proxy

To start a SOCKS5 proxy over SSH run the following command: 
ssh -i your-key-file.pem -CND 1080 
the_username_you_specified@instance_running_director_server
The parameters are as follows:
  • -i your-key-file.pem specifies the path to the private key needed to ssh to the Cloudera Director server
  • C sets up compression
  • N suppresses any command execution once established
  • D sets up the SOCKS proxy on a port
  • 1080 is the port to set the SOCKS proxy locally

Configure Your Browser to Use the Proxy

Next, configure your browser settings to use the socks proxy.

On Google Chrome

By default, Google Chrome uses system-wide proxy settings on a per-profile basis. To get around that we will launch Chrome via the command line and specify the following:
  • The SOCKS proxy port to use (this must be the same value used above)
  • The profile to use (this example will create a new profile)

This will create a new profile and launch a new instance of Chrome that won’t interfere with your current running instance of Chrome.

Linux 
/usr/bin/google-chrome \
--user-data-dir="$HOME/chrome-with-proxy" \
--proxy-server="socks5://localhost:1080"
Mac OS X 
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/chrome-with-proxy" \
--proxy-server="socks5://localhost:1080"
Microsoft Windows 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
--user-data-dir="%USERPROFILE%\chrome-with-proxy" ^
--proxy-server="socks5://localhost:1080"

Now in this Chrome session you can connect to any Cloudera Director accessible host using the private IP address or internal FQDN. For example, if you proxy to the Cloudera Director server, you can connect to Cloudera Director as if it were local by putting localhost:7189 in Chrome’s URL bar.