Configuring a SOCKS Proxy for Microsoft Azure

For security purposes, Cloudera recommends that you connect to your cluster using a SOCKS proxy. A SOCKS proxy changes your browser to perform lookups directly from your Microsoft Azure network and allows you to connect to services using private IP addresses and internal fully qualified domain names (FQDNs).

This approach does the following:
  • Sets up a single SSH tunnel to one of the hosts on the network (the Cloudera Director host in this example), and create a SOCKS proxy on that host.
  • Changes the browser configuration to do all lookups through that SOCKS proxy host.

Network Prerequisites

The following are prerequisites for connecting to your cluster using a SOCKS proxy:
  • The host that you proxy to must be reachable from the public Internet or the network that you are connecting from.
  • The host that you proxy to must be able to reach the Cloudera Director server using a private IP. You can also proxy directly to the Cloudera Director server.

Start the SOCKS Proxy

To start a SOCKS proxy over SSH, run the following command: 
ssh -i your-key-file.pem -CND 1080 
the_username_you_specified@instance_running_director_server
The parameters are as follows:
  • -i your-key-file.pem specifies the path to the private key needed to SSH to the Cloudera Director server.
  • C sets up compression.
  • N suppresses any command execution once established.
  • D sets up the SOCKS proxy on a port.
  • 1080 is the port to set the SOCKS proxy locally.

Configure Your Browser to Use the Proxy

Google Chrome

By default, Google Chrome uses system-wide proxy settings on a per-profile basis. To start Chrome without these settings, use the command line and specify the following:
  • The SOCKS proxy port ; this must be the same port you used when starting the proxy.
  • The profile ; this example creates a new profile.

This create a new profile and launches a new instance of Chrome that does not conflict with any currently running Chrome instance.

Linux 
/usr/bin/google-chrome \
--user-data-dir="$HOME/chrome-with-proxy" \
--proxy-server="socks5://localhost:1080"
Mac OS X 
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/chrome-with-proxy" \
--proxy-server="socks5://localhost:1080"
Microsoft Windows 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
--user-data-dir="%USERPROFILE%\chrome-with-proxy" ^
--proxy-server="socks5://localhost:1080"

In this Chrome session, you can connect to any Cloudera Director–accessible host using the private IP address or internal FQDN. For example, if you proxy to the Cloudera Director server, you can connect to Cloudera Director as if it were local by entering localhost:7189 in the Chrome URL bar.