Close
logodocs

Proxy Configuration

When connecting to a Website through strongDM, traffic is proxied from your system through the strongDM client to your Gateway(s) to reach the final site.

For your system to understand what network traffic needs to be proxied, you will need to configure a proxy to forward *.sdm.network through the strongDM client. We recommend using our Proxy Auto-Config (PAC) file for web browsers. Instructions are also included for using curl.

PAC configuration - Windows

  1. Open the Settings app from the Windows menu.

  2. Click Network & Internet.

  3. Open the Proxy tab.

  4. Turn on Use setup script.

  5. Add https://app.strongdm.com/proxy.pac to Script Address.

  6. Click Save.

    HTTP Windows
    HTTP Windows

PAC configuration - macOS

  1. Open your System Preferences and select the Network icon.

  2. Choose your current connection method (i.e., wireless or ethernet) and click the Advanced button.

    HTTP Advanced
    HTTP Advanced
  3. Click on the Proxies tab.

  4. Check the box to enable Automatic Proxy Configuration.

  5. Add https://app.strongdm.com/proxy.pac to the URL.

    HTTP PAC
    HTTP PAC
  6. Click OK.

  7. Click Apply.

Use curl with the strongDM client

If you prefer to set the proxy manually rather than use our PAC file, you have the option to use a curl request to forward *.sdm.network through strongDM.

To use curl through the strongDM client, all requests are made through localhost on port 65230 and require *.sdm.network in the header. Note that you can use either the -x or --proxy option to supply curl with a proxy, as they do the same thing.

  1. Determine your organization name.

    1. Once a resource is configured in the Websites section of the strongDM Admin UI, run sdm status in the CLI.

    2. Under WEBSITE in the URL column, the organization name will be shown in each URL immediately before .sdm.network.

      Example:

      WEBSITE URL TAGS
      Example1 https://example.organization-name.sdm.network temporary access until 11:27AM
      Example2 https://dev-example.organization-name.sdm.network
  2. Use the following curl command to specify strongDM as the HTTP proxy, being sure to replace {DOMAIN}, {YOUR-ORGANIZATION-NAME}, and {PATH} with the actual values:

    curl -k -x localhost:65230 {DOMAIN}.{YOUR-ORGANIZATION-NAME}.sdm.network/{PATH}

    Example:

    curl -k -x localhost:65230 dev-services.exampleorg.sdm.network/instaref-merchants/5

    Example:

    curl -k --proxy localhost:65230 dev-services.exampleorg.sdm.network/instaref-merchants/5

Add to an existing proxy

If your system already has a proxy configured, you can append the following rules to your existing configuration.

function FindProxyForURL(url, host) {
if (shExpMatch(host, "proxyerror.sdm.network")) {
return "DIRECT";
}
if (shExpMatch(host, "*.sdm.network")) {
return "PROXY localhost:65230";
}
return "DIRECT";
}

FAQ

Q: What is the proxy.pac file that the URL is pointing to?
A: A PAC file is a piece of JavaScript that tells the HTTP client which proxy server to connect to for specifically defined URLs.

Q: What does the strongDM PAC file do?
A: It tells the HTTP client when it receives a connection attempt for sdm.network and tells it to talk to a port on the localhost. All other connection attempts go directly to the site.

Q: Is there an alternative to pointing to the strongDM hosted PAC file?
A: Yes, you could also download the PAC file and distribute it to your Users. It does not have to be dynamically loaded from our server.

Q: Are there any potential security concerns with this approach?
A: strongDM controls full access to this proxy configuration, so the risk of falsely redirected traffic is very low. However, if you have concerns, you can choose to distribute the PAC file yourself, as mentioned above.

If you have trouble connecting to your website, please contact support@strongdm.com with details.

Previous
Connecting to Kubernetes
Next — User Guide
Basic Troubleshooting