How To
Summary
With PTF SI73401, ICC can be configured to use a proxy server
Steps
Overview:
https://cloud.ibm.com/docs/vmwaresolutions?topic=vmwaresolutions-interconnectivity-vpe
About Virtual Private Endpoint Gateways:
https://cloud.ibm.com/docs/vpc?topic=vpc-about-vpe
Virtual Private Endpoints:
https://cloud.ibm.com/docs/watson?topic=watson-virtual-private-endpoints
Accessing your VPE after setting up your endpoing gateway:
https://cloud.ibm.com/docs/vpc?topic=vpc-accessing-vpe-after-setup
If you chose a VPE, none of the remainder of this document applies (do not perform the steps). If you were already using a proxy and are switching to VPE, be sure to delete the QICC/QICCS3PRXY *DTAARA.
VPEs are supported by IBM cloud, if you need help setting up a VPE, open a case with IBM cloud (not IBM i support).
- CRTDTAARA DTAARA(QICC/QICCS3PRXY) TYPE(*CHAR) LEN(256)
- CHGDTAARA DTAARA(QICC/QICCS3PRXY *ALL) VALUE('xx.xx.xx.xx')
Where xx.xx.xx.xx is the IP address of the Proxy Server
DSPDTAARA DTAARA(QICC/QICCS3PRXY)
To stop using the Proxy server, delete the data area
DLTDTAARA DTAARA(QICC/QICCS3PRXY)
- If you just applied SI73401 or a superseding PTF, be sure to sign off/on if doing interactive transfers, otherwise ICC can continue to use the old program that does not check for the proxy.
- Be sure your QICC/QICCS3PRXY *DTAARA is *CHAR with a length of 256, and contains the proxy IP address.
- Make sure your ICC resource has the cloud endpoint. Do not put the proxy IP address in the ICC resource.
- For COS, use either the private endpoint or the direct endpoint, if one doesn't work, try the other. The public endpoint will not work.
- For Amazon Cloud, resource URI is always s3.amazonaws.com. Do not add anything about your region to the beginning.
- For Google CLoud, resource URI is always storage.googleapis.com. Do not add anything about your region to the beginning.
- Limited testing has been done on this. It has only been tested that use IBM Cloud Object Storage. No testing has been done with other cloud providers.
- If you are using BRMS to do full system saves, you need to add any IFS objects needed for the proxy to the QCLDIPL *LNK List that is saved as part of QCLDBIPLxx control group so it is there for recovery.
The nginx reverse proxy server is open source, and is not supported by IBM, however the following is the server section from a nginx reverse proxy config that is known to work with Cloud Storage Solutions:
listen 80;
server_name myicos.com;
proxy_buffering off;
client_body_buffer_size 1100M;
client_max_body_size 1300M;
location /
{ autoindex on;
autoindex_exact_size off;
proxy_pass http://s3.private.us-east.cloud-object-storage.appdomain.cloud;
proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";}
}
You need to change the endpoint in the proxy_pass and possibly the server name. It is important that if you are listening on port 80, the URL in your proxy is http, not https. If you listen on port 80, but use https, your transfer will fail.
IBM support does not assist with configuring your nginx (or other) reverse proxy servers, you can likely find support on various forums online. Here is a document with information on support for IBM i open source:
https://www.ibm.com/support/pages/open-source-support-ibm-i
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
03 June 2025
UID
ibm16425649