Using a proxy server with Elastic Agent and Fleet
Many enterprises secure their assets by placing a proxy server between them and the internet. The main role of the proxy server is to filter content and provide a single gateway through which all traffic traverses in and out of a data center. These proxy servers provide a various degree of functionality, security, and privacy.
Your organization’s security strategy and other considerations may require you to use a proxy server between some components in your deployment. For example, you may have a firewall rule that prevents endpoints from connecting directly to Elasticsearch. In this scenario, you can set up the Elastic Agent to connect to a proxy, then the proxy can connect to Elasticsearch through the firewall.
Support is available in Elastic Agent and Fleet for connections through HTTP Connect (HTTP 1 only) and SOCKS5 proxy servers.
Some environments require users to authenticate with the proxy. There are no explicit settings for proxy authentication in Elastic Agent or Fleet, except the ability to pass credentials in the URL or as keys/tokens in headers, as described later.
When Elastic Agent connects through a proxy server, DNS resolution of the target endpoint hostnames (such as Fleet Server, Elasticsearch, and artifact download sources) is performed by the proxy server, not by the Elastic Agent host. This applies to both HTTP Connect and SOCKS5 proxies. Ensure that your proxy server can resolve the hostnames of all endpoints that the Elastic Agent must reach.
For the Logstash output with a SOCKS5 proxy, you can override this behavior and resolve hostnames locally on the Elastic Agent host by setting proxy_use_local_resolver to true. Refer to Logstash output settings for details. This option is not available for other connection types.
Refer to When to configure proxy settings for more detail, or jump into one of the following guides: