Skip to main content
Skip table of contents

Enterprise Proxy and SSL Inspection Support

In corporate environments, network restrictions such as proxy servers and SSL inspection may interfere with Flow Director’s ability to access internet resources. This section explains how to configure Flow Director for such environments.

Internet Access Requirements

Flow Director requires outgoing HTTPS access (port 443) to the following hosts:

  • https://backend.edgebroker.io – used for backend APIs and license activation

  • https://github.com – used by JGit to access flow repositories

Ensure these domains are reachable through your corporate firewall or proxy.

Configuring Java Proxy via Environment Variable

Flow Director uses the GraalVM Java runtime. HTTPS proxy settings for all Java-based connections (e.g., to backend.edgebroker.io) must be passed via the FD_JVM_OPTIONS environment variable.

Example (no authentication):

CODE 
export FD_JVM_OPTIONS="-Dhttps.proxyHost=proxy.mycompany.com -Dhttps.proxyPort=8080"

Example (with authentication):

CODE 
export FD_JVM_OPTIONS="-Dhttps.proxyHost=proxy.mycompany.com -Dhttps.proxyPort=8080 -Dhttps.proxyUser=myuser -Dhttps.proxyPassword=mypass"

Configuring Git Proxy for JGit

JGit is used by Flow Director to pull flows and apps from Git repositories. JGit does not respect Java system properties. Instead, configure a Git proxy using the .gitconfig file in the user’s home directory.

Example ~/.gitconfig:

CODE 
[https]
     proxy = http://proxy.mycompany.com:8080

If authentication is needed:

CODE 
[http]
     proxy = http://username:password@proxy.mycompany.com:8080

SSL Inspection and Trust Store Configuration

If your corporate proxy performs SSL inspection (e.g., re-signs certificates with a custom internal CA), HTTPS connections made by Flow Director (e.g., to https://backend.edgebroker.io or https://github.com) will fail unless the proxy’s root certificate is trusted.

Flow Director always initiates outbound HTTPS communication — regardless of whether it's running in embedded or flight mode. The only difference is which trust store is used.

Embedded Mode (with embedded SwiftMQ router)

In embedded mode, Flow Director shares the SwiftMQ router’s trust store located at:

CODE 
router/certs/client.truststore

To enable trust for HTTPS endpoints, import your corporate CA certificate into this file:

CODE 
keytool -import -trustcacerts \
  -keystore ./router/certs/client.truststore \
  -storepass secret \
  -alias corp-ca \
  -file corp-ca.crt

Flight Mode (connecting to external SwiftMQ router)

In Flight mode, Flow Director does not use the embedded router. Instead, it connects to an external SwiftMQ instance, and HTTPS connections (e.g., to backend APIs or GitHub) are handled directly by Flow Director.

In this case, Flow Director uses the GraalVM trust store, located at:

CODE 
graalvm-jdk/lib/security/cacerts

Import your corporate CA into the GraalVM trust store:

CODE 
keytool -import -trustcacerts \
  -keystore ./graalvm-jdk/lib/security/cacerts \
  -storepass secret \
  -alias corp-ca \
  -file corp-ca.crt

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close