How to activate proxy server support for MKG
To use an outgoing proxy server within MKG, it is important to understand the role of a proxy server in the network architecture. An outgoing proxy server acts as an intermediary layer between the MKG environment and external services or systems. Traffic going out from MKG, such as API requests or document storage, is first routed through this proxy. This offers advantages in terms of security, control, and management.
Applications of an outgoing proxy server:
- Security and filtering. Outgoing traffic can be monitored and filtered, preventing unwanted or risky communication.
- Logging and monitoring. All outgoing requests can be recorded for analysis and auditing.
- Authentication and access management. Traffic can be restricted to authorized users or applications.
- Network management. Traffic can be routed or prioritized based on policy rules.
Requirements
1. A proxy server must be available to handle outgoing traffic to external systems or services.
2. The proxy server must be able to process HTTPS traffic on the following ports:
| TCP port | Application |
| 443 | Standard for secure web traffic |
| 7443 | Commonly used for secure API requests |
| 8443 | Alternative for secure communication |
3. The proxy server must be accessible from the server where MKG/Progress® is installed as well as on the workstations where MKG is used. Preferably, accessibility should be via a FQDN (Fully Qualified Domain Name). If this is not possible, a fixed IP address can be used.
4. The proxy server should preferably be equipped with a valid SSL certificate issued by a trusted certification authority. Although not mandatory, it contributes to the reliability and security of communication.
5. The configuration of the proxy server must be stable and consistent. Changes in configuration or accessibility can have a direct impact on the operation of linked functionalities within MKG.
Initial MKG installation
The initial installation of MKG is usually carried out by MKG Nederland B.V. itself. If it is already known during this installation that outgoing traffic must pass through a proxy server, this is immediately included in the setup. This prevents later drastic changes in the network structure or application configuration. During the installation, it is checked whether:
- the proxy server is accessible from the MKG server and workstations;
- the required ports are available for outgoing traffic;
- any authentication details and certificates are available.
Proxy configuration
During the installation of MKG, the necessary configuration for proxy support can be specified in the installation wizard under the 'Proxy settings' section. If these settings are filled in, the installation itself will also use the proxy server for outgoing connections.
The proxy configuration is thus automatically applied to both the MKG server and the workstations where MKG is used.
|
Please note! |
Existing MKG installation
If MKG is already operational and it is decided afterwards to use a proxy server, this change should be implemented carefully and preferably in consultation with MKG Nederland B.V. This is to prevent disruption of existing connections and functionalities. When changing an existing situation:
- the accessibility of the proxy server is checked;
- the network configuration is adjusted so that outgoing traffic passes through the proxy;
- the proxy settings are configured within MKG;
- the operation of linked functionalities is tested.
Step 1: Add parameters
Go to the file d:\apps\mkg\appserversetting.pf (NB: file paths may vary) and open it with a text editor of your choice. Add the following parameters:
- -proxyhost proxy.mkg.eu
- -proxyport 3128
- -proxyuser optional
- -proxypassword optional
If authentication is not required, the parameters '-proxyuser' and '-proxypassword' should be omitted entirely.
Also make this change for the file appserversettingsoefen.pf.
Step 2: Restart the server
Perform a restart of the 'MKG Application Server' service to implement the new configuration.
|
Please note! |
Additional configuration when using SSL
MKG is built on a Progress architecture, where the underlying layer is responsible for processing system communication, including network traffic and certificate validation. When using a proxy server with an SSL certificate, it is therefore necessary that the root certificate of the issuing party is correctly registered within this Progress layer, so that outgoing HTTPS traffic can be handled reliably and securely.
Step 1: Obtain the root certificate
Obtain the root certificate from the certification authority in PEM format. Check that the file starts with '-----BEGIN CERTIFICATE-----' and ends with '-----END CERTIFICATE----- '.
Step 2: Place the root certificate
Place the root certificate file in the folder d:\mkg_tmp\ (NB. File paths may vary) and rename it to 'root.cer'.
Step 3: Open a proenv session
Open a proenv session (%dlc%\bin\proenv.bat) and enter the following commands:
- prompt
- cd d:\mkg_tmp
- certutil -import root.cer
The root certificate has been imported into the trusted store of the Progress installation at the server level with the above step. Note the displayed alias name (in this example: 607986c7) for the next step.
Step 4: Add the certificate to workstations
On the workstations where the MKG desktop client is used, the certificate must also be added to the trusted store. Go to d:\apps\dlcXXX\certs and copy the file created with the above step (in this example: 607986c7) and place it in the folder d:\apps\mkg\client\dlc\certs\.
Step 5: Re-run the client setup
Re-run the MKG client setup at the workstation level to implement the new configuration.
- Published:21 okt 2025 13:01
- TypeHandleidingen
- Category
- Product
- AvailabilityOpenbaar