HTTP proxy configuration
If your application cannot call OpenAPI due to network restrictions, such as deployment in a private network or isolation by a firewall, use a proxy server to access the public network. The Alibaba Cloud SDK fully supports proxy configurations for both HTTP and HTTPS. By setting the proxy's address, port, and authentication parameters, you can route OpenAPI requests through a proxy. This topic uses Tengine as an example to show how to call OpenAPI through a proxy with the SDK.
Example scenario
For example, if your application is in a private network and must access the public network through a proxy server, you can simulate this environment with the following ECS instances in a VPC:
-
ECS instance A: Runs the application. It cannot access the public network directly and can only access resources within the VPC (private IP: 10.0.0.115).
-
ECS instance B: Acts as the proxy server. It can access the public network and is in the same VPC as ECS instance A (private IP: 10.0.0.112).
NoteIf instances A and B are not in the same VPC, you can enable private network connectivity by using a vpc peering connection or an enterprise edition transit router.
Set up a proxy server
In this example, Tengine is used as the proxy server and deployed on ECS instance B.
Install Tengine
-
Download and extract the package.
wget https://tengine.taobao.org/download/tengine-3.1.0.tar.gz tar zxvf tengine-3.1.0.tar.gz -
Update system packages.
Alibaba Cloud Linux/CentOS
sudo yum update -yUbuntu/Debian
sudo apt-get update sudo apt-get upgrade -y -
Install the required dependencies.
Alibaba Cloud Linux/CentOS
sudo yum install pcre pcre-devel openssl openssl-devel zlib-devel -y sudo yum groupinstall "Development Tools" -yUbuntu/Debian
sudo apt-get install libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev build-essential -y -
Build and install Tengine.
cd tengine-3.1.0 ./configure --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --add-module=./modules/ngx_http_proxy_connect_module make && make install -
Start Tengine.
Run the following command to find the Tengine executable path. For example, the path might be
/root/tengine-3.1.0/objs/nginx.find / -name nginx 2>/dev/null | grep tengineStart Tengine by running the executable:
sudo /root/tengine-3.1.0/objs/nginx -
Verify that Tengine has started successfully.
# Check if the Tengine process exists. ps aux | grep nginx
Configure HTTP and HTTPS proxy
-
Run the following command to edit the Tengine configuration file.
vim /usr/local/nginx/conf/nginx.confIn the configuration file, add the following content to the
httpmodule:WarningThe following configuration is for reference only. For production workloads, configure the proxy settings based on your specific scenario.
# HTTPS proxy server { listen 8089; access_log /var/log/host.access.log; access_log "pipe:rollback /var/log/host.access_log interval=1d baknum=7 maxsize=2G"; # dns resolver used by forward proxying # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass $scheme://$http_host$request_uri; } } # HTTP proxy server { listen 8088; location / { proxy_pass $scheme://$http_host$request_uri; } }After adding the content, save the file.
-
Reload Tengine.
# Stop Tengine /usr/local/nginx/sbin/nginx -s stop # Apply the configuration /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf # Reload Tengine /usr/local/nginx/sbin/nginx -s reload
Call an API by using the SDK proxy
Deploy your application code on ECS instance A. The following sample code is for testing only.
# pip install alibabacloud_ecs20140526
import os
from alibabacloud_ecs20140526.client import Client as EcsClient
from alibabacloud_ecs20140526.models import DescribeRegionsRequest
from alibabacloud_tea_openapi.models import Config
from alibabacloud_tea_util.models import RuntimeOptions
config = Config(
access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),
access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),
endpoint='ecs-cn-hangzhou.aliyuncs.com',
protocol='https', # The protocol must be consistent with the proxy type. Use 'https' for an HTTPS proxy and 'http' for an HTTP proxy.
)
ecs_client = EcsClient(config)
runtime_options = RuntimeOptions(
# http_proxy='http://10.0.0.112:8088', # HTTP proxy: IP address and port of the proxy server.
https_proxy='http://10.0.0.112:8089' # HTTPS proxy: IP address and port of the proxy server.
)
request = DescribeRegionsRequest(
accept_language='en-US',
)
response = ecs_client.describe_regions_with_options(request, runtime_options)
print(response.body)
The following output is returned:
{'headers': {'server': 'nginx/1.24.0 (Ubuntu)', 'date': 'Mon, 26 May 2025 10:04:19 GMT', 'content-type': 'application/json;charset=utf-8', 'transfer-encoding': 'chunked', 'connection': 'keep-alive', 'vary': 'Accept-Encoding, Accept-Encoding', 'access-control-allow-origin': '*', 'access-control-expose-headers': '*', 'x-acs-request-id': '39B6068B-E4F3-5FC4-3817-ED3D62BAEFCA', 'x-acs-trace-id': 'aa08b2d7a0f35d1f054164675f23cc98', 'statusCode': 200, 'body': {'Regions': {'Region': [{'LocalName': 'China (Qingdao)', 'RegionEndpoint': 'ecs.cn-qingdao.aliyuncs.com', 'RegionId': 'cn-qingdao'}, {'LocalName': 'China (Beijing)', 'RegionEndpoint': 'ecs.cn-beijing.aliyuncs.com', 'RegionId': 'cn-beijing'}, {'LocalName': 'China (Zhangjiakou)', 'RegionEndpoint': 'ecs.cn-zhangjiakou.aliyuncs.com', 'RegionId': 'cn-zhangjiakou'}, {'LocalName': 'China (Hohhot)', 'RegionEndpoint': 'ecs.cn-huhehaote.aliyuncs.com', 'RegionId': 'cn-huhehaote'}, {'LocalName': 'China (Ulanqab)', 'RegionEndpoint': 'ecs.cn-wulanchabu.aliyuncs.com', 'RegionId': 'cn-wulanchabu'}, {'LocalName': 'China (Hangzhou)', 'RegionEndpoint': 'ecs.aliyuncs.com', 'RegionId': 'cn-hangzhou'}, {'LocalName': 'China (Shanghai)', 'RegionEndpoint': 'ecs.cn-shanghai.aliyuncs.com', 'RegionId': 'cn-shanghai'}, {'LocalName': 'China (Nanjing - Local Region)', 'RegionEndpoint': 'ecs.cn-nanjing.aliyuncs.com', 'RegionId': 'cn-nanjing'}, {'LocalName': 'China (Shenzhen)', 'RegionEndpoint': 'ecs.cn-shenzhen.aliyuncs.com', 'RegionId': 'cn-shenzhen'}, {'LocalName': 'China (Heyuan)', 'RegionEndpoint': 'ecs.cn-heyuan.aliyuncs.com', 'RegionId': 'cn-heyuan'}, {'LocalName': 'China (Guangzhou)', 'RegionEndpoint': 'ecs.cn-guangzhou.aliyuncs.com', 'RegionId': 'cn-guangzhou'}, {'LocalName': 'China (Fuzhou – Local Region)', 'RegionEndpoint': 'ecs.cn-fuzhou.aliyuncs.com', 'RegionId': 'cn-fuzhou'}, {'LocalName': 'China (Wuhan – Local Region)', 'RegionEndpoint': 'ecs.cn-wuhan-lr.aliyuncs.com', 'RegionId': 'cn-wuhan-lr'}, {'LocalName': 'China (Chengdu)', 'RegionEndpoint': 'ecs.cn-chengdu.aliyuncs.com', 'RegionId': 'cn-chengdu'}, {'LocalName': 'China (Hong Kong)', 'RegionEndpoint': 'ecs.cn-hongkong.aliyuncs.com', 'RegionId': 'cn-hongkong'}, {'LocalName': 'Japan (Tokyo)', 'RegionEndpoint': 'ecs.ap-northeast-1.aliyuncs.com', 'RegionId': 'ap-northeast-1'}, {'LocalName': 'South Korea (Seoul)', 'RegionEndpoint': 'ecs.ap-northeast-2.aliyuncs.com', 'RegionId': 'ap-northeast-2'}, {'LocalName': 'Singapore', 'RegionEndpoint': 'ecs.ap-southeast-1.aliyuncs.com', 'RegionId': 'ap-southeast-1'}, {'LocalName': 'Malaysia (Kuala Lumpur)', 'RegionEndpoint': 'ecs.ap-southeast-3.aliyuncs.com', 'RegionId': 'ap-southeast-3'}, {'LocalName': 'Philippines (Manila)', 'RegionEndpoint': 'ecs.ap-southeast-6.aliyuncs.com', 'RegionId': 'ap-southeast-6'}, {'LocalName': 'Indonesia (Jakarta)', 'RegionEndpoint': 'ecs.ap-southeast-5.aliyuncs.com', 'RegionId': 'ap-southeast-5'}, {'LocalName': 'Thailand (Bangkok)', 'RegionEndpoint': 'ecs.ap-southeast-7.aliyuncs.com', 'RegionId': 'ap-southeast-7'}, {'LocalName': 'US (Virginia)', 'RegionEndpoint': 'ecs.us-east-1.aliyuncs.com', 'RegionId': 'us-east-1'}, {'LocalName': 'US (Silicon Valley)', 'RegionEndpoint': 'ecs.us-west-1.aliyuncs.com', 'RegionId': 'us-west-1'}, {'LocalName': 'Mexico', 'RegionEndpoint': 'ecs.na-south-1.aliyuncs.com', 'RegionId': 'na-south-1'}, {'LocalName': 'UK (London)', 'RegionEndpoint': 'ecs.eu-west-1.aliyuncs.com', 'RegionId': 'eu-west-1'}, {'LocalName': 'UAE (Dubai)', 'RegionEndpoint': 'ecs.me-east-1.aliyuncs.com', 'RegionId': 'me-east-1'}, {'LocalName': 'Germany (Frankfurt)', 'RegionEndpoint': 'ecs.eu-central-1.aliyuncs.com', 'RegionId': 'eu-central-1'}]}, 'RequestId': 'F90A5B33-FE86-55EF-B453-052AD7B0440F'}}}