Smart Proxy to Smart Proxy to Katello Supported?

I need to know if Katello supports an architecture allowing me to connect one Smart Proxy with another Smart Proxy.

Version: Katello 3.5 / Foreman 1.16 (Installed via Katello)

I have an existing Katello infrastructure within my corporation. My main Katello server resides in my internal network while I have smart proxies for each geographical location and DMZ (so US and US DMZ, UK and UK DMZ, etc.)

We are actively involved in setting up a client in China in AWS…we have no existing VPN between this AWS setup and my corporation…our connections to AWS China at this point are public internet connections.

I’d LIKE to get a smart proxy installed in AWS China and connect it back to my Katello Master, but my master is NOT in our DMZ, meaning no direct connection across the public internet.

I DO have a smart proxy in the DMZ which COULD be given external access (point to point connectivity from a katello proxy to a katello proxy would not be a huge security risk I assume) and thus allow a smart proxy in AWS China to talk with the Smart Proxy in the corporate DMZ which would then talk with the Katello Master server on the internal network, but I don’t know if this kind of configuration is supported or even possible.

Anyone with info?

As far as I know this isn’t supported. I guess you could use regular http(s) proxies in between. Apache or nginx could be a reverse proxy in your DMZ which Foreman talks to. Some Foreman Proxy functionality relies on communicating back to Foreman (Puppet ENC/reports come to mind, qpid for pulp) for which you need another solution.