* [pve-devel] [PATCH proxmox-acme/pve-cluster 0/2] Add support to use a http proxy for acme dns challenges
@ 2024-02-28 11:24 Hannes Laimer
2024-02-28 11:24 ` [pve-devel] [PATCH proxmox-acme 1/1] dns-challenge: use configured datacenter http_proxy " Hannes Laimer
2024-02-28 11:24 ` [pve-devel] [PATCH pve-cluster] docs: update http_proxy option description Hannes Laimer
0 siblings, 2 replies; 3+ messages in thread
From: Hannes Laimer @ 2024-02-28 11:24 UTC (permalink / raw)
To: pve-devel
Use the http_proxy configured in the datacenter also for dns challenges,
I don't think there is a use-case to configure different proxies for
downloads and dns challenges.
This is based on the reverted patch [1] of Stoiko a while ago.
[1] https://git.proxmox.com/?p=proxmox-acme.git;a=commitdiff;h=4ed79f7b4cd3e77ec9764f6233ce83098ace60d9;hp=e1088f616ffc73a96ee3433f0ea07639ef7513e7
- proxmox-acme
Hannes Laimer (1):
dns-challenge: use configured datacenter http_proxy for acme dns
challenges
src/PVE/ACME/DNSChallenge.pm | 4 ++++
1 file changed, 4 insertions(+)
- pve-cluster
Hannes Laimer (1):
docs: update http_proxy option description
src/PVE/DataCenterConfig.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread* [pve-devel] [PATCH proxmox-acme 1/1] dns-challenge: use configured datacenter http_proxy for acme dns challenges
2024-02-28 11:24 [pve-devel] [PATCH proxmox-acme/pve-cluster 0/2] Add support to use a http proxy for acme dns challenges Hannes Laimer
@ 2024-02-28 11:24 ` Hannes Laimer
2024-02-28 11:24 ` [pve-devel] [PATCH pve-cluster] docs: update http_proxy option description Hannes Laimer
1 sibling, 0 replies; 3+ messages in thread
From: Hannes Laimer @ 2024-02-28 11:24 UTC (permalink / raw)
To: pve-devel
the proxy is added to the plugin config so the `proxmox-acme` script
exports it and it'll be used by curl when requests are made.
Based on e1088f616ffc73a96ee3433f0ea07639ef7513e7 (reverted).
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
src/PVE/ACME/DNSChallenge.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm
index 7214d88..29b741e 100644
--- a/src/PVE/ACME/DNSChallenge.pm
+++ b/src/PVE/ACME/DNSChallenge.pm
@@ -85,6 +85,9 @@ my $proxmox_acme_command = sub {
my $dnsplugin = $data->{plugin}->{api};
my $plugin_conf_string = $data->{plugin}->{data};
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $proxy = $dccfg->{http_proxy};
+
# for security reasons, we execute the command as nobody
# we can't verify that the code of the DNSPlugins are harmless.
my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--reset-env", "--"];
@@ -99,6 +102,7 @@ my $proxmox_acme_command = sub {
}
my $input = "$txtvalue\n";
$input .= "$plugin_conf_string\n" if $plugin_conf_string;
+ $input .= "https_proxy=$proxy\nhttp_proxy=$proxy\n" if $proxy;
PVE::Tools::run_command($cmd, input => $input);
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread* [pve-devel] [PATCH pve-cluster] docs: update http_proxy option description
2024-02-28 11:24 [pve-devel] [PATCH proxmox-acme/pve-cluster 0/2] Add support to use a http proxy for acme dns challenges Hannes Laimer
2024-02-28 11:24 ` [pve-devel] [PATCH proxmox-acme 1/1] dns-challenge: use configured datacenter http_proxy " Hannes Laimer
@ 2024-02-28 11:24 ` Hannes Laimer
1 sibling, 0 replies; 3+ messages in thread
From: Hannes Laimer @ 2024-02-28 11:24 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
src/PVE/DataCenterConfig.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/DataCenterConfig.pm b/src/PVE/DataCenterConfig.pm
index c80872c..1f1291c 100644
--- a/src/PVE/DataCenterConfig.pm
+++ b/src/PVE/DataCenterConfig.pm
@@ -343,7 +343,7 @@ my $datacenter_schema = {
http_proxy => {
optional => 1,
type => 'string',
- description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
+ description => "Specify external http proxy which is used for downloads and ACME DNS-Challenges (example: 'http://username:password\@host:port/')",
pattern => "http://.*",
},
# FIXME: remove with 8.0 (add check to pve7to8!), merged into "migration" since 4.3
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-28 11:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-28 11:24 [pve-devel] [PATCH proxmox-acme/pve-cluster 0/2] Add support to use a http proxy for acme dns challenges Hannes Laimer
2024-02-28 11:24 ` [pve-devel] [PATCH proxmox-acme 1/1] dns-challenge: use configured datacenter http_proxy " Hannes Laimer
2024-02-28 11:24 ` [pve-devel] [PATCH pve-cluster] docs: update http_proxy option description Hannes Laimer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.