From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 4C37B1FF191 for ; Tue, 21 Oct 2025 12:04:09 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6459E1A921; Tue, 21 Oct 2025 12:04:10 +0200 (CEST) From: Maximiliano Sandoval To: pve-devel@lists.proxmox.com Date: Tue, 21 Oct 2025 12:03:24 +0200 Message-ID: <20251021100332.251697-1-m.sandoval@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1761041006499 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.053 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [RFC cluster/manager/storage 0/7] datacenter config: add setting for HTTP{, S} proxies X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Most of the relevant information is in the first commit. The intention is to have an extensible and future-proof setting where different proxies can be selected based on the connection protocol and the use-case. In a follow-up this will be exposed in the web UI, ideally leaving most of this complexity out, i.e. only showing the option to set up a global proxy (HTTP+HTTPS) and allow configuring overrides for each use-case but setting both HTTP+HTTPS simultaneously to the same value. If finer granularity (different proxies for HTTP and HTTPS) is required then the configuration file can be edited manually. In follow ups the the following will be done: - Add more proxy overrides, e.g. for OpenID - Expose it in the web UI ## Testing On a Proxmox VE host this could be tested, for example, by configuring a proxy (e.g. squid [1]) at 10.10.10.138 and accepting 'out' traffic to the gateway (10.10.10.1) and the proxy and dropping all traffic to ports 80 and 443. ``` $ cat /etc/pve/firewall/cluster.fw [OPTIONS] enable: 1 [RULES] OUT ACCEPT -dest 10.10.10.138 -log nolog OUT ACCEPT -dest 10.10.10.1 -log nolog OUT DROP -p tcp -dport 443 -log nolog OUT DROP -p tcp -dport 80 -log nolog ``` Then the config can be set via: pvesh set /cluster/options --proxy=http://10.10.10.139:3128,https-subscription=http://10.10.10.138:3128,http-download=none and then, for example, one can check if the following call runs or not into a timeout to see if the proxy is used: pvesubscription set $KEY [1] https://www.squid-cache.org/ pve-cluster: Maximiliano Sandoval (3): datacenter config: add setting for HTTP{,S} proxies datacenter config: deprecate http_proxy cluster: add helper to retrieve proxies src/PVE/Cluster.pm | 58 +++++++++++++++++++++++++++++++++ src/PVE/DataCenterConfig.pm | 64 ++++++++++++++++++++++++++++++++++++- 2 files changed, 121 insertions(+), 1 deletion(-) pve-manager: Maximiliano Sandoval (3): api: subscription: use new proxy dc option api: apt: use new dc proxy option api: nodes: use new dc proxy option PVE/API2/APT.pm | 7 +++++-- PVE/API2/Nodes.pm | 11 ++++++++--- PVE/API2/Subscription.pm | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) pve-storage: Maximiliano Sandoval (1): api: storage: status: use new dc proxy option src/PVE/API2/Storage/Status.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Summary over all repositories: 6 files changed, 138 insertions(+), 10 deletions(-) -- Generated by git-murpp 0.8.1 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel