From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 499D11FF2A7 for ; Mon, 1 Jul 2024 11:09:34 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 666133170C; Mon, 1 Jul 2024 11:09:49 +0200 (CEST) Date: Mon, 01 Jul 2024 11:09:43 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox Backup Server development discussion References: <20240307102619.45249-1-h.laimer@proxmox.com> In-Reply-To: <20240307102619.45249-1-h.laimer@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1719824701.hxkyqbszbr.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.051 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup] node: acme: use configured proxy for acme dns challenges X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On March 7, 2024 11:26 am, Hannes Laimer wrote: > Signed-off-by: Hannes Laimer > --- > came up in support, and I don't think there's a good reason to not also > use the proxy for ACME DNS challenges. tested with local proxy, curl > in `proxmox-acme` picked the env vars up correctly and used the proxy > > docs/package-repositories.rst | 5 +++-- > src/acme/plugin.rs | 9 +++++++++ > 2 files changed, 12 insertions(+), 2 deletions(-) > > diff --git a/docs/package-repositories.rst b/docs/package-repositories.rst > index b429b4b4..969cca3c 100644 > --- a/docs/package-repositories.rst > +++ b/docs/package-repositories.rst > @@ -212,8 +212,9 @@ Some setups have restricted access to the internet, sometimes only through a > central proxy. You can setup a HTTP proxy through the Proxmox Backup Server's > web-interface in the `Configuration -> Authentication` tab. > > -Once configured this proxy will be used for apt network requests and for > -checking a Proxmox Backup Server support subscription. > +Once configured this proxy will be used for apt network requests, for > +checking a Proxmox Backup Server support subscription and for ACME DNS challenge > +requests. what about PVE and PMG? > > Standard HTTP proxy configurations are accepted, `[http://][:port]` where > the `` part may include an authorization, for example: > diff --git a/src/acme/plugin.rs b/src/acme/plugin.rs > index 200cf9cc..db464afe 100644 > --- a/src/acme/plugin.rs > +++ b/src/acme/plugin.rs > @@ -113,6 +113,12 @@ impl DnsPlugin { > > let mut command = Command::new("/usr/bin/setpriv"); > > + let (node_config, _digest) = crate::config::node::config()?; > + let proxy: Option = node_config > + .http_proxy() > + .map(|p| p.to_proxy_string()) > + .and_then(Result::ok); > + > #[rustfmt::skip] > command.args([ > "--reuid", "nobody", > @@ -120,6 +126,9 @@ impl DnsPlugin { > "--clear-groups", > "--reset-env", > "--", > + "/bin/env", > + &proxy.as_ref().map_or("".to_string(), |p| format!("http_proxy={}", p)), > + &proxy.as_ref().map_or("".to_string(), |p| format!("https_proxy={}", p)), why not simply set "ALL_PROXY"? > "/bin/bash", > PROXMOX_ACME_SH_PATH, > action, > -- > 2.39.2 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel > > > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel