From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <s.ivanov@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 4FF417DE81
for <pve-devel@lists.proxmox.com>; Tue, 9 Nov 2021 17:36:45 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 06A0910A31
for <pve-devel@lists.proxmox.com>; Tue, 9 Nov 2021 17:36:45 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id 78FAB10A11
for <pve-devel@lists.proxmox.com>; Tue, 9 Nov 2021 17:36:43 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E027945CDB
for <pve-devel@lists.proxmox.com>; Tue, 9 Nov 2021 17:36:42 +0100 (CET)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 9 Nov 2021 17:36:31 +0100
Message-Id: <20211109163633.1721670-5-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211109163633.1721670-1-s.ivanov@proxmox.com>
References: <20211109163633.1721670-1-s.ivanov@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.351 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [acme.pm, acmeaccount.pm]
Subject: [pve-devel] [PATCH manager 1/3] api: acme: set http_proxy if
configured in datacenter.cfg
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 16:36:45 -0000
partially fixes #3536
If a http_proxy is set in the datacenter config, use it for
communicating with the (usually public) Acme provider.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
PVE/API2/ACME.pm | 13 +++++++++++++
PVE/API2/ACMEAccount.pm | 17 +++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
index 393e6b01..6e6f44f6 100644
--- a/PVE/API2/ACME.pm
+++ b/PVE/API2/ACME.pm
@@ -6,6 +6,7 @@ use warnings;
use PVE::ACME;
use PVE::CertHelpers;
use PVE::Certificate;
+use PVE::Cluster;
use PVE::Exception qw(raise raise_param_exc);
use PVE::JSONSchema qw(get_standard_option);
use PVE::NodeConfig;
@@ -207,6 +208,10 @@ __PACKAGE__->register_method ({
if ! -e $account_file;
my $acme = PVE::ACME->new($account_file);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
print "Loading ACME account details\n";
$acme->load();
@@ -284,6 +289,10 @@ __PACKAGE__->register_method ({
if ! -e $account_file;
my $acme = PVE::ACME->new($account_file);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
print "Loading ACME account details\n";
$acme->load();
@@ -352,6 +361,10 @@ __PACKAGE__->register_method ({
if ! -e $account_file;
my $acme = PVE::ACME->new($account_file);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
print "Loading ACME account details\n";
$acme->load();
diff --git a/PVE/API2/ACMEAccount.pm b/PVE/API2/ACMEAccount.pm
index b790843a..218b84fe 100644
--- a/PVE/API2/ACMEAccount.pm
+++ b/PVE/API2/ACMEAccount.pm
@@ -5,6 +5,7 @@ use warnings;
use PVE::ACME;
use PVE::CertHelpers;
+use PVE::Cluster;
use PVE::Exception qw(raise_param_exc);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;
@@ -142,6 +143,10 @@ __PACKAGE__->register_method ({
if -e $account_file;
my $acme = PVE::ACME->new($account_file, $directory);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
print "Generating ACME account key..\n";
$acme->init(4096);
print "Registering ACME account..\n";
@@ -177,6 +182,10 @@ my $update_account = sub {
if ! -e $account_file;
my $acme = PVE::ACME->new($account_file);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
$acme->load();
$acme->update_account(%info);
if ($info{status} && $info{status} eq 'deactivated') {
@@ -276,6 +285,10 @@ __PACKAGE__->register_method ({
if ! -e $account_file;
my $acme = PVE::ACME->new($account_file);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
$acme->load();
my $res = {};
@@ -334,6 +347,10 @@ __PACKAGE__->register_method ({
my $directory = extract_param($param, 'directory') // $acme_default_directory_url;
my $acme = PVE::ACME->new(undef, $directory);
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ if (my $http_proxy = $dccfg->{http_proxy}) {
+ $acme->set_proxy($http_proxy);
+ }
my $meta = $acme->get_meta();
return $meta ? $meta->{termsOfService} : undef;
--
2.30.2