From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4FF417DE81 for ; Tue, 9 Nov 2021 17:36:45 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 06A0910A31 for ; Tue, 9 Nov 2021 17:36:45 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 78FAB10A11 for ; Tue, 9 Nov 2021 17:36:43 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E027945CDB for ; Tue, 9 Nov 2021 17:36:42 +0100 (CET) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Date: Tue, 9 Nov 2021 17:36:31 +0100 Message-Id: <20211109163633.1721670-5-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211109163633.1721670-1-s.ivanov@proxmox.com> References: <20211109163633.1721670-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.351 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [acme.pm, acmeaccount.pm] Subject: [pve-devel] [PATCH manager 1/3] api: acme: set http_proxy if configured in datacenter.cfg X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Nov 2021 16:36:45 -0000 partially fixes #3536 If a http_proxy is set in the datacenter config, use it for communicating with the (usually public) Acme provider. Signed-off-by: Stoiko Ivanov --- PVE/API2/ACME.pm | 13 +++++++++++++ PVE/API2/ACMEAccount.pm | 17 +++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm index 393e6b01..6e6f44f6 100644 --- a/PVE/API2/ACME.pm +++ b/PVE/API2/ACME.pm @@ -6,6 +6,7 @@ use warnings; use PVE::ACME; use PVE::CertHelpers; use PVE::Certificate; +use PVE::Cluster; use PVE::Exception qw(raise raise_param_exc); use PVE::JSONSchema qw(get_standard_option); use PVE::NodeConfig; @@ -207,6 +208,10 @@ __PACKAGE__->register_method ({ if ! -e $account_file; my $acme = PVE::ACME->new($account_file); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } print "Loading ACME account details\n"; $acme->load(); @@ -284,6 +289,10 @@ __PACKAGE__->register_method ({ if ! -e $account_file; my $acme = PVE::ACME->new($account_file); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } print "Loading ACME account details\n"; $acme->load(); @@ -352,6 +361,10 @@ __PACKAGE__->register_method ({ if ! -e $account_file; my $acme = PVE::ACME->new($account_file); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } print "Loading ACME account details\n"; $acme->load(); diff --git a/PVE/API2/ACMEAccount.pm b/PVE/API2/ACMEAccount.pm index b790843a..218b84fe 100644 --- a/PVE/API2/ACMEAccount.pm +++ b/PVE/API2/ACMEAccount.pm @@ -5,6 +5,7 @@ use warnings; use PVE::ACME; use PVE::CertHelpers; +use PVE::Cluster; use PVE::Exception qw(raise_param_exc); use PVE::JSONSchema qw(get_standard_option); use PVE::RPCEnvironment; @@ -142,6 +143,10 @@ __PACKAGE__->register_method ({ if -e $account_file; my $acme = PVE::ACME->new($account_file, $directory); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } print "Generating ACME account key..\n"; $acme->init(4096); print "Registering ACME account..\n"; @@ -177,6 +182,10 @@ my $update_account = sub { if ! -e $account_file; my $acme = PVE::ACME->new($account_file); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } $acme->load(); $acme->update_account(%info); if ($info{status} && $info{status} eq 'deactivated') { @@ -276,6 +285,10 @@ __PACKAGE__->register_method ({ if ! -e $account_file; my $acme = PVE::ACME->new($account_file); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } $acme->load(); my $res = {}; @@ -334,6 +347,10 @@ __PACKAGE__->register_method ({ my $directory = extract_param($param, 'directory') // $acme_default_directory_url; my $acme = PVE::ACME->new(undef, $directory); + my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); + if (my $http_proxy = $dccfg->{http_proxy}) { + $acme->set_proxy($http_proxy); + } my $meta = $acme->get_meta(); return $meta ? $meta->{termsOfService} : undef; -- 2.30.2