From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [RFC cluster/manager/storage 0/7] datacenter config: add setting for HTTP{, S} proxies
Date: Tue, 21 Oct 2025 12:03:24 +0200 [thread overview]
Message-ID: <20251021100332.251697-1-m.sandoval@proxmox.com> (raw)
Most of the relevant information is in the first commit.
The intention is to have an extensible and future-proof setting where different
proxies can be selected based on the connection protocol and the use-case. In a
follow-up this will be exposed in the web UI, ideally leaving most of this
complexity out, i.e. only showing the option to set up a global proxy
(HTTP+HTTPS) and allow configuring overrides for each use-case but setting both
HTTP+HTTPS simultaneously to the same value. If finer granularity (different
proxies for HTTP and HTTPS) is required then the configuration file can be
edited manually.
In follow ups the the following will be done:
- Add more proxy overrides, e.g. for OpenID
- Expose it in the web UI
## Testing
On a Proxmox VE host this could be tested, for example, by configuring a proxy
(e.g. squid [1]) at 10.10.10.138 and accepting 'out' traffic to the gateway
(10.10.10.1) and the proxy and dropping all traffic to ports 80 and 443.
```
$ cat /etc/pve/firewall/cluster.fw
[OPTIONS]
enable: 1
[RULES]
OUT ACCEPT -dest 10.10.10.138 -log nolog
OUT ACCEPT -dest 10.10.10.1 -log nolog
OUT DROP -p tcp -dport 443 -log nolog
OUT DROP -p tcp -dport 80 -log nolog
```
Then the config can be set via:
pvesh set /cluster/options --proxy=http://10.10.10.139:3128,https-subscription=http://10.10.10.138:3128,http-download=none
and then, for example, one can check if the following call runs or not into a
timeout to see if the proxy is used:
pvesubscription set $KEY
[1] https://www.squid-cache.org/
pve-cluster:
Maximiliano Sandoval (3):
datacenter config: add setting for HTTP{,S} proxies
datacenter config: deprecate http_proxy
cluster: add helper to retrieve proxies
src/PVE/Cluster.pm | 58 +++++++++++++++++++++++++++++++++
src/PVE/DataCenterConfig.pm | 64 ++++++++++++++++++++++++++++++++++++-
2 files changed, 121 insertions(+), 1 deletion(-)
pve-manager:
Maximiliano Sandoval (3):
api: subscription: use new proxy dc option
api: apt: use new dc proxy option
api: nodes: use new dc proxy option
PVE/API2/APT.pm | 7 +++++--
PVE/API2/Nodes.pm | 11 ++++++++---
PVE/API2/Subscription.pm | 4 ++--
3 files changed, 15 insertions(+), 7 deletions(-)
pve-storage:
Maximiliano Sandoval (1):
api: storage: status: use new dc proxy option
src/PVE/API2/Storage/Status.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Summary over all repositories:
6 files changed, 138 insertions(+), 10 deletions(-)
--
Generated by git-murpp 0.8.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2025-10-21 10:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-21 10:03 Maximiliano Sandoval [this message]
2025-10-21 10:03 ` [pve-devel] [PATCH cluster 1/3] " Maximiliano Sandoval
2025-10-21 10:03 ` [pve-devel] [PATCH cluster 2/3] datacenter config: deprecate http_proxy Maximiliano Sandoval
2025-10-21 10:03 ` [pve-devel] [PATCH cluster 3/3] cluster: add helper to retrieve proxies Maximiliano Sandoval
2025-10-21 10:03 ` [pve-devel] [PATCH manager 1/3] api: subscription: use new proxy dc option Maximiliano Sandoval
2025-10-21 10:03 ` [pve-devel] [PATCH manager 2/3] api: apt: use new dc proxy option Maximiliano Sandoval
2025-10-21 10:03 ` [pve-devel] [PATCH manager 3/3] api: nodes: " Maximiliano Sandoval
2025-10-21 10:03 ` [pve-devel] [PATCH storage 1/1] api: storage: status: " Maximiliano Sandoval
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251021100332.251697-1-m.sandoval@proxmox.com \
--to=m.sandoval@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox