From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>,
Oguz Bektas <o.bektas@proxmox.com>
Subject: Re: [pve-devel] [PATCH storage 1/2] download-url: reuse http_proxy from datacenter.cfg for https
Date: Thu, 25 Nov 2021 15:06:12 +0100 [thread overview]
Message-ID: <42391428-bd80-2d55-5cb6-7c8ecd97a3a8@proxmox.com> (raw)
In-Reply-To: <e7d608f8-ea87-d13e-6e06-a6d1a7e7dffa@proxmox.com>
On 25.11.21 14:34, Dominik Csapak wrote:
> LGTM and works :)
>
in general has the same issue as the ACME one from Stoiko, namely:
The original http_proxy was always for external resources (our repos/appliances,
subscription checks), but this and the ACME ones aren't necesarrily external, and
proxying them may break some stuff (not all enterprise setups have control over the
proxy to make it differ between internal/external resources) or be just undesired.
What I'm missing on this and the acme patch is to actually step back and think
proxying in PVE/PMG through, what are the different use cases, how can they be
grouped sensible and exposed to the admin. At leas acknowledging something like
that in the commit message and giving some reasons about why that drawback is
accepted for now.
I mean, Stoiko at least made it a per-acme-plugin decision if something should get
proxied through the datacenter configured proxy or not, but one may want to have
different too (albeit blowing it up per single smallest request-type is surely overkill).
A https variant could be interesting too.
One could imagine a format string like (disclaimer, made up on the spot):
proxy: http=<>,https=<>,apply-on=<all|[base|acme|template-downloads]
(<base> would be the original repo/appliances/subscriber coverage)
> On 11/9/21 15:13, Oguz Bektas wrote:
>> $ tail -f /var/log/squid/access.log
>> ...
>> 1636466926.415 42386 127.0.0.1 TCP_TUNNEL/200 557422779 CONNECT fedorapeople.org:443 - HIER_DIRECT/152.19.134.199 -
>>
>>
>> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
>> ---
>> PVE/API2/Storage/Status.pm | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/PVE/API2/Storage/Status.pm b/PVE/API2/Storage/Status.pm
>> index 02c970f..8eda39e 100644
>> --- a/PVE/API2/Storage/Status.pm
>> +++ b/PVE/API2/Storage/Status.pm
>> @@ -639,6 +639,7 @@ __PACKAGE__->register_method({
>> hash_required => 0,
>> verify_certificates => $param->{'verify-certificates'} // 1,
>> http_proxy => $dccfg->{http_proxy},
>> + https_proxy => $dccfg->{http_proxy},
>> };
>> my ($checksum, $checksum_algorithm) = $param->@{'checksum', 'checksum-algorithm'};
>>
next prev parent reply other threads:[~2021-11-25 14:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 14:13 [pve-devel] [PATCH manager storage 0/2] fix #3716: allow https proxy for URL download Oguz Bektas
2021-11-09 14:13 ` [pve-devel] [PATCH storage 1/2] download-url: reuse http_proxy from datacenter.cfg for https Oguz Bektas
2021-11-25 13:34 ` Dominik Csapak
2021-11-25 14:06 ` Thomas Lamprecht [this message]
2021-11-25 14:23 ` Dominik Csapak
2021-11-09 14:13 ` [pve-devel] [PATCH manager 2/2] set https_proxy to http_proxy for querying url metadata Oguz Bektas
2021-11-25 13:34 ` Dominik Csapak
2021-11-25 13:49 ` Oguz Bektas
2021-11-25 14:07 ` Thomas Lamprecht
2021-11-25 14:14 ` Oguz Bektas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42391428-bd80-2d55-5cb6-7c8ecd97a3a8@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=o.bektas@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox