[pve-devel] [PATCH proxmox-acme 2/2] dns-challenge: add 'use-proxy' property

Stoiko Ivanov s.ivanov at proxmox.com
Tue Nov 9 17:36:29 CET 2021


this patch adds an optional 'use-proxy' property to the dns
challenges.

If set to 1 the caller is expected to add the proxy url in the plugin
config, which is then set as 'http_proxy' and 'https_proxy'
environment variable by the plugin caller (and then used by curl)

Tested with the pdns plugin, direct traffic to the pdns server being
dropped, and a configured squid proxy

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 src/PVE/ACME/DNSChallenge.pm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm
index 9b28970..c03b3db 100644
--- a/src/PVE/ACME/DNSChallenge.pm
+++ b/src/PVE/ACME/DNSChallenge.pm
@@ -50,7 +50,12 @@ sub properties {
 	    optional => 1,
 	    minimum => 0,
 	    maximum => 2 * 24 * 60 * 60,
-	}
+	},
+	'use-proxy' => {
+	    description => "Flag indicating whether a http proxy should be used.",
+	    type => 'boolean',
+	    optional => 1,
+	},
     };
 }
 
@@ -61,6 +66,7 @@ sub options {
 	nodes => { optional => 1 },
 	disable => { optional => 1 },
 	'validation-delay' => { optional => 1 },
+	'use-proxy' => { optional => 1 },
     };
 }
 
@@ -78,6 +84,7 @@ my $proxmox_acme_command = sub {
     my $txtvalue = PVE::ACME::encode(sha256($key_auth));
     my $dnsplugin = $data->{plugin}->{api};
     my $plugin_conf_string = $data->{plugin}->{data};
+    my $proxy = $data->{plugin}->{proxy};
 
     # for security reasons, we execute the command as nobody
     # we can't verify that the code of the DNSPlugins are harmless.
@@ -93,6 +100,7 @@ my $proxmox_acme_command = sub {
     }
     my $input = "$txtvalue\n";
     $input .= "$plugin_conf_string\n" if $plugin_conf_string;
+    $input .= "https_proxy=$proxy\nhttp_proxy=$proxy\n" if $proxy;
 
     PVE::Tools::run_command($cmd, input => $input);
 
-- 
2.30.2





More information about the pve-devel mailing list