[pve-devel] [PATCH storage 1/2] download-url: reuse http_proxy from datacenter.cfg for https

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Nov 25 15:06:12 CET 2021


On 25.11.21 14:34, Dominik Csapak wrote:
> LGTM and works :)
> 

in general has the same issue as the ACME one from Stoiko, namely:
The original http_proxy was always for external resources (our repos/appliances,
subscription checks), but this and the ACME ones aren't necesarrily external, and
proxying them may break some stuff (not all enterprise setups have control over the
proxy to make it differ between internal/external resources) or be just undesired.

What I'm missing on this and the acme patch is to actually step back and think
proxying in PVE/PMG through, what are the different use cases, how can they be
grouped sensible and exposed to the admin. At leas acknowledging something like
that in the commit message and giving some reasons about why that drawback is
accepted for now.

I mean, Stoiko at least made it a per-acme-plugin decision if something should get
proxied through the datacenter configured proxy or not, but one may want to have
different too (albeit blowing it up per single smallest request-type is surely overkill).

A https variant could be interesting too.

One could imagine a format string like (disclaimer, made up on the spot):

proxy: http=<>,https=<>,apply-on=<all|[base|acme|template-downloads]

(<base> would be the original repo/appliances/subscriber coverage)


> On 11/9/21 15:13, Oguz Bektas wrote:
>> $ tail -f /var/log/squid/access.log
>> ...
>> 1636466926.415  42386 127.0.0.1 TCP_TUNNEL/200 557422779 CONNECT fedorapeople.org:443 - HIER_DIRECT/152.19.134.199 -
>>
>>
>> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
>> ---
>>   PVE/API2/Storage/Status.pm | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/PVE/API2/Storage/Status.pm b/PVE/API2/Storage/Status.pm
>> index 02c970f..8eda39e 100644
>> --- a/PVE/API2/Storage/Status.pm
>> +++ b/PVE/API2/Storage/Status.pm
>> @@ -639,6 +639,7 @@ __PACKAGE__->register_method({
>>           hash_required => 0,
>>           verify_certificates => $param->{'verify-certificates'} // 1,
>>           http_proxy => $dccfg->{http_proxy},
>> +        https_proxy => $dccfg->{http_proxy},
>>       };
>>         my ($checksum, $checksum_algorithm) = $param->@{'checksum', 'checksum-algorithm'};
>>





More information about the pve-devel mailing list