[pve-devel] [PATCH storage 1/2] download-url: reuse http_proxy from datacenter.cfg for https
d.csapak at proxmox.com
Thu Nov 25 15:23:18 CET 2021
On 11/25/21 15:06, Thomas Lamprecht wrote:
> On 25.11.21 14:34, Dominik Csapak wrote:
>> LGTM and works :)
> in general has the same issue as the ACME one from Stoiko, namely:
> The original http_proxy was always for external resources (our repos/appliances,
> subscription checks), but this and the ACME ones aren't necesarrily external, and
> proxying them may break some stuff (not all enterprise setups have control over the
> proxy to make it differ between internal/external resources) or be just undesired.
> What I'm missing on this and the acme patch is to actually step back and think
> proxying in PVE/PMG through, what are the different use cases, how can they be
> grouped sensible and exposed to the admin. At leas acknowledging something like
> that in the commit message and giving some reasons about why that drawback is
> accepted for now.
> I mean, Stoiko at least made it a per-acme-plugin decision if something should get
> proxied through the datacenter configured proxy or not, but one may want to have
> different too (albeit blowing it up per single smallest request-type is surely overkill).
> A https variant could be interesting too.
> One could imagine a format string like (disclaimer, made up on the spot):
> proxy: http=<>,https=<>,apply-on=<all|[base|acme|template-downloads]
> (<base> would be the original repo/appliances/subscriber coverage)
just to note, i am not disagreeing with you but a small comment to this
imho the current state is rather broken, for http urls it uses the proxy
but not for https (isos are often hosted on https for now, e.g. debians)
ans since at least one person expected it to use the proxy in any
case, i'd argue that for now this would be ok
yes a more general approach with specific uses/allow/blocklist (however
we want to implement this) would be better, but can still
be done after this
More information about the pve-devel