#5555 Installer should warn about http_proxy
Opened 3 years ago by cheimes. Modified 2 years ago

I just helped a user with an installation problem. After a while we figured out that his company's http proxy interferes with the installer. Dogtag uses python-requests to connect to Tomcat. The requests library automatically picks up http proxy settings from the environment. http://docs.python-requests.org/en/latest/user/advanced/#proxies

It's rather hard to debug. I suggest to add a warning to all installers. Perhaps it's a good idea to unset the env vars right at the beginning of the scripts.

envkeys = set(k.upper() for k in os.environ)
if envkeys.intersection(('HTTP_PROXY', 'HTTPS_PROXY')):
    log.warn('HTTP proxy environment variables found. Please unset any proxy settings')

I hope issues like this will get fixed when #4431 is implemented and FreeIPA ships hardened/stripped down Web server configuration.

Replying to [comment:2 mkosek]:

I hope issues like this will get fixed when #4431 is implemented and FreeIPA ships hardened/stripped down Web server configuration.

The http_proxy setting is really a client thing which does not seem related to the server Apache configuration.

Replying to [comment:3 adelton]:

Replying to [comment:2 mkosek]:

I hope issues like this will get fixed when #4431 is implemented and FreeIPA ships hardened/stripped down Web server configuration.

The http_proxy setting is really a client thing which does not seem related to the server Apache configuration.

Correct, the ticket refers to client-side proxy settings. It's not related to Apache proxy at all. Some companies requires users to configure browsers to use a HTTP or SOCKS5 proxy to connect to the internet. For command lines tools such as curl, wget and Python's urllib the proxy configuration is stored in a set of environment variables.

The proxy settings can interfer with the FreeIPA and Dogtag installer. This was the case for the user with the installation problem.

PKIConnection will get a new argument trust_env to ignore any settings from the environment. I'll post the patch on the mailing list as soon as Dogtag 10.3 is released.

This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.

moving out tickets not implemented in 4.4.1

4.4.2 is a stabilization milestone. If this bug is important stabilization bug then please put it to NEEDS TRIAGE milestone for retriage.

Metadata Update from @cheimes:
- Issue assigned to cheimes
- Issue set to the milestone: FreeIPA 4.5 backlog

2 years ago

Login to comment on this ticket.

Metadata