Univention Bugzilla – Bug 50613
proxy not used for https://
Last modified: 2020-06-24 12:52:58 CEST
Situation: Internal DNS does not resolve external addresses. Access to internet only works through http-proxy. During system setup on the network page a proxy can be configured, which is only setup for "http", but not for "https". As such https://updates.software-univention.de/ https://appcenter.software-univention.de/ do not work because the proxy is not used and the host tries to resolve the address itself. This can be easily seen by running wget -O- http://updates.software-univention.de/ which first contacts the proxy, receives a HTTP 302 redirect to https:// and then tries to resolve that address itself, which fails. TT: 2019-12-09/10
TT: 2020-06-18/19 TT: 2020-05-14/15 TT: 2020-04-23/24
d61451cd02 Bug #50613: Configure proxy settings e31a5f536e Bug #50613: yaml Package: univention-system-setup Version: 12.0.2-25A~4.4.0.202006221330 Branch: ucs_4.4-0; Scope: errata4.4-4
OK: d61451cd025df218e8d263213f23269d842312ba OK: errata-announce -V --only univention-system-setup.yaml OK: univention-system-setup.yaml FAIL: It would work if not for this oversight: UCS-4.4-3 (or later) in Appliance Setup mode: - `UMC-server` forks `umc-module -m setup` while no proxy is configured yet - Setting the proxy only writes the settings to UCRV proxy/http[s] - The setting gets written into the following files by UCR: - /etc/systemd/system/docker.service - /etc/docker/daemon.json - /etc/default/docker - /etc/apt/apt.conf.d/80proxy - /etc/profile - The last file is only sourced for new(!) interactive(!) login(!) shells - never for systemd and any service started by it - UMC validates the setting via UMCP `setup/check/repository_accessibility` - This forks `curl` from the already running `umc-module -m setup` process - That fails because environment variables `proxy_http[s]` are not set Also: base/univention-system-setup/umc/python/setup/checks/repositories.py calls `curl` for 3 strings - only UCRV `repository/online/server` might have a schema; `https://` should be prefixed for make them a proper URL for `cURL`. Also 2: Bug #44489 might also be affected by no proxy configuration
Good work finding the failing repository check! db66e7b242 Bug #50613: Fix repository server check, consider current proxy settings 2ed08fa52c Bug #50613: yaml univention-system-setup 12.0.2-26A~4.4.0.202006221738
OK: apt install OK: yaml FYI: There are many warning for <https://appcenter.software-univention.de/meta-inf/> due to the missing https_proxy setting during the package update; I'm ignoring that FYI: USS still complains when no Gateway is configured. Strictly speaking this is not required as long as the http-proxy is located in the same sub-network. OK: Install Master+S4 with http-proxy OK: grep ^[^#] /etc/apt/sources.list.d/*.list OK: apt update
<http://errata.software-univention.de/ucs/4.4/633.html>