Hej, at the moment there is a PR[1] open on foreman-docker to set a HTTP proxy for requests to registries. The PR allows to set a HTTP proxy on the HTTP client, in this case deep down Excon, only for registry requests.
A HTTP proxy won't be set on requests if a `HTTP_PROXY` environment variable is available, since it is an unlikely setup to have registry request routed over a different proxy than other requests. However setting it via the environment variable will allow requests to succeed to resources available by the HTTP proxy, but will fail for those inside and possible blocked. The `HTTP_PROXY` environment variable seems to be a standard, and therefore Excon is built to use it when available. Excon is used by docker-api as well as fog, it might be used by other components and there might be other parts that use another HTTP client like RestClient, which also respects the variable. This means at the moment with that environment variable set some requests would already rely on it. In any case this should be in mentioned in the manual to be aware of, also because some operating systems set this globally. The question is should we make an afford to ensure deployment behind a HTTP proxy on a system with HTTP blocked works without issues and provide a way to configure it properly? I've tested Foreman with HTTP blocked and `HTTP_PROXY` set, but in a very basic setup, with the only external requests being to Docker registries outside and squid configured to just pass requests through regardless there to. It didn't show any apparent issue, but there are for sure issues with a more robust configured HTTP proxy. This raises another question: How common is a setup where external resources requiring HTTP are used with Foreman behind a HTTP proxy? Comments? All the best, Sebastian [1] https://github.com/theforeman/foreman-docker/pull/189 -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
