As a dev I am curious how this is handled in our code. Does every usage of RestClient need to know about the existence of a proxy? Are there multiple proxies for different aspects (eg. https://cdn.redhat.com vs. https://myinternalserver.example.com)?
On Thu, Apr 20, 2017 at 8:43 AM, Timo Goebel <m...@timogoebel.name> wrote: > Hi, > > Am 20.04.17 um 13:06 schrieb Sebastian Gräßl: > >> How common is a setup where external resources requiring HTTP are used >> with Foreman behind a HTTP proxy? >> >> I believe, this is very common in enterprise environments. Usually any > internet access is blocked for security reasons and only connections via a > proxy server are allowed. The proxy ususally does a MITM attack to be able > to investigate encrypted traffic. While this does make sense in some cases, > don't get me started why it does not make any sense in others. > > Comments? >> > > I think especially access to all the docker registries out there is > something a corporate it-security team would want to go through a proxy > server. Setting a proxy server on a server via environment variables > (http_proxy) is quite easy with systemd unit files. However that may lead > to problems when the client doesn't respect the 'no_proxy' environment > variable and suddenly all requests to a smart proxy are routed via the http > proxy. This is problematic when smart-proxy is on the same network and not > reachable via the proxy server. > I personally prefer only to have an explicit option in a settings file. > > - Timo > > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
