[Feature Request] Proxy auto-configuration (PAC) support

We run devices on customers’ corporate networks. We’ve recently had a request to support proxy auto-configuration for our devices’ connections to REST APIs, including the Mender client’s connection to hosted.mender.io. Currently we’re using a workaround by supplying a fixed proxy server address through the HTTPS_PROXY environment variable. The customer would prefer the client to download a PAC file in order to resolve the proxy server address (or list of addresses to try in order).

Would you consider pulling in optional support for PAC file processing? I don’t have any Golang programming experience but I did come across a PAC parsing library and an example of a transport client that uses it:

Could this somehow be integrated into the Mender client’s HTTP transport?

@eystein thoughts?

Upon further consideration, I could see how adding direct support might be awkward. The historical design of needing a JavaScript parsing engine to process PAC files is burdensome for standalone clients, but seemed natural to browser developers who already have one loaded.

It looks like libproxy is one way to get this support (at least for a C/C++ application, not sure about Golang bindings).

Perhaps more interesting is querying proxy info over D-Bus using pacrunner. I’m not sure if that fits your model or not.

Unfortunately, it seems like PAC file processing and proxy configuration is a messy problem in general with all kinds of hacks in the real world to make it work.

Thanks for the ideas.

I am not too familiar with this area unfortunately, but as I understand it you only want to auto-configure the URI the Mender client uses? This is indeed a quite interesting problem.

We did look a bit into service discovery like avahi, is that something you have considered? We’d need to solve a general problem in a standard way if we are to include it in the client…

I want to be able to resolve URLs for HTTP proxy servers dynamically by downloading and processing a PAC file, whose purpose is to tell an HTTP client which proxy server URL(s) to use for connections. Currently the Mender client only allows setting a static proxy URL using the HTTP_PROXY or HTTPS_PROXY environment variable.

A workaround I am considering is to use a stand-alone script or program that will download and process a PAC file and write the corresponding proxy server URL list to a file. Then I’d make a systemd timer that periodically runs that script and restarts Mender client with a new value for HTTPS_PROXY.