Mender client HTTP proxy support

Hi everyone,

I’m trying to understand whether the mender client does support HTTP proxy to connect to a mender server. The only thing I found is this discussion saying it’s currently not supported: https://groups.google.com/a/lists.mender.io/forum/#!msg/mender/hYak9bd3rXE/8cRKSCpiBgAJ

And this reflects as well my observation. My mender client is not able to connect to a mender server inside our company network (which is using HTTP proxy). The HTTP_PROXY setting seems to be ignored.

Question: Did I miss something or is the mender client not supporting HTTP proxy? Is it planned to be supported in the future?

Thanks,
Bruno

Hi @freibrun,

I must admit I am not an expert on this area, but can’t you just use the “internal company IP” of the Mender server directly (instead of HTTP_PROXY)? Mender does require TLS for all communication for security reasons, is that supported with HTTP_PROXY or would HTTPS_PROXY be needed? If support for this requires plaintext communication it is unlikely we can prioritize this due to security requirements, unfortunately. But again I am not an expert. :slight_smile:

We are looking at adding support for reverse proxy (with TLS termination and initiation) for potentially different reasons (e.g. to forward requests from device to hosted Mender when there are restrictive security policies in place), not sure if this would be relevant here.

Does that make sense?

I also think that comment on the older thread is still valid and would try it out :slight_smile:

https://groups.google.com/a/lists.mender.io/d/msg/mender/hYak9bd3rXE/vQL_ji6rAwAJ

Please report back if you have the opportunity to test it out.

Unfortunately I’m also not an expert on that topic. I just noticed that I get no connection to mender server inside our company network. Same is valid for any other services (such as apt-get, docker pull, pip install, …) as long as I don’t configure HTTP_PROXY and HTTPS_PROXY with our companies proxy.

Once I set HTTP_PROXY and HTTPS_PROXY (and configure all extra portions needed for the different tools which handles proxies differently), all services are running and are able to connect “to the internet”.
All except mender client.

That’s why I wondered if there is any additional setting needed to let mender client connecting to mender server via proxy.

I don’t think reverse proxy (used by servers) helps in this scenario. I’m looking for a forward proxy (used by clients).

Currently I have no opportunity to test it.

As a workaround I simply switched to a “proxy free environment” for my ongoing mender tests. :smiley: