In code: p = strings.ToLower(strings.TrimSpace(p)) if len(p) == 0 { continue } if hasPort(p) { p = p[:strings.LastIndex(p, ":")] } if addr == p { return false } if p[0] == '.' && (strings.HasSuffix(addr, p) || addr == p[1:]) { // no_proxy ".foo.com" matches "bar.foo.com" or " foo.com" return false } if p[0] != '.' && strings.HasSuffix(addr, p) && addr[len(addr)-len(p)-1] == '.' { // no_proxy "foo.com" matches "bar.foo.com" return false } if _, net, err := net.ParseCIDR(p); ip != nil && err == nil && net.Contains(ip) { return false }
If we wanted to support "*.bar.com" we could add it to the first if with something like:
if len(p) > 2 && p[0] == '*' && p[1] == '.' { p = p[1:] } (eg, treat *.com as just .com)
On Mon, May 28, 2018 at 8:20 AM, John Meinel <email address hidden> wrote:
> * is not supported (as it wasn't supported by the underlying Go proxy > code). > However > "bar.com" matches foo.bar.com, as does ".bar.com" > So while we don't allow "*.bar.com" it can be expressed as just "bar.com" > and ".bar.com". > > > On Sat, May 26, 2018 at 2:43 AM, Dmitrii Shcherbakov < > <email address hidden>> wrote: > >> Public bug reported: >> >> Looks like *.domain.com[:port] syntax is no supported by no-proxy (CIDR >> syntax is supported judging by other tests I performed): >> >> cat model-config.yaml >> logging-config: '<root>=ERROR;unit=TRACE;juju.worker.proxyupdater=TRACE' >> #no-proxy: 'localhost,127.0.0.1,10.10.101.0/24,10.10.10.0/24' >> #http-proxy: 'http://10.10.10.88:3128' >> #https-proxy: 'http://10.10.10.88:3128' >> no-proxy: '' >> http-proxy: '' >> https-proxy: '' >> juju-no-proxy: 'localhost,127.0.0.1,10.10.101 >> .0/24,10.10.10.0/24,*.canonical.com,*.ubuntu.com' >> juju-http-proxy: 'http://10.10.10.88:3128' >> juju-https-proxy: 'http://10.10.10.88:3128' >> apt-http-proxy: 'http://10.10.10.88:3128' >> apt-https-proxy: 'http://10.10.10.88:3128' >> >> juju model-config -m controller model-config.yaml >> >> dd6ca7e2-1304-456b-8d0a-d2eaa3993f53: machine-0 2018-05-25 22:17:54 >> DEBUG juju.worker.proxyupdater proxyupdater.go:165 new legacy proxy >> settings proxy.Settings{Http:"", Https:"", Ftp:"", NoProxy:"10.10.101.3", >> AutoNoProxy:""} >> dd6ca7e2-1304-456b-8d0a-d2eaa3993f53: machine-0 2018-05-25 22:17:54 >> DEBUG juju.worker.proxyupdater proxyupdater.go:186 new apt proxy settings >> proxy.Settings{Http:"http://10.10.10.88:3128", Https:" >> http://10.10.10.88:3128", Ftp:"", NoProxy:"*.canonical.com,*.ubuntu.com, >> 10.10.10.0/24,10.10.101.0/24,127.0.0.1,localhost", AutoNoProxy:""} >> 32041e72-121e-4e4c-89f7-7a35918f4a4c: unit-ubuntu-0 2018-05-25 22:18:13 >> INFO unit.ubuntu/0.juju-log server.go:284 Reactive main running for hook >> update-status >> >> ubuntu@proxytest:~$ juju model-config -m controller | grep proxy >> apt-ftp-proxy default "" >> apt-http-proxy model http://10.10.10.88:3128 >> apt-https-proxy model http://10.10.10.88:3128 >> apt-no-proxy default "" >> ftp-proxy default "" >> http-proxy default "" >> https-proxy default "" >> juju-ftp-proxy default "" >> juju-http-proxy model http://10.10.10.88:3128 >> juju-https-proxy model http://10.10.10.88:3128 >> juju-no-proxy model localhost,127.0.0.1,10.10.101. >> 0/24,10.10.10.0/24,*.canonical.com,*.ubuntu.com >> logging-config model <root>=ERROR;unit=TRACE;juju.w >> orker.proxyupdater=TRACE >> no-proxy model "" >> proxy-ssh default false >> >> With this model-config I still get requests sent out to a proxy. >> >> 1527286866.141 285 10.10.101.3 TCP_TUNNEL/200 3529 CONNECT >> streams.canonical.com:443 - HIER_DIRECT/91.189.88.141 - >> 1527286866.431 289 10.10.101.3 TCP_TUNNEL/200 6692 CONNECT >> streams.canonical.com:443 - HIER_DIRECT/91.189.88.141 - >> 1527286866.929 150 10.10.101.3 TCP_MISS/404 507 GET >> http://cloud-images.ubuntu.com/releases/streams/v1/index2.sjson - >> HIER_DIRECT/91.189.92.141 text/html >> 1527286866.994 64 10.10.101.3 TCP_MISS/200 2894 GET >> http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson - >> HIER_DIRECT/91.189.92.141 - >> 1527286867.061 65 10.10.101.3 TCP_MISS/404 507 GET >> http://cloud-images.ubuntu.com/releases/streams/v1/mirrors.sjson - >> HIER_DIRECT/91.189.92.141 text/html >> 1527286867.200 137 10.10.101.3 TCP_MISS/200 21719 GET >> http://cloud-images.ubuntu.com/releases/streams/v1/com.ubunt >> u.cloud:released:gce.sjson - HIER_DIRECT/91.189.92.141 - >> 1527286869.411 5170 10.10.101.3 TCP_TUNNEL/200 52275 CONNECT >> api.jujucharms.com:443 - HIER_DIRECT/162.213.33.121 - >> >> Example implementation of wildcard support: >> https://go-review.googlesource.com/c/go/+/75730/3/src/net/ >> http/no_proxy.go#162 >> https://go-review.googlesource.com/c/go/+/75730/3/src/net/ >> http/no_proxy.go#60 >> >> ** Affects: juju >> Importance: Undecided >> Status: New >> >> >> ** Tags: cpe-onsite >> >> -- >> You received this bug notification because you are subscribed to juju. >> Matching subscriptions: juju bugs >> https://bugs.launchpad.net/bugs/1773463 >> >> Title: >> [2.4-beta3] wildcard syntax is not supported by no-proxy/juju-no-proxy >> >> To manage notifications about this bug go to: >> https://bugs.launchpad.net/juju/+bug/1773463/+subscriptions >> > >
In code: ToLower( strings. TrimSpace( p))
continue
p = p[:strings. LastIndex( p, ":")]
return false HasSuffix( addr, p) || addr ==
// no_proxy ".foo.com" matches "bar.foo.com" or "
return false HasSuffix( addr, p) && addr)-len( p)-1] == '.' {
// no_proxy "foo.com" matches "bar.foo.com"
return false
return false
p = strings.
if len(p) == 0 {
}
if hasPort(p) {
}
if addr == p {
}
if p[0] == '.' && (strings.
p[1:]) {
foo.com"
}
if p[0] != '.' && strings.
addr[len(
}
if _, net, err := net.ParseCIDR(p); ip != nil && err == nil
&& net.Contains(ip) {
}
If we wanted to support "*.bar.com" we could add it to the first if with
something like:
if len(p) > 2 && p[0] == '*' && p[1] == '.' {
p = p[1:]
}
(eg, treat *.com as just .com)
On Mon, May 28, 2018 at 8:20 AM, John Meinel <email address hidden> wrote:
> * is not supported (as it wasn't supported by the underlying Go proxy =ERROR; unit=TRACE; juju.worker. proxyupdater= TRACE' 127.0.0. 1,10.10. 101.0/24, 10.10.10. 0/24' 10.10.10. 88:3128' 10.10.10. 88:3128' 127.0.0. 1,10.10. 101 10.10.0/ 24,*.canonical. com,*.ubuntu. com' 10.10.10. 88:3128' 10.10.10. 88:3128' 10.10.10. 88:3128' 10.10.10. 88:3128' 1304-456b- 8d0a-d2eaa3993f 53: machine-0 2018-05-25 22:17:54 proxyupdater proxyupdater.go:165 new legacy proxy Http:"" , Https:"", Ftp:"", NoProxy: "10.10. 101.3", 1304-456b- 8d0a-d2eaa3993f 53: machine-0 2018-05-25 22:17:54 proxyupdater proxyupdater.go:186 new apt proxy settings Http:"http:// 10.10.10. 88:3128", Https:" 10.10.10. 88:3128", Ftp:"", NoProxy: "*.canonical. com,*.ubuntu. com, 0/24,10. 10.101. 0/24,127. 0.0.1,localhost ", AutoNoProxy:""} 121e-4e4c- 89f7-7a35918f4a 4c: unit-ubuntu-0 2018-05-25 22:18:13 0.juju- log server.go:284 Reactive main running for hook 10.10.10. 88:3128 10.10.10. 88:3128 10.10.10. 88:3128 10.10.10. 88:3128 127.0.0. 1,10.10. 101. 10.10.0/ 24,*.canonical. com,*.ubuntu. com ERROR;unit= TRACE;juju. w ter=TRACE canonical. com:443 - HIER_DIRECT/ 91.189. 88.141 - canonical. com:443 - HIER_DIRECT/ 91.189. 88.141 - cloud-images. ubuntu. com/releases/ streams/ v1/index2. sjson - 91.189. 92.141 text/html cloud-images. ubuntu. com/releases/ streams/ v1/index. sjson - 91.189. 92.141 - cloud-images. ubuntu. com/releases/ streams/ v1/mirrors. sjson - 91.189. 92.141 text/html cloud-images. ubuntu. com/releases/ streams/ v1/com. ubunt released: gce.sjson - HIER_DIRECT/ 91.189. 92.141 - com:443 - HIER_DIRECT/ 162.213. 33.121 - /go-review. googlesource. com/c/go/ +/75730/ 3/src/net/ proxy.go# 162 /go-review. googlesource. com/c/go/ +/75730/ 3/src/net/ /bugs.launchpad .net/bugs/ 1773463 juju-no- proxy /bugs.launchpad .net/juju/ +bug/1773463/ +subscriptions
> code).
> However
> "bar.com" matches foo.bar.com, as does ".bar.com"
> So while we don't allow "*.bar.com" it can be expressed as just "bar.com"
> and ".bar.com".
>
>
> On Sat, May 26, 2018 at 2:43 AM, Dmitrii Shcherbakov <
> <email address hidden>> wrote:
>
>> Public bug reported:
>>
>> Looks like *.domain.com[:port] syntax is no supported by no-proxy (CIDR
>> syntax is supported judging by other tests I performed):
>>
>> cat model-config.yaml
>> logging-config: '<root>
>> #no-proxy: 'localhost,
>> #http-proxy: 'http://
>> #https-proxy: 'http://
>> no-proxy: ''
>> http-proxy: ''
>> https-proxy: ''
>> juju-no-proxy: 'localhost,
>> .0/24,10.
>> juju-http-proxy: 'http://
>> juju-https-proxy: 'http://
>> apt-http-proxy: 'http://
>> apt-https-proxy: 'http://
>>
>> juju model-config -m controller model-config.yaml
>>
>> dd6ca7e2-
>> DEBUG juju.worker.
>> settings proxy.Settings{
>> AutoNoProxy:""}
>> dd6ca7e2-
>> DEBUG juju.worker.
>> proxy.Settings{
>> http://
>> 10.10.10.
>> 32041e72-
>> INFO unit.ubuntu/
>> update-status
>>
>> ubuntu@proxytest:~$ juju model-config -m controller | grep proxy
>> apt-ftp-proxy default ""
>> apt-http-proxy model http://
>> apt-https-proxy model http://
>> apt-no-proxy default ""
>> ftp-proxy default ""
>> http-proxy default ""
>> https-proxy default ""
>> juju-ftp-proxy default ""
>> juju-http-proxy model http://
>> juju-https-proxy model http://
>> juju-no-proxy model localhost,
>> 0/24,10.
>> logging-config model <root>=
>> orker.proxyupda
>> no-proxy model ""
>> proxy-ssh default false
>>
>> With this model-config I still get requests sent out to a proxy.
>>
>> 1527286866.141 285 10.10.101.3 TCP_TUNNEL/200 3529 CONNECT
>> streams.
>> 1527286866.431 289 10.10.101.3 TCP_TUNNEL/200 6692 CONNECT
>> streams.
>> 1527286866.929 150 10.10.101.3 TCP_MISS/404 507 GET
>> http://
>> HIER_DIRECT/
>> 1527286866.994 64 10.10.101.3 TCP_MISS/200 2894 GET
>> http://
>> HIER_DIRECT/
>> 1527286867.061 65 10.10.101.3 TCP_MISS/404 507 GET
>> http://
>> HIER_DIRECT/
>> 1527286867.200 137 10.10.101.3 TCP_MISS/200 21719 GET
>> http://
>> u.cloud:
>> 1527286869.411 5170 10.10.101.3 TCP_TUNNEL/200 52275 CONNECT
>> api.jujucharms.
>>
>> Example implementation of wildcard support:
>> https:/
>> http/no_
>> https:/
>> http/no_proxy.go#60
>>
>> ** Affects: juju
>> Importance: Undecided
>> Status: New
>>
>>
>> ** Tags: cpe-onsite
>>
>> --
>> You received this bug notification because you are subscribed to juju.
>> Matching subscriptions: juju bugs
>> https:/
>>
>> Title:
>> [2.4-beta3] wildcard syntax is not supported by no-proxy/
>>
>> To manage notifications about this bug go to:
>> https:/
>>
>
>