maas-proxy.conf should have an include line
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Expired
|
Undecided
|
Unassigned |
Bug Description
Customer has their own proxy, but requires per-host authentication, which is fine to get for a few MAAS servers, but a lot of work to do all the nodes maas will deploy.
When double proxied (maas squid -> customer squid), we get an 403 access denied error fetching anything external from a node that MAAS is deploying.
Adding 'never direct allow localnet' solves this and allows minimal proxy configuration on maas deployed nodes, while keeping the security the customer desires.
While we can edit /usr/lib/
maas-proxy.
/etc/maas/
/var/snap/
tags: | added: feature |
Thanks for the use case. We've had requests for "proxy snippets", but couldn't actually tell us what they actually wanted to do.
I'm a bit confused, though. You say that the upstream proxy requires per-host authentication, but then says that 'never direct allow localnet' is enough. Where is the per-host authentication for the MAAS servers configured?