From 3db40f686e7ed02df89156657791d15ea9accf2f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 27 Sep 2021 11:37:32 +0200
Subject: [redsocks] Always blacklist satellite.bwlehrpool

Otherwise, HTTPS breaks in proxy setups
---
 .../data/opt/openslx/scripts/systemd-setup_proxy   | 25 +++++++++++-----------
 1 file changed, 13 insertions(+), 12 deletions(-)

(limited to 'core/modules/redsocks')

diff --git a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
index 7cf9cb8c..c1224ec7 100755
--- a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
+++ b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy
@@ -64,25 +64,26 @@ if [ -n "$SLX_PROXY_BLACKLIST" ]; then
 	done >> "$tfile"
 fi
 
+# Append alias for satellite server, used for HTTPS
+SLX_PROXY_BLACKLIST="$SLX_PROXY_BLACKLIST satellite.bwlehrpool"
+mkdir -p "/etc/profile.d"
+rm -f -- "/etc/profile.d/99-proxy.sh"
+
 if [ "${SLX_PROXY_TYPE:0:5}" = "http-" ]; then
 	# transparent proxying for HTTP -- DOES NOT WORK, might give 400 Bad Request
 	#echo "iptables -t nat -A REDSOCKS -p tcp --dport 80 -j DNAT --to-destination ${SLX_PROXY_IP}:${SLX_PROXY_PORT}" >> "$tfile"
-	mkdir -p "/etc/profile.d" &> /dev/null
-	echo "export http_proxy='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
-	echo "export HTTP_PROXY='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
-	echo "export all_proxy='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
-	echo "export ALL_PROXY='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
-	echo -n "export no_proxy='${SLX_PXE_SERVER_IP}"
-	for ADDR in $SLX_PROXY_BLACKLIST; do
-		echo -n ", $ADDR"
-	done
-	echo "'"
-	echo -n "export NO_PROXY='${SLX_PXE_SERVER_IP}"
+	for var in http_proxy HTTP_PROXY all_proxy ALL_PROXY; do
+		echo "export ${var}='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
+	done >> "/etc/profile.d/99-proxy.sh"
+fi
+# No proxy - always set
+for var in no_proxy NO_PROXY; do
+	echo -n "export ${var}='${SLX_PXE_SERVER_IP}"
 	for ADDR in $SLX_PROXY_BLACKLIST; do
 		echo -n ", $ADDR"
 	done
 	echo "'"
-fi > "/etc/profile.d/99-proxy.sh"
+done >> "/etc/profile.d/99-proxy.sh"
 
 cat >> "$tfile" <<HEREDOCBROWN
 iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345
-- 
cgit v1.2.3-55-g7522