]> pere.pagekite.me Git - homepage.git/blob - blog/Automatic_proxy_configuration_with_Debian_Edu___Skolelinux.html
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
New post.
[homepage.git] / blog / Automatic_proxy_configuration_with_Debian_Edu___Skolelinux.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
4 <head>
5 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
6 <title>Petter Reinholdtsen: Automatic proxy configuration with Debian Edu / Skolelinux</title>
7 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
8 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
9 </head>
10 <body>
11 <div class="title">
12 <h1>
13 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
14
15 </h1>
16
17 </div>
18
19
20 <div class="entry">
21 <div class="title">Automatic proxy configuration with Debian Edu / Skolelinux</div>
22 <div class="date">13th February 2012</div>
23 <div class="body"><p>New in the Squeeze version of
24 <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> is the
25 ability for clients to automatically configure their proxy settings
26 based on their environment. We want all systems on the client to use
27 the WPAD based proxy definition fetched from <tt>http://wpad/wpad.dat</tt>, to
28 allow sites to control the proxy setting from a central place and make
29 sure clients do not have hard coded proxy settings. The schools can
30 change the global proxy setting by editing
31 <tt>tjener:/etc/debian-edu/www/wpad.dat</tt> and the change propagate
32 to all Debian Edu clients in the network.</p>
33
34 <p>The problem is that some systems do not understand the WPAD system.
35 In other words, how do one get from a WPAD file like this (this is a
36 simple one, they can run arbitrary code):</p>
37
38 <blockquote><pre>
39 function FindProxyForURL(url, host)
40 {
41 if (!isResolvable(host) ||
42 isPlainHostName(host) ||
43 dnsDomainIs(host, ".intern"))
44 return "DIRECT";
45 else
46 return "PROXY webcache:3128; DIRECT";
47 }
48 </pre></blockquote>
49
50 <p>to a proxy setting in the process environment looking like this:</p>
51
52 <blockquote><pre>
53 http_proxy=http://webcache:3128/
54 ftp_proxy=http://webcache:3128/
55 </pre></blockquote>
56
57 <p>To do this conversion I developed a perl script that will execute
58 the javascript fragment in the WPAD file and return the proxy that
59 would be used for
60 <tt><a href="http://www.debian.org/">http://www.debian.org/</a></tt>,
61 and insert this extracted proxy URL in <tt>/etc/environment</tt> and
62 <tt>/etc/apt/apt.conf</tt>. The perl script wpad-extract work just
63 fine in Squeeze, but in Wheezy the library it need to run the
64 javascript code is <a href="http://bugs.debian.org/631045">no longer
65 able to build</a> because the C library it depended on is now a C++
66 library. I hope someone find a solution to that problem before Wheezy
67 is frozen. An alternative would be for us to rewrite wpad-extract to
68 use some other javascript library currently working in Wheezy, but no
69 known alternative is known at the moment.</p>
70
71 <p>This automatic proxy system allow the roaming workstation (aka
72 laptop) setup in Debian Edu/Squeeze to use the proxy when the laptop
73 is connected to the backbone network in a Debian Edu setup, and to
74 automatically use any proxy present and announced using the WPAD
75 feature when it is connected to other networks. And if no proxy is
76 announced, direct connections will be used instead.</p>
77
78 <p>Silently using a proxy announced on the network might be a privacy
79 or security problem. But those controlling DHCP and DNS on a network
80 could just as easily set up a transparent proxy, and force all HTTP
81 and FTP connections to use a proxy anyway, so I consider that
82 distinction to be academic. If you are afraid of using the wrong
83 proxy, you should avoid connecting to the network in question in the
84 first place. In Debian Edu, the proxy setup is updated using dhcp and
85 ifupdown hooks, to make sure the configuration is updated every time
86 the network setup changes.</p>
87
88 <p>The WPAD system is documented in a
89 <a href="http://tools.ietf.org/html/draft-ietf-wrec-wpad-01">IETF
90 draft</a> and a
91 <a href="http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol">Wikipedia
92 page</a> for those that want to learn more.</p>
93 </div>
94
95 <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.</div>
96
97
98 </div>
99
100
101
102
103 <div id="sidebar">
104
105
106
107 <h2>Archive</h2>
108 <ul>
109
110 <li>2012
111 <ul>
112
113 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
114
115 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
116
117 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
118
119 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>
120
121 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>
122
123 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>
124
125 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>
126
127 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (3)</a></li>
128
129 </ul></li>
130
131 <li>2011
132 <ul>
133
134 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
135
136 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
137
138 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
139
140 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
141
142 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
143
144 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
145
146 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
147
148 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
149
150 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
151
152 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
153
154 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
155
156 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
157
158 </ul></li>
159
160 <li>2010
161 <ul>
162
163 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
164
165 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
166
167 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
168
169 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
170
171 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
172
173 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
174
175 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
176
177 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
178
179 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
180
181 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
182
183 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
184
185 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
186
187 </ul></li>
188
189 <li>2009
190 <ul>
191
192 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
193
194 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
195
196 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
197
198 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
199
200 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
201
202 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
203
204 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
205
206 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
207
208 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
209
210 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
211
212 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
213
214 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
215
216 </ul></li>
217
218 <li>2008
219 <ul>
220
221 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
222
223 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
224
225 </ul></li>
226
227 </ul>
228
229
230
231 <h2>Tags</h2>
232 <ul>
233
234 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
235
236 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
237
238 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
239
240 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (2)</a></li>
241
242 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (12)</a></li>
243
244 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
245
246 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (56)</a></li>
247
248 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (111)</a></li>
249
250 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (9)</a></li>
251
252 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
253
254 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (145)</a></li>
255
256 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (17)</a></li>
257
258 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
259
260 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (6)</a></li>
261
262 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (30)</a></li>
263
264 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (16)</a></li>
265
266 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
267
268 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
269
270 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
271
272 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (22)</a></li>
273
274 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (192)</a></li>
275
276 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (142)</a></li>
277
278 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (4)</a></li>
279
280 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
281
282 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (34)</a></li>
283
284 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (48)</a></li>
285
286 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
287
288 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
289
290 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
291
292 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
293
294 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
295
296 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
297
298 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
299
300 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (23)</a></li>
301
302 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
303
304 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (1)</a></li>
305
306 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (36)</a></li>
307
308 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
309
310 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (4)</a></li>
311
312 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (10)</a></li>
313
314 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (6)</a></li>
315
316 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (32)</a></li>
317
318 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
319
320 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (25)</a></li>
321
322 </ul>
323
324
325 </div>
326 <p style="text-align: right">
327 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.4</a>
328 </p>
329
330 </body>
331 </html>
Nettsider og blogg.