Typo.

[homepage.git] / blog / Automatic_proxy_configuration_with_Debian_Edu___Skolelinux.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
  <head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
    <title>Petter Reinholdtsen: Automatic proxy configuration with Debian Edu / Skolelinux</title>
    <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
    <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />


  </head>
  <body>
    <div class="title">
 <h1>
     <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
     
 </h1>
 
</div>


    <div class="entry">
      <div class="title">Automatic proxy configuration with Debian Edu / Skolelinux</div>
      <div class="date">13th February 2012</div>
      <div class="body"><p>New in the Squeeze version of
<a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> is the
ability for clients to automatically configure their proxy settings
based on their environment.  We want all systems on the client to use
the WPAD based proxy definition fetched from <tt>http://wpad/wpad.dat</tt>, to
allow sites to control the proxy setting from a central place and make
sure clients do not have hard coded proxy settings.  The schools can
change the global proxy setting by editing
<tt>tjener:/etc/debian-edu/www/wpad.dat</tt> and the change propagate
to all Debian Edu clients in the network.</p>

<p>The problem is that some systems do not understand the WPAD system.
In other words, how do one get from a WPAD file like this (this is a
simple one, they can run arbitrary code):</p>

<blockquote><pre>
function FindProxyForURL(url, host)
{
   if (!isResolvable(host) ||
       isPlainHostName(host) ||
       dnsDomainIs(host, ".intern"))
      return "DIRECT";
   else
      return "PROXY webcache:3128; DIRECT";
}
</pre></blockquote>

<p>to a proxy setting in the process environment looking like this:</p>

<blockquote><pre>
http_proxy=http://webcache:3128/
ftp_proxy=http://webcache:3128/
</pre></blockquote>

<p>To do this conversion I developed a perl script that will execute
the javascript fragment in the WPAD file and return the proxy that
would be used for
<tt><a href="http://www.debian.org/">http://www.debian.org/</a></tt>,
and insert this extracted proxy URL in <tt>/etc/environment</tt> and
<tt>/etc/apt/apt.conf</tt>.  The perl script wpad-extract work just
fine in Squeeze, but in Wheezy the library it need to run the
javascript code is <a href="http://bugs.debian.org/631045">no longer
able to build</a> because the C library it depended on is now a C++
library.  I hope someone find a solution to that problem before Wheezy
is frozen.  An alternative would be for us to rewrite wpad-extract to
use some other javascript library currently working in Wheezy, but no
known alternative is known at the moment.</p>

<p>This automatic proxy system allow the roaming workstation (aka
laptop) setup in Debian Edu/Squeeze to use the proxy when the laptop
is connected to the backbone network in a Debian Edu setup, and to
automatically use any proxy present and announced using the WPAD
feature when it is connected to other networks.  And if no proxy is
announced, direct connections will be used instead.</p>

<p>Silently using a proxy announced on the network might be a privacy
or security problem.  But those controlling DHCP and DNS on a network
could just as easily set up a transparent proxy, and force all HTTP
and FTP connections to use a proxy anyway, so I consider that
distinction to be academic.  If you are afraid of using the wrong
proxy, you should avoid connecting to the network in question in the
first place.  In Debian Edu, the proxy setup is updated using dhcp and
ifupdown hooks, to make sure the configuration is updated every time
the network setup changes.</p>

<p>The WPAD system is documented in a
<a href="http://tools.ietf.org/html/draft-ietf-wrec-wpad-01">IETF
draft</a> and a
<a href="http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol">Wikipedia
page</a> for those that want to learn more.</p>
</div>
      
      <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.</div>
      
      
    </div>
    

    

    <div id="sidebar">
      


<h2>Archive</h2>
<ul>

<li>2015
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/01/">January (2)</a></li>

</ul></li>

<li>2014
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/01/">January (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/02/">February (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/05/">May (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/06/">June (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/07/">July (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/08/">August (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/09/">September (5)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/10/">October (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/11/">November (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/12/">December (5)</a></li>

</ul></li>

<li>2013
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/01/">January (11)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/02/">February (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/03/">March (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/04/">April (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/06/">June (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/07/">July (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/08/">August (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/09/">September (5)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/10/">October (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/11/">November (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/12/">December (3)</a></li>

</ul></li>

<li>2012
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/10/">October (17)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/11/">November (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/12/">December (7)</a></li>

</ul></li>

<li>2011
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>

</ul></li>

<li>2010
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>

</ul></li>

<li>2009
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>

</ul></li>

<li>2008
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>

</ul></li>

</ul>



<h2>Tags</h2>
<ul>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (15)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (109)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (151)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (15)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (12)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (265)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (22)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (14)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (41)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (19)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/lsdvd">lsdvd (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (32)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (254)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (167)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (11)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (50)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (81)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/reactos">reactos (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (41)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (46)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (9)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (29)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (46)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (34)</a></li>

</ul>


    </div>
    <p style="text-align: right">
 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.6</a>
</p>

  </body>
</html>