From e1088f616ffc73a96ee3433f0ea07639ef7513e7 Mon Sep 17 00:00:00 2001 From: Stoiko Ivanov Date: Tue, 9 Nov 2021 17:36:29 +0100 Subject: [PATCH] dns-challenge: add 'use-proxy' property this patch adds an optional 'use-proxy' property to the dns challenges. If set to 1 the caller is expected to add the proxy url in the plugin config, which is then set as 'http_proxy' and 'https_proxy' environment variable by the plugin caller (and then used by curl) Tested with the pdns plugin, direct traffic to the pdns server being dropped, and a configured squid proxy Signed-off-by: Stoiko Ivanov --- src/PVE/ACME/DNSChallenge.pm | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm index 7214d88..3e86f8c 100644 --- a/src/PVE/ACME/DNSChallenge.pm +++ b/src/PVE/ACME/DNSChallenge.pm @@ -56,7 +56,12 @@ sub properties { optional => 1, minimum => 0, maximum => 2 * 24 * 60 * 60, - } + }, + 'use-proxy' => { + description => "Flag indicating whether a http proxy should be used.", + type => 'boolean', + optional => 1, + }, }; } @@ -67,6 +72,7 @@ sub options { nodes => { optional => 1 }, disable => { optional => 1 }, 'validation-delay' => { optional => 1 }, + 'use-proxy' => { optional => 1 }, }; } @@ -84,6 +90,7 @@ my $proxmox_acme_command = sub { my $txtvalue = PVE::ACME::encode(sha256($key_auth)); my $dnsplugin = $data->{plugin}->{api}; my $plugin_conf_string = $data->{plugin}->{data}; + my $proxy = $data->{plugin}->{proxy}; # for security reasons, we execute the command as nobody # we can't verify that the code of the DNSPlugins are harmless. @@ -99,6 +106,7 @@ my $proxmox_acme_command = sub { } my $input = "$txtvalue\n"; $input .= "$plugin_conf_string\n" if $plugin_conf_string; + $input .= "https_proxy=$proxy\nhttp_proxy=$proxy\n" if $proxy; PVE::Tools::run_command($cmd, input => $input); -- 2.39.2