philippfromme
commented
5 years ago @barmac Can you help?
Closed dschulten closed 3 years ago
philippfromme
commented
5 years ago @barmac Can you help?
barmac
commented
5 years ago Thank you for opening this issue!
Indeed, we don't have a proxy support yet. This could be another feature among planned deploy tool upgrades.
The most basic solution which you mentioned is to read the proxy settings from env variables (e.g. http_proxy and https_proxy). I think it's quite convenient as we do not require users to do anything before deployment.
dschulten
commented
5 years ago Please also consider no_proxy and basic authentication with urlencoded credentials https_proxy=http://user%40example.com:pa%30ss@squid.example.com:3128. Maybe look at https://github.com/capriza/node-proxying-agent or similar solutions for ntlm proxies.
dschulten
commented
5 years ago It appears we use node-fetch, which apparently has an agent option for this purpose: https://github.com/bitinn/node-fetch/issues/79 Do you mind if I try to come up with a PR using https://github.com/capriza/node-proxying-agent or would you prefer a different agent?
nikku
commented
5 years ago @dschulten Does the Camunda Modeler v2.x support proxies for deployment?
dschulten
commented
5 years ago No: https://github.com/camunda/camunda-modeler/blob/v2.2.4/app/lib/createDeployer.js#L50 Unfortunately I also need the authentication offered by V3, so V2 is not an option for me.
nikku
commented
5 years ago Thanks for the note.
I don't 100% understand these proxy scenarios yet, could you elaborate on why and how they are used?
Your input helps us to build an appropriate solution.
dschulten
commented
5 years ago In corporate environments the access to http resources is often restricted. All requests must go through an http proxy before they go anywhere else. No proxy, no fish. I have seen scenarios where the system proxy gave you limited access to some informative sites which were considered OK for employees, like Google Search, but not Facebook, Online, Webmail etc. By system proxy I mean the proxy configuration which is set by administrators, https://www.chromium.org/developers/design-documents/network-stack/debugging-net-proxy gives you an idea how browsers determine those settings - mostly they use a platform library or pac files and admins lock down the system and browser proxy settings.
Only developers or admins in the same company were given access to a different proxy which they could use for places they need, e.g. github, stackoverflow, npmjs.
That is why it would be ideal if the modeler would use the system proxy (albeit that gets complicated fast, if you look at the link above), but also allow users to set a different proxy, optionally with authentication, possibly including NTLM authentication. Making it possible to specify any proxy (incl. authentication) is the bare minimum needed.
However, while the Electron browser honors the system proxy settings, the node http implementation (and I assume node-fetch) doesn't. Therefore we need to jump through some extra hoops in the modeler.
In my special case they have made my application accessible for employees in the browser via the system proxy. Therefore the browser can talk to the camunda webapps and the rest engine. It would be the most convenient solution for the users if the modeler used the system proxy. But setting a proxy manually (through env vars or a UI) would be totally fine, too.
barmac
commented
3 years ago However, while the Electron browser honors the system proxy settings, the node http implementation (and I assume node-fetch) doesn't. Therefore we need to jump through some extra hoops in the modeler.
I assume that this is not the case anymore since we have been using Fetch API for a while now. Based on that, I believe we can close the issue.
Please feel free to reopen the issue if my assumption is wrong.
Is your feature request related to a problem? Please describe.
My users consistently get connection timeouts when they try to deploy their diagrams. We wanted to use Modeler 3 for diagram uploads, but it turned out to be impossible.
They can reach the rest api in the browser just fine, only modeler runs into connection problems. I suspect that is because Modeler does not use the system proxy during deployment and has no way to configure a proxy either.
My request in the forums has not been answered, therefore I assume that a proxy is not supported currently.
Describe the solution you'd like
The modeler should use the system proxy, and it should still be possible to configure a proxy manually, maybe through environment variables, some manually editable settings file or a UI to define it.
Describe alternatives you've considered
https://stackoverflow.com/questions/18586902/node-js-global-proxy-setting has several pointers to possible solutions. http://geekswithblogs.net/shaunxu/archive/2013/09/05/semi-global-proxy-setting-for-node.js.aspx needs code changes. The proxychains tool seems too brute force, network admins are probably not going to like it.
Workaround Provide the BPMN and DMN Editor from http://bpmn.io/ as Browser Applications where one can provide a deployment UI. Drawback: Some programming required, users cannot update the modeling tools themselves. Upside: central update is possible.