add UI for setting HTTP proxy to desktop app

[uhoreg]

Apparently, you can set the proxy by using a --proxy-server option on the command-line (e.g. --proxy-server=socks5://127.0.0.1:9050)

[t3chguy]

@uhoreg yeah but you asked for a UI :P that command line arg applies to chromium and electron

[uhoreg]

@t3chguy yup, just documenting here since people who are asking about proxying will probably find this issue. This way, they can use the command-line switch until a UI is done. ;)

[devdan]

I tested this for a SOCKS5 proxy (Tor) and it does not work. It seems that electron does not support --proxy-server as a command line parameter.

Riot is simply ignoring the parameter and connects the normal way. This is pretty bad because you assume that everything works over the proxy.

[t3chguy]

@devdan what OS? If its through Squirrel (Windows and possibly Mac) the argument may get consumed before it makes it to electron

[devdan]

Tested on Windows with the installer provided by riot.im. I don't know if it uses Squirrel or not.

[t3chguy]

@devdan yep that uses Squirrel.Windows as the updating mechanism, depending on which executable you are passing the argument to it may be consumed.

Try passing it to the executable %LOCALAPPDATA%\Riot\app-0.11.4\Riot.exe

[devdan]

This works. Thanks a lot!

Still, it would be very nice to have UI settings for this.

[t3chguy]

@devdan definitely going to happen eventually, I'm looking at making giving the app a more userful top bar to replace the standard system window chroming which could have proxy settings as an option, currently hard to shove proxy settings somewhere as you cannot reach user settings pre-login or when on the login spinner

[eX00r]

Proxy settings in UI would be nice yes!

[CR0CKER]

Any updates on this? For those of us in less fortunate political environments, Tor support will quickly become pretty crucial.

[tmladek]

+1

[t3chguy]

note to self, auth proxies in electron are meh: https://github.com/electron/electron/pull/3250

[natrius]

For quick&dirty you can also make a riot.cmd wherever you want and add there the following line START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server=socks5://127.0.0.1:9050 Just save and start with the cmd.

[RealShine]

Can't connect and send messages in China. Need network proxy function, urgent!

[t3chguy]

As documented in comments before, proxy function is already possible just has no ui

[ctsde-markus]

We just tried the workaround from 22 Oct 2018 on a Windows 10 PC but it doesn't work. Does it only work with a socks5 proxy? We have a squid proxy at http://IP:3128/ but no matter how we use the parameter--proxy-server=, it just gets ignored and the PC tries to connect directly to the matrix server without proxy (but is blocked by the router).

We tried (with and without surrounding "" for the proxy parameter):

START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server="http://IP:3128"
START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server="socks5://IP:3128"
START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server="IP:3128"

[t3chguy]

We just tried the workaround from 22 Oct 2018 on a Windows 10 PC but it doesn't work. Does it only work with a socks5 proxy? We have a squid proxy at http://IP:3128/ but no matter how we use the parameter--proxy-server=, it just gets ignored and the PC tries to connect directly to the matrix server without proxy (but is blocked by the router).

We tried (with and without surrounding "" for the proxy parameter):

START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server="http://IP:3128"
START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server="socks5://IP:3128"
START "" "%LOCALAPPDATA%\riot\Riot.exe" --proxy-server="IP:3128"

Re-read https://github.com/vector-im/riot-web/issues/3320#issuecomment-318668688 .

[Mikaela]

Could the issue be renamed to either remove the word "HTTP" or add "SOCKS" somewhere? SOCKS is mentioned multiple times within the comments and it's what Tor uses, but judging by the title this issue currently only focuses on HTTP proxy which e.g. Tor doesn't support without installing a local HTTP proxy with SOCKS upstream proxy support.

[t3chguy]

The proxy engine in electron/chromium supports socks proxies so it's not at all incorrect. And any ui for proxy will work with both

[ghost]

request some priority be given this 2+ year old issue. To run with command switch is a "work-around" that not many will learn of unless they search issues here, attempt to sort the command needed then verify it is working as expected.

Any updates on this? For those of us in less fortunate political environments, Tor support will quickly become pretty crucial.

Can't connect and send messages in China. Need network proxy function, urgent!

the above two comments speak of the true need for a solid proxy support (HTTP, and Socks4a and Socks5) and adding the settings to UI is the way to do it correctly for the masses.

[besendorf]

Just in case anyone else is confused by the example riot-desktop --proxy-server=socks5://127.0.0.1:9050 If you use Tor Browser the socks port is 9150 and not 9050. I tried it with the command line paramter and it seems to work (riot doesnt connect if tor isnt running) I didnt check if the IP leaks when doing something special though.

[ghost]

+1 needed

[blurHY]

any progress on this ?

[35609902357]

A pre-built generic Tor option should be available in the proxy settings, which automatically sets 127.0.0.1:9050 as proxy, before the login prompt.

The Tor options should include a failsafe mechanism to automatically block leaks (for example block WebRTC audio/video calls as they would leak the real IP address)

[t3chguy]

That sounds like a poor idea given that it might give the impression that it means using a built-in Tor proxy and you can have Tor running on any port. Especially given that 9150 is common too.

Typically Tor listens for SOCKS connections on port 9050. Tor Browser listens on port 9150.

[HostFat]

Any news?

[blurHY]

Any news?

It's not a priority according to anoa, but I think it's critical as it focuses on privacy.

[t3chguy]

but I think it's critical as it focuses on privacy.

It is not critical as it is possible already to do over the command line, it just doesn't have a shiny UI. No privacy issues here, just user-friendliness ones.

[evilsh3ll]

I'm on debian9 using the Nightly version and I'm not sure if riot is using tor, if I put a not valid proxy it seems to connect to internet, how can I be sure?

[besendorf]

I'm on debian9 using the Nightly version and I'm not sure if riot is using tor, if I put a not valid proxy it seems to connect to internet, how can I be sure?

riot-desktop --proxy-server=socks5://127.0.0.1:9150 without Tor Browser running and Riot didnt connect to the home server. If you want to be sure, especially with WebRTC, you'll have to check with wireshark.

[BoBeR182]

Any updates getting this done?

[githuberyt]

+1

[KBenster]

Yes, the electron proxy argument isn't honored by the client

[pilikan33]

i need tor too !

[h4x3rotab]

Copy & paste from the duplicated issue as some supplement information:

What would you like to do?

Change the proxy manually instead of using the system default proxy.

Why would you like to do it?

Accessing the global internet in some countries (e.g. China) could be complex. Sometimes we may want to proxy some software, while not touching the system proxy settings. A good example is Telegram, which allows the user to specify a list of the socks5 proxy, and can switch between them on the fly.

How would you like to achieve it?

Give user three options in the setting page:

1. No proxy
2. System default
3. Manual (ask user to input protocol, host, port, and optionally username and password. Http and socks5 protocols are preferred)

[xanoni]

Just FYI guys, --proxy-server=127.0.0.1:9050 didn't work for me, but --proxy-server=127.0.0.1:8118 does. The latter is the default TOR HTTP proxy (not SOCKS proxy).

However, as already noted elsewhere, the auto-update mechanism will still bypass the proxy. To be really safe you have to use a more secure operating system (Whonix / Tails / Qubes) or at least use an iptables-based solution instead of the command line switch. I wouldn't trust a --proxy-server switch if my freedom depended on it.

[k0gen]

On macOS do: open /Applications/Element.app --args --proxy-server=socks5://127.0.0.1:9050

Element should at least respect system default network settings (witch is not in macOS case) Turns out this is not true. If you have your system wide proxy settings enabled to use Tor, Element.app will respect and use those settings. Tested on Element.app version 1.10.8.

[arenekosreal]

--proxy-server=address:port works for me. But address:port must be a HTTP proxy without authentication. See https://www.electronjs.org/docs/latest/api/command-line-switches#--proxy-serveraddressport for more info But I still want to have a UI for setting proxy, not only http proxy, but also socks.

[xanoni]

--proxy-server=address:port works for me. But address:port must be a HTTP proxy without authentication

It has limitations, though, see my post above.

[ChungZH]

needed

[mat-l]

How is the progress about the implementation to pass the proxy via the ui instead of terminal command?

[HumanPopcycle]

This is important for the Android app, where we don't launch from the command line

[t3chguy]

@HumanPopcycle this repo is called element-desktop for a reason... It has nothing to do with the Android app.

[HumanPopcycle]

Nothing? Really? The Android app isn't just the Electron app crammed into an app wrapper? Really?

[t3chguy]

@HumanPopcycle https://github.com/vector-im/element-android is a native Kotlin project.

[tidux]

Bumping this as lack of native SOCKS5 support is a reason for people to stick to Telegram over Element.

[t3chguy]

@tidux contributions welcome.

[andrewoficial]

Any news?