Closed ddribeiro closed 1 month ago
@georgekarrv this is not just workflow blocking, but blocking the entire MDM setup flow (can't start Fleet server with the existing APNS cert). i would like to push for this to be a p1 - is this something you can review and confirm if your team can tackle sooner?
@lukeheath fyi
Also it seems the connection test uses https://api.sandbox.push.apple.com
, maybe it should use https://api.push.apple.com
(production endpoint)?
rationale for using the sandbox endpoint here https://github.com/fleetdm/fleet/pull/8730/files#r1028145802 (not saying it can't be changed! just adding historical context)
@zayhanlon @georgekarrv I agree, this is a P1 critical bug.
I had Sarah start looking at this today, hopefully we can get it into the RC
With HTTP in use, Fleet's servers find their path, Data flows, no ruse.
Behind proxies' veil, Fleet's reach expands with grace, Apple's secrets hail.
Fleet version: 4.54.1
💥 Actual behavior
A customer whose Fleet server is behind a proxy is unable to start their server after inserting their APNS certificate in their configuration file to enable Apple MDM features. It appears the
HTTP_PROXY
andHTTPS_PROXY
environment variables are not being used when communicating with Apple servers.The following error appears:
🧑💻 Steps to reproduce
mdm.apple_apns_*
andmdm.apple_scep*
in the Fleet server configuration file.HTTP_PROXY
andHTTPS_PROXY
environment variables correctly set, start the Fleet server.🕯️ More info (optional)
N/A