As an app author, I want to set a HTTP_PROXY environment variable for my app which would result in the app's HTTP communication being tunneled over the Sandstorm httpGet (deprecated) API.
I believe @jparyani has done some work toward this already. I believe the current question-mark is: how should we handle HTTPS? Typically the HTTP_PROXY environment variable results in the CONNECT verb being used, so (presumably) Sandstorm would need to create a HTTPS CA that the app trusts. One implementation strategy, for better or for worse, is:
Each Sandstorm server generates a random key, and uses that when communicating with grains.
Sandstorm exposes an API called getCACertificate() which when called, returns a PEM-formatted public key version of the certificate.
Apps are expected to add that to their trust store somehow.
Other question:
How should this interact with the powerbox?
If we think this will never happen, then let's close this and point people at it when they ask.
As an app author, I want to set a
HTTP_PROXY
environment variable for my app which would result in the app's HTTP communication being tunneled over the SandstormhttpGet
(deprecated) API.I believe @jparyani has done some work toward this already. I believe the current question-mark is: how should we handle HTTPS? Typically the
HTTP_PROXY
environment variable results in theCONNECT
verb being used, so (presumably) Sandstorm would need to create a HTTPS CA that the app trusts. One implementation strategy, for better or for worse, is:getCACertificate()
which when called, returns a PEM-formatted public key version of the certificate.Other question:
Relevant discussion:
Thanks to @ndarilek for requesting this issue be filed.