Standalone Signal-Desktop has problems connecting through a proxy

[janLo]

• [x] I have searched open and closed issues for duplicates

---

Bug description

I've set the http_proxy and https_proxy variables on my system. Sognal-Desktop however seems to ignore them. I cannot get a connection to get the QR code. An strace says:

[pid 17437] 01:57:05.094195 connect(36, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("52.206.164.16")}, 16) = -1 EINPROGRESS (Operation now in progress)

Which is clearly not the proxy.

Steps to reproduce

• Install Signal-Desktop behind a proxy
• Try to follow the steps to set it up.

Actual result: No QR code, Server not reachable Expected result: QR Code, normal operation.

Platform info

Operating System: GNU/Linux Browser: Chrome

Signal version: v1.0.34

Link to debug log

https://gist.github.com/0bbe048ee23480d58dae34f0b07e16fe

[ghost]

@scottnonnenberg Yes, it works but it's a hack, Signal needs to respect ALL_PROXY variable. GNOME and KDE do not set HTTPS_PROXY for socks proxy.

And you can test with a ssh -D to have a socks proxy on your computer.

[hillbicks]

@scottnonnenberg Yeah, I tried that already and it doesn't seem to work. With the pac setting signal doesn't even load the messages.

Is there documentation about the library? I'd like to see if there is specific requirements regarding the format of the pac file.

In my pac file there is an additional variable called PROXY which sets the actual proxy, I assume this is the problem.

[scottnonnenberg]

@hillbicks This is the library that gives us PAC support: https://github.com/TooTallNate/node-pac-resolver

[chassen]

hey guys, manage it get the beta by setting the following environment variables:

stormcaller:~ chassen$ env | grep -i PROxy ALL_PROXY=http://192.168.100.76:8080 HTTPS_PROXY=http://192.168.100.76:8080 HTTP_PROXY=http://192.168.100.76:8080

and then running the app from the CLI.

working and all, but a little klunky (having to have a session open and spawning from CLI).

Is there any work being down to integrate this into the actual desktop app, so we can just run from the GUI?

[jlengrand]

Can't get anything working myself either even with all the proxy environment variables set. Can someone guide me to the location of the relevant logs on MacOS? I've been looking into ~/Library/Logs/Signal but the folder is completely empty

[gasi-signal]

@jlengrand Sorry it’s not working for you. You can submit the logs via View > Debug Log or check ~/Library/Application Support/Signal/logs.

[jlengrand]

Thanks @gasi-signal , I'll look into it!

[heseber]

Did anyone make this work with an authenticating proxy where you would have something like

HTTP_PROXY=http://user:password@my-proxy.my-net.org:8080

etc.? On Windows 7?

[little-fish]

@heseber Yop, It's working for me with the latest Signal (1.11.0) on Windows 10. Try it with HTTPS_PROXY=...

[heseber]

Well, with "etc." I meant "HTTPS_PROXY", I also tried "ALL_PROXY". Does not work for me.

[lmaniak-intel]

It works on MacOS, but it's someway tricky. You need to set https_proxy variable indeed, but the proxy type needs to be SOCKS itself, because Signal uses both HTTPS and WS protocols. So, in order to run Signal behind proxy on MacOS properly, you need to run https_proxy=socks5://addr:port /Applications/Signal.app/Contents/MacOS/Signal from CLI.

[scottnonnenberg-signal]

All: if you are trying to set up proxy support and it's not working, please provide the error messages showing up in the logs. This feature is in beta and we're trying to collect information about how it works in the real world - if it's not working for you, we want to know! Sometimes those errors will indicate that you need a slightly different setup, but others will indicate errors that we might be able to plan for.

[gfairchild]

@lmaniak-intel, that's not true. I was able to use a standard HTTP(S) proxy with Signal above.

[chassen]

same....I had to send the HTTPS_PROXY environment variable, and then run signal from the cli...

hoping a day will come when I can just set that variable within the app itself, and not have to run from the CLI

[heseber]

Okay, this is the script I use (using lower case variable names does not help):

set HTTP_PROXY="http://myusername:mypassword@myproxy.net:8080"
set HTTPS_PROXY=%HTTP_PROXY%
set ALL_PROXY=%HTTP_PROXY%
"%LOCALAPPDATA%\Programs\signal-desktop-beta\Signal Beta.exe"

and below is the output on the console; I am particularly puzzled by the "you must specify the protocol" message - I would think the protocol is specified in the environment variables.

....\AppData\Local\Programs\signal-desktop-beta\Signal Beta.exe"

NODE_ENV production
NODE_CONFIG_DIR C:\Users\myusername\AppData\Local\Programs\signal-desktop-beta\resources\app.asar\config
NODE_CONFIG {}
ALLOW_CONFIG_MUTATIONS undefined
HOSTNAME undefined
NODE_APP_INSTANCE undefined
SUPPRESS_NO_CONFIG_WARNING undefined
Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop-beta' }
userData: C:\Users\myusername\AppData\Roaming\Signal Beta
making app single instance
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"app ready","time":"2018-05-16T09:50:57.832Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Ensure attachments directory exists","time":"2018-05-16T09:50:57.840Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Initializing BrowserWindow config: {\"show\":true,\"width\":800,\"height\":610,\"minWidth\":
640,\"minHeight\":360,\"autoHideMenuBar\":false,\"webPreferences\":{\"nodeIntegration\":false,\"preload\":\"C:\\\\Users\\\\myusername\\\\AppData\\\\Local\\\\Programs
\\\\signal-desktop-beta\\\\resources\\\\app.asar\\\\preload.js\"},\"icon\":\"C:\\\\Users\\\\myusername\\\\AppData\\\\Local\\\\Programs\\\\signal-desktop-beta\\\\reso
urces\\\\app.asar\\\\images\\\\icon_256.png\",\"maximized\":false,\"x\":1954,\"y\":780}","time":"2018-05-16T09:50:57.932Z","v":0}
Checking for update
Update for version 1.11.0-beta.5 is not available (latest version: 1.11.0-beta.5, downgrade is disallowed.
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"using proxy url \"http://myusername:mypassword@myproxy.net:8080\"","time":"2018-05-16
T09:50:59.799Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Using OS-level spell check API with locale de_DE","time":"2018-05-16T09:51:00.821Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"pre-main prep time: 2 ms","time":"2018-05-16T09:51:01.045Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Build expires:  2018-08-12T23:45:50.000Z","time":"2018-05-16T09:51:01.076Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"background page reloaded","time":"2018-05-16T09:51:01.108Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"environment: production","time":"2018-05-16T09:51:01.109Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Start IndexedDB migrations","time":"2018-05-16T09:51:01.110Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Run migrations on database with attachment data","time":"2018-05-16T09:51:01.110Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Database status {\"firstMigrationVersion\":12,\"lastMigrationVersion\":18,\"databaseVersion\
":18,\"isAlreadyUpgraded\":true}","time":"2018-05-16T09:51:01.172Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"Storage fetch","time":"2018-05-16T09:51:01.172Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"ConversationController: starting initial fetch","time":"2018-05-16T09:51:01.197Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"ConversationController: done with initial fetch","time":"2018-05-16T09:51:01.200Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"listening for registration events","time":"2018-05-16T09:51:01.202Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"opening provisioning socket https://textsecure-service.whispersystems.org","time":"2018-05-1
6T09:51:01.461Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":30,"msg":"provisioning failed TypeError: You must specify a \"protocol\" for the proxy type (http, htt
ps, socks, socks4, socks4a, socks5, socks5h, pac+data, pac+file, pac+ftp, pac+http, pac+https)\n    at new ProxyAgent ([REDACTED]\\app.asar\\node_modules\\proxy
-agent\\index.js:97:11)\n    at createSocket (file:///C:/Users/myusername/AppData/Local/Programs/signal-desktop-beta/resources/app.asar/js/libtextsecure.js:37539:16)
\n    at TextSecureServer.getProvisioningSocket (file:///C:/Users/myusername/AppData/Local/Programs/signal-desktop-beta/resources/app.asar/js/libtextsecure.js:38001:
14)\n    at file:///C:/Users/myusername/AppData/Local/Programs/signal-desktop-beta/resources/app.asar/js/libtextsecure.js:38090:24\n    at Promise (<anonymous>)\n
 at file:///C:/Users/myusername/AppData/Local/Programs/signal-desktop-beta/resources/app.asar/js/libtextsecure.js:38089:16\n    at <anonymous>","time":"2018-05-16T09
:51:01.470Z","v":0}
{"name":"log","hostname":"MYHOST","pid":7448,"level":50,"msg":"Top-level unhandled promise rejection: TypeError: You must specify a \"protocol\" for the pr
oxy type (http, https, socks, socks4, socks4a, socks5, socks5h, pac+data, pac+file, pac+ftp, pac+http, pac+https)","time":"2018-05-16T09:51:01.489Z","v":0}

[scottnonnenberg-signal]

@heseber The line in question is here - it parses the URL, then looks for the resultant protocol: https://github.com/TooTallNate/node-proxy-agent/blob/65fcf7af73fb1324c7e29ff7dee63b962951b457/index.js#L88-L102

I did a quick test on the Node.js console, so I'm puzzled as well. Maybe the real URL you supplied (before you replaced it with this fake URL was missing something?)

> var url = require('url');
> url.parse('http://myusername:mypassword@myproxy.net:8080')
Url {
  protocol: 'http:',
  slashes: true,
  auth: 'myusername:mypassword',
  host: 'myproxy.net:8080',
  port: '8080',
  hostname: 'myproxy.net',
  hash: null,
  search: null,
  query: null,
  pathname: '/',
  path: '/',
  href: 'http://myusername:mypassword@myproxy.net:8080/' }

[ghost]

hoping a day will come when signal will use ALL_PROXY variable (socks://) and works out of the box on Linux!

[heseber]

No, the real URL was not missing anything. I really just replaced the user name, password and hostname.

[scottnonnenberg-signal]

@heseber I suspect that there was something in the username or password that needed some kind of escaping, so the URL wasn't able to be parsed.

[heseber]

No, the username is just letters, the password only letters and digits, and the hostname just letters, a dash and points.

[scottnonnenberg-signal]

@heseber It may be time for you to reach out to me directly so we can sort this out. Other people aren't complaining about the same error, so it does appear to be something unique with your situation.

[269git]

I have the same prob behind our company Proxy as @heseber. I tried 1.12.0:

`H:>"%LOCALAPPDATA%\Programs\signal-desktop\Signal.exe"

H:> NODE_ENV production NODE_CONFIG_DIR C:\Users\user\AppData\Local\Programs\signal-desktop\resources\app.asar\config NODE_CONFIG {} ALLOW_CONFIG_MUTATIONS undefined HOSTNAME undefined NODE_APP_INSTANCE undefined SUPPRESS_NO_CONFIG_WARNING undefined Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' } userData: C:\Users\user\AppData\Roaming\Signal making app single instance {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"app ready","time":"2018-06-05T14:45:43.952Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Ensure attachments directory exists","time":"2018-06-05T14:45:43.957Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Initializing BrowserWindow config: {\"show\":true,\"width\":800,\"height\":610,\"minWidth\":640,\"minHeight\":360,\"autoHideMenuBa r\":false,\"webPreferences\":{\"nodeIntegration\":false,\"nodeIntegrationInWorker\":false,\"preload\":\"C:\\Users\\user\\AppData\\Local\\Programs\\signal-desktop\\resources\\app.as ar\\preload.js\",\"nativeWindowOpen\":true},\"icon\":\"C:\\Users\\user\\AppData\\Local\\Programs\\signal-desktop\\resources\\app.asar\\images\\icon_256.png\",\"maximized\":fa lse,\"x\":857,\"y\":96}","time":"2018-06-05T14:45:44.039Z","v":0} Checking for update {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"using proxy url \"http://user:passwd@proxy.myproxy.at:8080\"","time":"2018-06-05T14:45:45.846Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Using OS-level spell check API with locale de_DE","time":"2018-06-05T14:45:47.198Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"pre-main prep time: 2 ms","time":"2018-06-05T14:45:47.431Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Build expires: 2018-08-29T21:26:01.000Z","time":"2018-06-05T14:45:47.462Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"background page reloaded","time":"2018-06-05T14:45:47.500Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"environment: production","time":"2018-06-05T14:45:47.500Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Start IndexedDB migrations","time":"2018-06-05T14:45:47.502Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Run migrations on database with attachment data","time":"2018-06-05T14:45:47.505Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Database status {\"firstMigrationVersion\":12,\"lastMigrationVersion\":18,\"databaseVersion\":18,\"isAlreadyUpgraded\":true}","tim e":"2018-06-05T14:45:47.568Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Storage fetch","time":"2018-06-05T14:45:47.568Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"ConversationController: starting initial fetch","time":"2018-06-05T14:45:47.588Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"ConversationController: done with initial fetch","time":"2018-06-05T14:45:47.596Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"listening for registration events","time":"2018-06-05T14:45:47.599Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"opening provisioning socket https://textsecure-service.whispersystems.org","time":"2018-06-05T14:45:47.688Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"provisioning failed TypeError: You must specify a \"protocol\" for the proxy type (http, https, socks, socks4, socks4a, socks5, so cks5h, pac+data, pac+file, pac+ftp, pac+http, pac+https)\n at new ProxyAgent ([REDACTED]\app.asar\node_modules\proxy-agent\index.js:97:11)\n at _createSocket ([REDACTED]\app.asar\js\modul es\web_api.js:147:14)\n at Object.getProvisioningSocket ([REDACTED]\app.asar\js\modules\web_api.js:672:14)\n at file:///C:/Users/user/AppData/Local/Programs/signal-desktop/resources/app .asar/js/libtextsecure.js:37590:24\n at new Promise ()\n at file:///C:/Users/user/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:37589:16\n at <an onymous>","time":"2018-06-05T14:45:47.698Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":50,"msg":"Top-level unhandled promise rejection: TypeError: You must specify a \"protocol\" for the proxy type (http, https, socks, socks4, socks4a, socks5, socks5h, pac+data, pac+file, pac+ftp, pac+http, pac+https)","time":"2018-06-05T14:45:47.714Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Updating BrowserWindow config: {\"maximized\":false,\"autoHideMenuBar\":false,\"width\":800,\"height\":610,\"x\":857,\"y\":96}","t ime":"2018-06-05T14:45:56.779Z","v":0} {"name":"log","hostname":"clientid","pid":10592,"level":30,"msg":"Update notifications: {\"shouldClearNotifications\":false,\"shouldPlayNotificationSound\":false,\"shouldShowNotifications\":false, \"type\":\"disabled\",\"isNotificationGroupingSupported\":false}","time":"2018-06-05T14:45:56.791Z","v":0}`

[269git]

interesting ... the chrome extension works. As we are using a .pac I also tried the solution (with the desktop variant): set HTTP_PROXY="pac+http://pxc.myproxy.at/sp4.pac" set HTTPS_PROXY=%HTTP_PROXY% Same result as above

[k3vy]

Hi Signal Devs, I'm also behind a company firewall which is breaking up SSL via SSL Inspection and also tried it via "setx HTTPS_PROXY "prot://proxy:port", but the Connection to "https://textsecure-service.whispersystems.org/" is blocked because of Untrusted certificate authority. I know, It's a very big privacy plus for you to self-signed your certificates, but It won't work in companies with such security setups like mine and the other users here. It would be great if you could also sign a certificate via an official CA like QuoVadis (ProtoonMail is also using this CA :-) ). Would that be an option? Or would it be an Option to tunnel the SSL traffic trough Google, like you do in the iOS/Android App for censorship issues?

Thanks and keep up the awesome work!!

UPDATE 20.06.2018 I've also tried the Chrome App and it's also not working, because our firewall/intrusion system blocks "unknown ports", so it would be the best to use default ports for SSL(443) for business networks. And yeah, again the handshake for "https://textsecure-service-ca.whispersystems.org" gets blocked because of self-signed certificate...

opening provisioning socket https://textsecure-service-ca.whispersystems.org:80
WebSocket connection to 'wss://textsecure-service-ca.whispersystems.org:80/v1/websocket/provisioning/?agent=OWD' failed...

opening provisioning socket https://textsecure-service-ca.whispersystems.org:8443
WebSocket connection to 'wss://textsecure-service-ca.whispersystems.org:8443/v1/websocket/provisioning/?agent=OWD' failed ...

[freijon]

I have the same issue and I believe it's because of the self-signed certificate. Signal Desktop is unusable at work.

[k3vy]

Hi Dev, I've tested the proxy support via an SSH tunnel on windows 7, it works with: (Signal Desktop 1.12.1 and iOS App 2.26.0.26)

set HTTP_PROXY=socks://localhost:port
set HTTPS_PROXY=socks://localhost:port
start %LOCALAPPDATA%\Programs\signal-desktop\Signal.exe

But signal can't fetch the contacts and groups, when I manually try to import the contacts in the settings, I get a timeout after some time:

{"name":"log","hostname":"***","pid":***,"level":30,"msg":"Remove all notifications","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"SyncRequest created. Sending contact sync message...","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"PUT https://textsecure-service.whispersystems.org/v1/messages/+[REDACTED]","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"PUT https://textsecure-service.whispersystems.org/v1/messages/+[REDACTED] 200 Success","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"SyncRequest now sending group sync messsage...","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"PUT https://textsecure-service.whispersystems.org/v1/messages/+[REDACTED]","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"Update notifications: {\"shouldClearNotifications\":false,\"shouldPlayNotificationSound\":false,\"shouldShowNotifications\":false,\"type\":\"noNotifications\",\"isNotificationGroupingSupported\":false}","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"PUT https://textsecure-service.whispersystems.org/v1/messages/+[REDACTED] 200 Success","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"Sending a keepalive message","time":"***","v":0}
{"name":"log","hostname":"***","pid":***,"level":30,"msg":"sync timed out","time":"***","v":0}

[scottnonnenberg-signal]

@k3vy Ah, I see that you've posted the details here, not the other issue. :0) The big question is: does contact sync work for you when you're not on proxy? Based on those long entries, it's the other side (your mobile device) that isn't responding. Or perhaps there are errors further up in the log regarding the 'provisioning websocket?'

[k3vy]

@scottnonnenberg-signal Hi Scott, it was very strange. After some hours I could manually sync the contacts in the settings. Is there a "flood protection" or something in signal? Because I re-installed and paired Siganl Desktop many times because of testing the proxy settings.

[scottnonnenberg-signal]

@k3vy Yep, there are rate limits in place. You should be able to connect again soon.

[makuris]

Hi everyone, today my Signal for Chrome App stopped working, it says it is outdated. So I switched over to the standalone version. Unfortunately it is not working. It is unable to connect to the network, stating "Disconnected - Check your network connection" I guess due to the company proxys blocking traffic. However, the Chrome App was working like a charm. What is the main difference between the Chrome app and the standalone version? Is there a way to get the standalone version working? I am sorry but I am not sure on how to adapt the descriptions above.

[den200]

Same situation as above. Is it at least possible to have a clear "how to" to be able to apply the command line solution?

Thanks,

[denics]

@den200, something like:

https_proxy=http://proxy.xxx.org:8080 /Applications/Signal.app/Contents/MacOS/Signal

from your command line should simply work.

[denics]

@makuris The Signal for Chrome App uses the Chrome proxy settings while the Signal standalone needs to be configured. You can set your proxy in you cmd environment and then launch the app from there.

[den200]

@denics, thanks for the help. I'm on a Windows pc and tried the following: set HTTP_PROXY="pac+httpAddressToPacFile.pac?p=xxxxxxx" set HTTPS_PROXY=%HTTP_PROXY% "%LOCALAPPDATA%\Programs\signal-desktop-beta\Signal.exe"

and Signal still cannot connect. It remains on "loading" page. In console, it keeps on printing:

{"name":"log","hostname":"PCNAME","pid":5100,"level":50,"msg":"Whisper.InboxView::startConnectionListener: Unknown web socket status: -1","time":"2018-09-21T06:23:07.525Z","v":0}

There is also another proxy that links to a wpad.dat file. I' not sure how to use this.

[scottnonnenberg-signal]

@den200 If you could provide the .pac file itself to support@signal.org, we might be able to make progress. One thing we don't have is access to that kind of proxy setup, so we need your help.

[LauraWartschinski]

I am behind a corporate proxy that is specified in a wpad.dat file. By looking at it, I determined our proxy to be most likely proxy.[companyname].biz:8080. I added this proxy in the environment variables for HTTP_PROXY, HTTPS_PROXY, WSS_PROXY and ALL_PROXY.

Starting signal however still gives me an error suggesting that some socket wasn't able to connect:

{"name":"log","hostname":"DCPC03T0A8","pid":3792,"level":30,"msg":"opening provisioning socket https://textsecure-service.whispersystems.org","time":"2018-10-09T09:32:14.549Z","v":0}
{"name":"log","hostname":"DCPC03T0A8","pid":3792,"level":30,"msg":"provisioning socket closed. Code: 1006","time":"2018-10-09T09:32:56.669Z","v":0}

{"name":"log","hostname":"DCPC03T0A8","pid":3792,"level":50,"msg":"**provisioning failed Error:** websocket closed\n    at W3CWebSocket.socket.onclose.event [as onclose] ( [my local path] /signal-desktop/resources/app.asar/js/libtextsecure.js:37571:24)\n    at W3CWebSocket._dispatchEvent [as dispatchEvent] ([REDACTED]\\app.asar\\node_modules\\yaeti\\lib\\EventTarget.js:107:17)\n    at W3CWebSocket.onConnectFailed ([REDACTED]\\app.asar\\node_modules\\websocket\\lib\\W3CWebSocket.js:219:14)\n    at WebSocketClient.<anonymous> ([REDACTED]\\app.asar\\node_modules\\websocket\\lib\\W3CWebSocket.js:59:25)\n    at emitOne (events.js:116:13)\n    at WebSocketClient.emit (events.js:211:7)\n    at WebSocketClient.failHandshake ([REDACTED]\\app.asar\\node_modules\\websocket\\lib\\WebSocketClient.js:326:10)\n    at ClientRequest.<anonymous> ([REDACTED]\\app.asar\\node_modules\\websocket\\lib\\WebSocketClient.js:265:18)\n    at emitOne (events.js:116:13)\n    at ClientRequest.emit (events.js:211:7)","time":"2018-10-09T09:32:56.669Z","v":0}

I would be really happy to get any pointers on how to proceed.

[scottnonnenberg-signal]

@LauraWartschinski We have no information about your proxy, but I suspect that it doesn't like sustained connections (like our websockets) while allowing discrete requests through (like a single request for a web page). If you'd like to reach out at support@signal.org, we could work with you to learn more about your proxy.

[LauraWartschinski]

@scottnonnenberg Thank you, I will do that!

[eadamsintel]

One issue on Windows on corporate IT supported machines when setting a system wide https_proxy environment variable is that you have to keep changing that variable depending on whether you are connected to your companies intranet or connected at home. It would be nice if signal could pick up the wpad.dat file that many corporate IT departments use.

The easiest way to avoid this is to clear out the https_proxy system wide env variable and create a copy of the Signal icon that launches the program. I call mine "Signal - Proxy" and modify the properties changing the target to be as follows.

C:\Windows\System32\cmd.exe /c "set HTTPS_PROXY=<proxy:port> && path %path%;C:\Users\<username>\AppData\Local\Programs\signal-desktop && start Signal.exe"

Make sure to change to something like http://proxy.server.com:1080 and to your windows username. If you don't want to see the brief flashing of the black cmd window then change the setting to "Run Minimized" to hide that.

When you are not on the corporate proxy then launch Signal using the normal shortcut link but when you are on a corporate proxy launch it using your "Signal - Proxy" shortcut. Until a wpad.dat is supported this is the easiest way to manage signal between corporate and non-corporate environments.

[CaptainBalou]

I could get it running with the proxy url directly by using this shortcut command:

C:\Windows\System32\cmd.exe /c "set HTTPS_PROXY=http://proxy:port && "C:\Users\<user>\AppData\Local\Programs\signal-desktop-beta\Signal Beta.exe""

Using the pac+ notation doesn't work.

C:\Windows\System32\cmd.exe /c "set HTTPS_PROXY=pac+http://proxyscriptserver/proxy.pac && "C:\Users\<user>\AppData\Local\Programs\signal-desktop-beta\Signal Beta.exe""

I also used " surrounding the proxyconfigserver url but no success either.

Our users normally have no direct access to modify any env variable or modify shortcuts - but we won't deny signal messenger. So it would be awesome to let signal messenger for Windows take the system proxy settings to connect. For us the easiest way. Hopefully as well from a coding perspective. :-)

[nhs503]

On windows 10 using a vpn-connected proxy, I followed the same process from https://github.com/signalapp/Signal-Desktop/issues/1632#issuecomment-433626758 and it worked for me. Only issues (as mentioned):

1. I have to launch signal using a different shortcut based on whether I'm connected to the proxy or not
2. If the proxy changes (which it does) I'll have to go figure it out and edit the shortcut

Would really be best if this were just picked up from the system setting automatically!

[mattismyname]

Any guess when this feature will be included in a production release?

[sfakiana]

I think this issue is something that should be taken into account in the next production version of Signal Desktop.

[drewwells]

For OS X,

HTTPS_PROXY=http://domain:port; open -a /Applications/Signal.app/Contents/MacOS/Signal

[den200]

@scottnonnenberg, any news since the reception of the .pac files?

[djephri]

HTTPS_PROXY env variable workaround on OS X stopped working with 1.19.0.

edit: specifically, exporting HTTPS_PROXY='socks://localhost:port' now shows in logs errors such as:

request to https://textsecure-service.whispersystems.org/v1/profile/+[REDACTED]148 failed, reason: Invalid SOCKS proxy details were provided.

suggesting function isValidSocksProxy is failing now.

edit 2: reverting to 1.18.1 restored functionality.

edit 3: changing HTTPS_PROXY -> HTTP_PROXY worked. are you kidding me?

[ahutson-bbc]

Seems to have stopped working on Windows 7 with 1.19.0 as well (using "set HTTPS_PROXY=socks://xxxxx").

[Dayv1d]

Its still v 1.19, right? So still no "Signal at work", yet? Thats kinda dissapointing, as i am actively trying to convince many friends switching to signal, but they have the SAME PROBLEM.

[ffiarpg]

@scottnonnenberg Please reactivate the electron Signal build so I can use chrome proxy support until proxy support is added to Signal Desktop properly.

[vonj]

No life signs when using 1.19.0 on Windows 10 with proxy. I believe it's an NTLM proxy.