Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operability behind a proxy #94

Closed
dapdizzy opened this issue Dec 16, 2016 · 20 comments
Closed

Operability behind a proxy #94

dapdizzy opened this issue Dec 16, 2016 · 20 comments

Comments

@dapdizzy
Copy link

Right now, elixir-slack based bots do not work behind a proxy.
The networking modules that Elixir-Slack is based on, are not passing proxy and proxy_auth options that are required to enable the app behind the prxy. This significantly limits the potential usage of Elixir-Slack bots.
@BlakeWilliams
Copy link
Owner

Can you be more specific? Is it the websocket connection? Initial authentication with Slack?

@dapdizzy
Copy link
Author

I probably can, but that requires digging in.
At first it's https connection (initial connection), then, probably, ssl websocket interaction.
The thing is that 'proxy' needs to be bypassed throughout the whole network related stack which is not the case now. I could probably dig deeper, but that would require some tracing and related digging stuff.

For now, it looks to me like this:

    1. Initial connection requires bypassing proxy parameters (options)
  2. Consecutive websocket interaction probably needs 'proxy' knwowledge too.

@dapdizzy
Copy link
Author

dapdizzy commented Dec 19, 2016
edited

When you run the elixir-slack based app behind the proxy (current code) it exits with a timeout. When I pass 'proxy' options to the initial connection call, it gies a little bit further and exits with some other error.
I believe this 'user defined issue' could be the basis for working on implementing operability behind a proxy. As I mentioned I would be able to provide specific details on the issue as the process goes..
The problem I faced when trying to implement proxied behavior was somewhere inside websocket_client erlang library, when I tried to pass proxy options to be applied in websocket_client for ssl erlang module calls.

@BlakeWilliams
Copy link
Owner

Interesting.

This isn't something I'm running into, so I'm going to close this for now. I'd happily take a PR that makes this work without changing too much code. If you decide to tackle it, feel free to reopen or open a new issue.

@splashx
Copy link

splashx commented Jul 29, 2017
edited

This issue is still existing while trying to run the example in a machine (Ubuntu 16.04) which can only go out to the internet via proxy:

iex(1)> Slack.Bot.start_link(SlackRtm, [], "xoxb-xxxxxxxxx")
{:error, "Timed out while connecting to the Slack RTM API"}

$ export | grep -i PROXY
declare -x http_proxy="http://100.120.70.70:3128"
declare -x https_proxy="http://100.120.70.70:3128"

$ cat /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
http_proxy=http://100.120.70.70:3128
https_proxy=http://100.120.70.70:3128

@BlakeWilliams Could you please reopen the issue?

@dapdizzy
Copy link
Author

dapdizzy commented Jul 29, 2017 via email

@splashx
Copy link

splashx commented Jul 29, 2017
edited

httpoison supports it, so it's possible to be implemented OoTB in these .ex files.

I don't even think it's required to check "when proxy is in env" - an empty value for :proxy will totally ignore it. The standard for pretty much any sofware and language is to look up http_proxy/HTTP_PROXY and/or https_proxy/HTTPS_PROXY from System env..

@dapdizzy
Copy link
Author

dapdizzy commented Jul 29, 2017 via email

@splashx
Copy link

splashx commented Jul 29, 2017

I've gone as far as hitting this issue in the websockets_client project. Apparently abandoned :(

@dapdizzy
Copy link
Author

dapdizzy commented Jul 29, 2017 via email

@splashx splashx mentioned this issue Jul 29, 2017
Open
@splashx
Copy link

splashx commented Jul 29, 2017

@dapdizzy if you take a look at the project fork timeline one wonders if we should AT ALL deal with @jeremyong - maybe it's worth using @sanmiguel (meaning it still lives) - I've opened an issue there too. @BlakeWilliams what's your opinion on that?

@splashx
Copy link

splashx commented Jul 29, 2017
edited

Update: apparently it's already upstream via sanmiguel's so let's move the discussion there.

@dapdizzy
Copy link
Author

dapdizzy commented Jul 29, 2017 via email

@BlakeWilliams
Copy link
Owner

Of course it does. Author just ignored the description and pretended it was
all good.

This isn't a problem I have personally ran into so I don't have much interest in tracking it down honestly. Like I mentioned before, I'm happy to accept a PR for it and maintain it.

We're using @sanmiguel's fork since it's actively maintained and has a lot of improvements over the original. Tracking the issue you opened and seeing where that goes is likely the first step in getting this resolved.

@splashx
Copy link

splashx commented Jul 29, 2017

@BlakeWilliams I understand you have not faced the issue, but it exists - having it marked as closed is most likely not the best feedback for those relying on the lib and running apps behind corporate proxies, though, because the issue exists.

@dapdizzy
Copy link
Author

dapdizzy commented Jul 29, 2017 via email

@BlakeWilliams BlakeWilliams reopened this Jul 29, 2017
@BlakeWilliams
Copy link
Owner

@splashx That's fair, it also seemed like the issue was somewhat dead until today. :)

I just reopened it since there seems to be progress.

@splashx splashx mentioned this issue Jul 31, 2017
Open
@dapdizzy
Copy link
Author

dapdizzy commented Feb 5, 2018
edited

I'm debugging the issue right now and it seems to fail on the call to ssl:connect/4 in websocket_client library.
The Proxy itself it pibked up from the http_proxy environment variable (which can be set in the command line prompt before starting the bot app, for example).
The value is handler properly and is passed as a proxy option in a call to httpc:set_options([{proxy, {{ProxyAddress, PortNumber}, ["localhost"]}}]). I set the corporate proxy without setting my credentials in the url (in the format of http://[username]:[password]@proxyurl:[proxy_port]. As per my experience Elixir/Erlang does not make use of proxy without credentials attached, so my suspect is that ssl:connect fails with {error, timeout} because it fails to reach the url through the proxy without credentials (something like that). In due time I will try to provide my credentials in the proxy url, but right now I have no idea how to do that because my password now contains @# symbols and at least @ should be escaped as it is used as a separator between [user]:[password]@[proxyurl] in the http_proxy value. All workarounds which I was able to find googling StackOverflow didn't work for me.

So, basically, there are two questions:

  1. Would the proxy work with credentials specified in the proxy url
  2. How can we pass the proxy (and ideally proxy_auth options) to the ssl:connect/4 call as it seems to be the place when the whole sequence breaks.

I mean, probably, we could set the options for some other Erlang module that is used under the hood inside the ssl module and thus come over this issue.

If you have any idea on how to do it, please drop a line with a hind. I would appreciate that. Thanks!

@acconrad
Copy link
Collaborator

@dapdizzy do you want to create a PR to address this? been 2 years and wondering if this is still a problem

@dapdizzy
Copy link
Author

dapdizzy commented Feb 27, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@BlakeWilliams @acconrad @splashx @dapdizzy