New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation behind proxy #230
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR, and apologies for the late review! I like the sudo -E change, but left comments about the other change.
@yuvipanda Thanks for the review. I am sure you are busy with many other projects and I have appreciated your assistance. When I get home, I will look at moving the issues to a new section of troubleshooting, as suggested. The issues in the two cloud solutions are about restarting problems, where mine are about installation problems. If we like the issues there, I would still suggest a "red flag or warning" in the installation instructions that says something like, "if you need to go through a proxy" to reach github/PyPI, ... see the trouble-shooting section, first - so the user does not have to wait until it fails to learn about how to set up the proxy. Some time in the next few days, I plan to reuse a different VM and will re-run this exercise, so that I can experiment with whether both http_proxy and https_proxy where needed. Does anybody know how |
I think that's ok, hopefully those sections will grow to include more troubleshooting tips in the future!
This sounds good to me. We can also possibly put this warning in bootstrap.py itself, if we can find ways to detect it.
This is awesome and thank you for doing this. I'd count this as two separate things - HTTP / HTTPS proxy, and the certificates on the machine.
Can you tell me what aspects of security you are referring to? |
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates
sudo npm config set strict-ssl false The first line seemed to make the http stuff work. |
seems extremely dangerous, since it basically turns off HTTPS certificate validation for npm (per https://docs.npmjs.com/misc/config#strict-ssl). I would be somewhat hestitant to recommend anyone do that in TLJH. Do you have any idea from your IT department (or whoever has setup these restrictions) what exactly they have done and why? |
:) That is why I asked. Researching... |
Relax the item about public IP address? Currently the install does **not** report "Done!"
@yuvipanda If it is ok with you, I will close this PR, and give you a different one that I think addresses these issues. But I have two questions before that.
|
@fm75 that sounds like a good idea! re: 'public IP', perhaps something like 'a way to access the instance from your browser (such as a public IP)'? |
Ok - will tweak requirement 4 slightly. |
@yuvipanda - I hope this properly addresses your concerns. Hoping to get this done so I can move onto the trouble-shooting issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with the text, but I would like this to be under docs/troubleshooting/providers/custom-server.rst, and a link to that from here instead.
This addresses issue #219.
Perhaps you won't consider this within the existing requirements because it does not strictly meet Pre-requisite 4 - a Public IP address. If we relax the public to mean that it is reachable from your audience, which is on the same private side of a proxy or proxies, then I think this is a good modification.
I thought about offering several choices for a one-line installer something like:
but exporting the proxy information will be needed by the installer once bootstrap runs it.
Is there a better answer for the
npm
issue than just going insecure?Any suggestions welcome.