Difference between revisions of "Features/Proxy Settings"
Line 97: | Line 97: | ||
* Benefits | * Benefits | ||
** By not needing the client-user to manually specify the proxy-configuration file, every client-user is saved a headache :) Instead, all the configuration is done via a network-administrator, on the server-side. | ** By not needing the client-user to manually specify the proxy-configuration file, every client-user is saved a headache :) Instead, all the configuration is done via a network-administrator, on the server-side. | ||
− | ** By delegating the responsibility of | + | ** By delegating the responsibility of specifying every proxy-rule (even the proxy-configuration file) to the network-administrator, security is increased dramatically. |
Line 110: | Line 110: | ||
***In both cases, the Web server must be configured to serve the WPAD file with a MIME type of "application/x-ns-proxy-autoconfig". | ***In both cases, the Web server must be configured to serve the WPAD file with a MIME type of "application/x-ns-proxy-autoconfig". | ||
***If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory. | ***If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory. | ||
+ | |||
+ | ** Select "Automatic" mode in "My Settings" -> "Proxy" (without specifying anything else), and restart when prompted so. | ||
+ | :[[File:proxy1.png|640px]] | ||
+ | |||
+ | |||
+ | ** The above step is all that is needed for "Automatic (WPAD)" mode to take effect; the WPAD-configuration-file will be located by the DHCP/DNS Server. However, for easy QA testing, we specify an easy way to replicate this DNS behavior :: | ||
+ | *** Add the line "build.activitycentral.com wpad" to the file "/etc/hosts" on the XO, and reboot. '''It is repeated innumerable times, that this step is required just for easy testing; in actual deployments, the DNS-name resolution will be provided by network-administrators/School-Server-running-DHCPD''' | ||
+ | *** Also, thanks a ton to '''Santiago Rodriguez (scollazo@activitycentral.com)''' for setting up the proxy-configuration-files at build.activitycentral.com. | ||
+ | |||
+ | ** Open "Browse", and type in "www.google.com". You should be prompted for credentials (as is required by the WPAD-configuration-file at build.activitycentral.com | ||
+ | :[[File:proxy2.png|640px]] | ||
+ | |||
+ | ** Entering wrong credentials in the previous step, re-prompts :). This time, enter correct credentials. | ||
+ | |||
+ | ** The page opens successfully. | ||
+ | |||
+ | * Next, type "www.facebook.com"; the "Access Denied" page is shown instantaneously, as per the rule in the WPAD-configuration-file at build.activitycentral.com | ||
+ | :[[File:proxy3.png|640px]] | ||
=Automatic mode - WPAD= | =Automatic mode - WPAD= |
Revision as of 11:16, 25 January 2013
Summary
Allow the user to configure proxy settings using the Sugar Control Panel.
Owner
Current status
- Targeted release: 0.98
- Last updated: 2012-02-14
- Percentage of completion: 95%
Detailed Description
Both individual users and deployments need to be able to set a proxy for Sugar and activities to use. While we'd like the system to work that all out automatically (e.g. using WPAD), this often isn't possible. Common reasons include legacy ("inherited") setups and network uplinks simply being out of control of the user respectively deployment.
The existing Network Control Panel is enhanced by adding a new section for the proxy settings. For consistency between Sugar and Gnome, the basic layout of the Gnome 3 proxy settings has been mirrored: A combo box allows the user to select how the proxy setting should be determined (None=direct connection, Automatic=WPAD or PAC, Manual=enter host names and ports for each protocol). Based on which method was selected, additional configuration options are presented to the user.
The settings are stored via gconf, using the same keys as Gnome 2.
Benefit to Sugar
See Detailed Description.
Scope
Modifying the existing Network Control Panel.
UI Design
The Feature adds a new section to the Network Control Panel.
For comparison, this is what the Gnome 3 proxy settings dialog looks like:
How To Test
- Proxy configuration can be done in three ways:
- Explicit Proxy – A single proxy is specified in the browser with a literal proxy bypass list.
- PAC File – The location of a PAC file is specified (e.g. hosted locally or on a web server) in the browser. The PAC file can provide proxy fail-over support, advanced proxy bypass support , and much more (see below).
- WPAD – Only requiring a check box be selected in the browser, the browser may use DHCP or DNS in attempt to guess the location of the PAC file.
- Go to mysettings
- Click network button
- Select mode of proxy ( automatic / manual )
- Manual mode
Automatic mode - WPAD
- Motive
- To provide proxy-configuration, without needing the client-user to enter the location of proxy-configuration file herself.
- Benefits
- By not needing the client-user to manually specify the proxy-configuration file, every client-user is saved a headache :) Instead, all the configuration is done via a network-administrator, on the server-side.
- By delegating the responsibility of specifying every proxy-rule (even the proxy-configuration file) to the network-administrator, security is increased dramatically.
- Notes
- Setting this particular mode( (Automatic Proxy) is quite complicated; and many possibilities exist. However, the bottom-rule is, client should himself not need to specifiy the location of proxy-configuration file as per say.
- Testing (one of the possible ways :) )
- To verify that current dextrose-4 supports Auto-WPAD mode, we test using the method, as per the following 4 requirements, as listed at http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol#Requirements ::
- In order to use the DNS only method, a DNS entry is needed for a host named WPAD.
- The host at the WPAD address must be able to serve a Web page.
- In both cases, the Web server must be configured to serve the WPAD file with a MIME type of "application/x-ns-proxy-autoconfig".
- If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory.
- To verify that current dextrose-4 supports Auto-WPAD mode, we test using the method, as per the following 4 requirements, as listed at http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol#Requirements ::
- Select "Automatic" mode in "My Settings" -> "Proxy" (without specifying anything else), and restart when prompted so.
- The above step is all that is needed for "Automatic (WPAD)" mode to take effect; the WPAD-configuration-file will be located by the DHCP/DNS Server. However, for easy QA testing, we specify an easy way to replicate this DNS behavior ::
- Add the line "build.activitycentral.com wpad" to the file "/etc/hosts" on the XO, and reboot. It is repeated innumerable times, that this step is required just for easy testing; in actual deployments, the DNS-name resolution will be provided by network-administrators/School-Server-running-DHCPD
- Also, thanks a ton to Santiago Rodriguez (scollazo@activitycentral.com) for setting up the proxy-configuration-files at build.activitycentral.com.
- The above step is all that is needed for "Automatic (WPAD)" mode to take effect; the WPAD-configuration-file will be located by the DHCP/DNS Server. However, for easy QA testing, we specify an easy way to replicate this DNS behavior ::
- Open "Browse", and type in "www.google.com". You should be prompted for credentials (as is required by the WPAD-configuration-file at build.activitycentral.com
- Entering wrong credentials in the previous step, re-prompts :). This time, enter correct credentials.
- The page opens successfully.
- Next, type "www.facebook.com"; the "Access Denied" page is shown instantaneously, as per the rule in the WPAD-configuration-file at build.activitycentral.com
Automatic mode - WPAD
- Open Browse activity with a white-listed page ( google.com in this example )
- Open Browse activity with a black-listed page ( facebook.com in this example )
- NOTE: The proxy setup will persist even if a user switches to Gnome Desktop, because the way it is setup, is the natural way gnome does too ( GCONF )
User Experience
See UI Design
Dependencies
There are no new dependencies.
Contingency Plan
Users can continue to use the Gnome Control Center to configure proxy settings.
Documentation
There is no documentation beyond this page.
Release Notes
There have been no changes to public API. The Release Notes merely need to mention that users can now configure proxy settings from within Sugar. As detailed above, the UI is very similar to the Gnome UI.