Difference between revisions of "Features/Proxy Settings"

From Sugar Labs
Jump to navigation Jump to search
(Merged!)
 
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<noinclude>[[Category:Feature Ready for Release Manager]]
+
<noinclude>
 
[[Category:Feature|Proxy Settings]]
 
[[Category:Feature|Proxy Settings]]
 
</noinclude>
 
</noinclude>
Line 9: Line 9:
 
== Owner ==
 
== Owner ==
  
[[User:sascha_silbe|Sascha Silbe]]
+
 
 +
[[User:sascha_silbe|Sascha Silbe]], [[User:ajay_garg|Ajay Garg]] (ajay@activitycentral.com), [[User:ManashRaja|Manash Pratim Das]]
  
 
== Current status ==
 
== Current status ==
  
* Targeted release: 0.98
+
* Targeted release: 0.110
* Last updated: 2012-02-14
+
* Last updated: 2016-04-18
* Percentage of completion: 95%
+
* Percentage of completion: 100% and merged
 +
 
 +
Merged into something that will probably be 0.110
  
 
== Detailed Description ==
 
== Detailed Description ==
Line 22: Line 25:
 
Sugar and activities to use. While we'd like the system to work that all
 
Sugar and activities to use. While we'd like the system to work that all
 
out automatically (e.g. using [https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol WPAD]), this often isn't possible. Common
 
out automatically (e.g. using [https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol WPAD]), this often isn't possible. Common
reasons include legacy ("inherited") setups and network uplinks simply being
+
reasons include legacy ("inherited") setups and network uplinks being
out of control of the user respectively deployment.
+
out of control of the user.
  
 
The existing Network Control Panel is enhanced by adding a new section for the
 
The existing Network Control Panel is enhanced by adding a new section for the
 
proxy settings. For consistency between Sugar and Gnome, the basic layout of
 
proxy settings. For consistency between Sugar and Gnome, the basic layout of
 
the Gnome 3 proxy settings has been mirrored: A combo box allows the user to
 
the Gnome 3 proxy settings has been mirrored: A combo box allows the user to
select how the proxy setting should be determined (None=direct connection,
+
select how the proxy setting should be determined (None=no proxy settings,  
Automatic=WPAD or PAC, Manual=enter host names and ports for each protocol).
+
Use system proxy=let proxy be set by other means, Automatic=WPAD or PAC,  
 +
Manual=enter host names and ports for each protocol).
 
Based on which method was selected, additional configuration options are
 
Based on which method was selected, additional configuration options are
 
presented to the user.
 
presented to the user.
  
The settings are stored via gconf, using the same keys as Gnome 2.
+
The settings are stored in 'GSettings' and passed to activities using the 'http_proxy' and similar variables.
  
 
== Benefit to Sugar ==
 
== Benefit to Sugar ==
  
See [[#Detailed Description|Detailed Description]].
+
Widens the environment where Sugar may be used, by removing a reason why Sugar cannot be used in managed information technology environments.
  
 
== Scope ==
 
== Scope ==
Line 43: Line 47:
 
Modifying the existing Network Control Panel.
 
Modifying the existing Network Control Panel.
  
== UI Design ==
+
== "Manual" mode==
  
The Feature adds a new section to the Network Control Panel.
+
* Fill in the settings "manually", and restart when prompted so.
 +
:[[File:Manual1-proxy.png|1200px]]
  
[[File:Proxy-section-1.png|center|600px|Upper part of the Network Control Panel]]
 
[[File:Proxy-section-2.png|center|600px|No proxy (direct connection)]]
 
[[File:Proxy-section-3.png|center|600px|Automatic proxy selection (WPAD)]]
 
[[File:Proxy-section-4.png|center|600px|Manual proxy settings (no authentication)]]
 
[[File:Proxy-section-5.png|center|600px|Manual proxy settings (with authentication)]]
 
  
For comparison, this is what the Gnome 3 proxy settings dialog looks like:
+
* Now open "www.google.com" shoud open.
 +
:[[File:Google-proxy.png|1200px]]
  
[[File:Gnome-3-proxy-settings.png|600px]]
 
  
== How To Test ==
+
== Automatic mode - PAC==
  
* Proxy configuration can be done in three ways:
+
* Fill in the URL of the proxy-file, and restart when prompted so.
 +
:[[File:Auto-proxy.png|1200px]]
  
::: '''Explicit Proxy''' – A single proxy is specified in the browser with a literal proxy bypass list.
 
::: '''PAC File''' – The location of a PAC file is specified (e.g. hosted locally or on a web server) in the browser. The PAC file can provide proxy fail-over support, advanced proxy bypass support , and much more (see below).
 
::: '''WPAD''' – Only requiring a check box be selected in the browser, the browser may use DHCP or DNS in attempt to guess the location of the PAC file.
 
  
 +
* Now open "www.google.com" shoud open.
 +
:[[File:Google-proxy.png|1200px]]
  
* Go to mysettings
 
  
[[File:testproxysupport-mysettings.png|400px]]
 
  
  
* Click network button
+
==Automatic mode - WPAD==
 
 
[[File:testproxysupport-network.png|400px]]
 
 
 
 
 
* Select mode of proxy ( automatic / manual )
 
 
 
[[File:testproxysupport-modeview.png|400px]]
 
 
 
 
 
[[File:testproxysupport-modeselector.png|400px]]
 
 
 
 
 
* Manual mode
 
 
 
[[File:testproxysupport-form.png|400px]]
 
 
 
 
 
===Automatic mode - WPAD===
 
  
 
* Motive
 
* Motive
** To provide proxy-configuration, without needing the client-user to enter the location of proxy-configuration file herself.
+
** To provide proxy-configuration, without needing the client-user
 +
*** to manualyy enter the proxy-settings ('''Manual''' mode)
 +
*** to manually enter the location of proxy-configuration file herself ('''Automatic (PAC)''' mode).
  
  
 
* Benefits
 
* Benefits
** By not needing the client-user to manually specify the proxy-configuration file, every client-user is saved  a headache :) Instead, all the configuration is done via a network-administrator, on the server-side.
+
** By not needing the client-user to manually specify the settings, every client-user is saved  a headache :) Instead, all the configuration is done via a network-administrator, on the server-side.
** By delegating the responsibility of speiciying every proxy-rule (even the proxy-configuration file) to the network-administrator, security is increaded dramatically.
+
** By delegating the responsibility of specifying every proxy-rule (even the proxy-configuration file) to the network-administrator, security is increased dramatically.
  
  
 
* Notes
 
* Notes
** Setting this particular mode( (Automatic Proxy) is quite complicated; and many possibilities exist. '''However, the bottom-rule is, client should himself not need to specifiy the location of proxy-configuration file as per say'''.
+
** Setting this particular mode ('''Automatic-WPAD''' Proxy) is quite complicated; and many possibilities exist. '''However, the bottom-rule is, client should himself not need to specifiy the location of proxy-configuration file as per say'''.
  
  
 
* Testing (one of the possible ways :) )
 
* Testing (one of the possible ways :) )
** To verify that current dextrose-4 supports Auto-WPAD mode, we test using the method, as per the following 4 requirements, as listed at http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol#Requirements ::
+
** '''(For those not interested in the technicalities, please proceed to the next bullet :D)''' To verify that current dextrose-4 supports Auto-WPAD mode, we test using the method, as per the following 4 requirements, as listed at http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol#Requirements ::
 
***In order to use the DNS only method, a DNS entry is needed for a host named WPAD.
 
***In order to use the DNS only method, a DNS entry is needed for a host named WPAD.
 
***The host at the WPAD address must be able to serve a Web page.
 
***The host at the WPAD address must be able to serve a Web page.
Line 111: Line 93:
 
***If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory.
 
***If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory.
  
=Automatic mode - WPAD=
+
 
 +
* Select "Automatic" mode in "My Settings" -> "Proxy" (without specifying anything else), and restart when prompted so.
 +
:[[File:Wpad-proxy.png|1200px]]
 +
 
 +
 
 +
* The above step is all that is needed for "Automatic (WPAD)" mode to  take effect; the WPAD-configuration-file will be located by the DHCP/DNS Server. However, for easy QA testing,  we specify an easy way to replicate this DNS behavior ::
 +
 
 +
** Add the line "build.activitycentral.com wpad" to the file "/etc/hosts" on the XO, and reboot. '''It is repeated innumerable times, that this  step is required just for easy testing; in actual deployments, the DNS-name resolution will be provided by network-administrators/School-Server-running-DHCPD'''
 +
** Also, thanks a ton to '''Santiago Rodriguez (scollazo@activitycentral.com)''' for setting up the proxy-configuration-files at build.activitycentral.com.
  
  
 +
* Open "Browse", and type in "www.google.com". You should be prompted for credentials (suppose as required by the WPAD-configuration-file)
  
[[File:testproxysupport-wpad.png|400px]]
+
:[[File:proxy2.png|640px]]
  
[http://wiki.sugarlabs.org/go/Features/Automatic_Proxy_Settings#WPAD_-_Web_Proxy_Autodiscovery WPAD Web Proxy AutoDiscovery]
 
  
 +
* Entering wrong credentials in the previous step, re-prompts :). This time, enter correct credentials.
 +
:[[File:proxy3.png|640px]]
  
* Open Browse activity with a white-listed page ( google.com in this example )
 
  
[[File:testproxysupport-google.png|400px]]
+
* The page opens successfully.
 +
:[[File:Google-proxy.png|1200px]]
  
 +
==Settings verification==
  
* Open Browse activity with a black-listed page ( facebook.com in this example )
+
The proxy settings entered by user are verified before saving to prevent accidental change in proxy settings.
 +
* For "manual" type the proxy host addresses are pinged to check for their existence.
 +
* For "auto" type the existence of the *.pac file is checked.
 +
If the above verification fails then the user is prompted with an alert message and option to either "Break the Internet connection" or "Reset".
  
[[File:testproxysupport-facebook.png|400px]]
+
* Manual proxy verification failed:
 +
:[[File:Manual-proxy-error.png|640px]]
  
:: NOTE: The proxy setup will persist even if a user switches to Gnome Desktop, because the way it is setup, is the natural way gnome does too ( GCONF )
+
* Auto proxy verification failed:
 +
:[[File:Auto-proxy-error.png|640px]]
  
 
== User Experience ==
 
== User Experience ==

Latest revision as of 06:02, 9 May 2016


Summary

Allow the user to configure proxy settings using the Sugar Control Panel.

Owner

Sascha Silbe, Ajay Garg (ajay@activitycentral.com), Manash Pratim Das

Current status

  • Targeted release: 0.110
  • Last updated: 2016-04-18
  • Percentage of completion: 100% and merged

Merged into something that will probably be 0.110

Detailed Description

Both individual users and deployments need to be able to set a proxy for Sugar and activities to use. While we'd like the system to work that all out automatically (e.g. using WPAD), this often isn't possible. Common reasons include legacy ("inherited") setups and network uplinks being out of control of the user.

The existing Network Control Panel is enhanced by adding a new section for the proxy settings. For consistency between Sugar and Gnome, the basic layout of the Gnome 3 proxy settings has been mirrored: A combo box allows the user to select how the proxy setting should be determined (None=no proxy settings, Use system proxy=let proxy be set by other means, Automatic=WPAD or PAC, Manual=enter host names and ports for each protocol). Based on which method was selected, additional configuration options are presented to the user.

The settings are stored in 'GSettings' and passed to activities using the 'http_proxy' and similar variables.

Benefit to Sugar

Widens the environment where Sugar may be used, by removing a reason why Sugar cannot be used in managed information technology environments.

Scope

Modifying the existing Network Control Panel.

"Manual" mode

  • Fill in the settings "manually", and restart when prompted so.
Manual1-proxy.png


  • Now open "www.google.com" shoud open.
Google-proxy.png


Automatic mode - PAC

  • Fill in the URL of the proxy-file, and restart when prompted so.
Auto-proxy.png


  • Now open "www.google.com" shoud open.
Google-proxy.png



Automatic mode - WPAD

  • Motive
    • To provide proxy-configuration, without needing the client-user
      • to manualyy enter the proxy-settings (Manual mode)
      • to manually enter the location of proxy-configuration file herself (Automatic (PAC) mode).


  • Benefits
    • By not needing the client-user to manually specify the settings, every client-user is saved a headache :) Instead, all the configuration is done via a network-administrator, on the server-side.
    • By delegating the responsibility of specifying every proxy-rule (even the proxy-configuration file) to the network-administrator, security is increased dramatically.


  • Notes
    • Setting this particular mode (Automatic-WPAD Proxy) is quite complicated; and many possibilities exist. However, the bottom-rule is, client should himself not need to specifiy the location of proxy-configuration file as per say.


  • Testing (one of the possible ways :) )
    • (For those not interested in the technicalities, please proceed to the next bullet :D) To verify that current dextrose-4 supports Auto-WPAD mode, we test using the method, as per the following 4 requirements, as listed at http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol#Requirements ::
      • In order to use the DNS only method, a DNS entry is needed for a host named WPAD.
      • The host at the WPAD address must be able to serve a Web page.
      • In both cases, the Web server must be configured to serve the WPAD file with a MIME type of "application/x-ns-proxy-autoconfig".
      • If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory.


  • Select "Automatic" mode in "My Settings" -> "Proxy" (without specifying anything else), and restart when prompted so.
Wpad-proxy.png


  • The above step is all that is needed for "Automatic (WPAD)" mode to take effect; the WPAD-configuration-file will be located by the DHCP/DNS Server. However, for easy QA testing, we specify an easy way to replicate this DNS behavior ::
    • Add the line "build.activitycentral.com wpad" to the file "/etc/hosts" on the XO, and reboot. It is repeated innumerable times, that this step is required just for easy testing; in actual deployments, the DNS-name resolution will be provided by network-administrators/School-Server-running-DHCPD
    • Also, thanks a ton to Santiago Rodriguez (scollazo@activitycentral.com) for setting up the proxy-configuration-files at build.activitycentral.com.


  • Open "Browse", and type in "www.google.com". You should be prompted for credentials (suppose as required by the WPAD-configuration-file)
Proxy2.png


  • Entering wrong credentials in the previous step, re-prompts :). This time, enter correct credentials.
Proxy3.png


  • The page opens successfully.
Google-proxy.png

Settings verification

The proxy settings entered by user are verified before saving to prevent accidental change in proxy settings.

  • For "manual" type the proxy host addresses are pinged to check for their existence.
  • For "auto" type the existence of the *.pac file is checked.

If the above verification fails then the user is prompted with an alert message and option to either "Break the Internet connection" or "Reset".

  • Manual proxy verification failed:
Manual-proxy-error.png
  • Auto proxy verification failed:
Auto-proxy-error.png

User Experience

See UI Design

Dependencies

There are no new dependencies.

Contingency Plan

Users can continue to use the Gnome Control Center to configure proxy settings.

Documentation

There is no documentation beyond this page.

Release Notes

There have been no changes to public API. The Release Notes merely need to mention that users can now configure proxy settings from within Sugar. As detailed above, the UI is very similar to the Gnome UI.

Comments and Discussion