Features/Proxy Settings


Summary

Allow the user to configure proxy settings using the Sugar Control Panel.

Owner

Sascha Silbe

Current status

  • Targeted release: 0.98
  • Last updated: 2012-02-14
  • Percentage of completion: 95%

Detailed Description

Both individual users and deployments need to be able to set a proxy for Sugar and activities to use. While we'd like the system to work that all out automatically (e.g. using WPAD), this often isn't possible. Common reasons include legacy ("inherited") setups and network uplinks simply being out of control of the user respectively deployment.

The existing Network Control Panel is enhanced by adding a new section for the proxy settings. For consistency between Sugar and Gnome, the basic layout of the Gnome 3 proxy settings has been mirrored: A combo box allows the user to select how the proxy setting should be determined (None=direct connection, Automatic=WPAD or PAC, Manual=enter host names and ports for each protocol). Based on which method was selected, additional configuration options are presented to the user.

The settings are stored via gconf, using the same keys as Gnome 2.

Benefit to Sugar

See Detailed Description.

Scope

Modifying the existing Network Control Panel.

UI Design

The Feature adds a new section to the Network Control Panel.

Upper part of the Network Control Panel
No proxy (direct connection)
Automatic proxy selection (WPAD)
Manual proxy settings (no authentication)
Manual proxy settings (with authentication)

For comparison, this is what the Gnome 3 proxy settings dialog looks like:

Gnome-3-proxy-settings.png

How To Test

  • Proxy configuration can be done in three ways:
Explicit Proxy – A single proxy is specified in the browser with a literal proxy bypass list.
PAC File – The location of a PAC file is specified (e.g. hosted locally or on a web server) in the browser. The PAC file can provide proxy fail-over support, advanced proxy bypass support , and much more (see below).
WPAD – Only requiring a check box be selected in the browser, the browser may use DHCP or DNS in attempt to guess the location of the PAC file.


  • Go to mysettings

Testproxysupport-mysettings.png


  • Click network button

Testproxysupport-network.png


  • Select mode of proxy ( automatic / manual )

Testproxysupport-modeview.png


Testproxysupport-modeselector.png


  • Manual mode

Testproxysupport-form.png


Automatic mode - WPAD

  • Motive
    • To provide proxy-configuration, without needing the client-user to enter the location of proxy-configuration file herself.


  • Benefits
    • By not needing the client-user to manually specify the proxy-configuration file, every client-user is saved a headache :) Instead, all the configuration is done via a network-administrator, on the server-side.
    • By delegating the responsibility of specifying every proxy-rule (even the proxy-configuration file) to the network-administrator, security is increased dramatically.


  • Notes
    • Setting this particular mode( (Automatic Proxy) is quite complicated; and many possibilities exist. However, the bottom-rule is, client should himself not need to specifiy the location of proxy-configuration file as per say.


  • Testing (one of the possible ways :) )
    • To verify that current dextrose-4 supports Auto-WPAD mode, we test using the method, as per the following 4 requirements, as listed at http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol#Requirements ::
      • In order to use the DNS only method, a DNS entry is needed for a host named WPAD.
      • The host at the WPAD address must be able to serve a Web page.
      • In both cases, the Web server must be configured to serve the WPAD file with a MIME type of "application/x-ns-proxy-autoconfig".
      • If the DNS method is used, a file named wpad.dat must be located in the WPAD Web site's root directory.
    • Select "Automatic" mode in "My Settings" -> "Proxy" (without specifying anything else), and restart when prompted so.
Proxy1.png


    • The above step is all that is needed for "Automatic (WPAD)" mode to take effect; the WPAD-configuration-file will be located by the DHCP/DNS Server. However, for easy QA testing, we specify an easy way to replicate this DNS behavior ::
      • Add the line "build.activitycentral.com wpad" to the file "/etc/hosts" on the XO, and reboot. It is repeated innumerable times, that this step is required just for easy testing; in actual deployments, the DNS-name resolution will be provided by network-administrators/School-Server-running-DHCPD
      • Also, thanks a ton to Santiago Rodriguez (scollazo@activitycentral.com) for setting up the proxy-configuration-files at build.activitycentral.com.
    • Open "Browse", and type in "www.google.com". You should be prompted for credentials (as is required by the WPAD-configuration-file at build.activitycentral.com
Proxy2.png
    • Entering wrong credentials in the previous step, re-prompts :). This time, enter correct credentials.
    • The page opens successfully.
  • Next, type "www.facebook.com"; the "Access Denied" page is shown instantaneously, as per the rule in the WPAD-configuration-file at build.activitycentral.com
Proxy3.png

Automatic mode - WPAD

 

WPAD Web Proxy AutoDiscovery


  • Open Browse activity with a white-listed page ( google.com in this example )

 


  • Open Browse activity with a black-listed page ( facebook.com in this example )

 

NOTE: The proxy setup will persist even if a user switches to Gnome Desktop, because the way it is setup, is the natural way gnome does too ( GCONF )

User Experience

See UI Design

Dependencies

There are no new dependencies.

Contingency Plan

Users can continue to use the Gnome Control Center to configure proxy settings.

Documentation

There is no documentation beyond this page.

Release Notes

There have been no changes to public API. The Release Notes merely need to mention that users can now configure proxy settings from within Sugar. As detailed above, the UI is very similar to the Gnome UI.

Comments and Discussion