paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-01 12:33:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

puppet: Allow routing camo requests through an outgoing proxy.

Browse Source 
Because Camo includes logic to deny access to private subnets, routing
its requests through Smokescreen is generally not necessary.  However,
it may be necessary if Zulip has configured a non-Smokescreen exit
proxy.

Default Camo to using the proxy only if it is not Smokescreen, with a
new `proxy.enable_for_camo` setting to override this behaviour if need
be.  Note that that setting is in `zulip.conf` on the host with Camo
installed -- not the Zulip frontend host, if they are different.

Fixes: #20550.
(cherry picked from commit d328d3dd4d)
This commit is contained in:
Alex Vandiver
2022-01-05 11:04:21 -08:00
committed by Tim Abbott
parent cb24f93bba
commit 1d559bbffa
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/production/deployment.md
View File

@@ -672,3 +672,10 @@ Defaults to `4750` if unspecified.
The IP address that Smokescreen should bind to and listen on.
Defaults to `127.0.0.1`.
#### `enable_for_camo`
Because Camo includes logic to deny access to private subnets, routing
its requests through Smokescreen is generally not necessary. Set to
'true' or 'false' to override the default, which uses the proxy only if
it is not the default of Smokescreen on a local host.