Add support for GuzzleHTTP 'no' proxy

[mlatief]

The custom config allows to setup a proxy URI that is passed to GuzzleHTTP client as request options. Guzzle has the option to receive an array of proxies for each URI scheme as well as 'no' key value pair
to provide a list of host names that should not be proxied to.

Guzzle would automatically populate this value with environment's NO_PROXY environment variable. However, when providing a 'proxy' request option, it is needed to provide the 'no' value.

More info:
http://docs.guzzlephp.org/en/stable/request-options.html#proxy

This commit will add support for new config 'proxyexclude', which takes a list of host names to be excluded.

It will also get 'proxy' request option as and array instead of a string to Guzzle, and populate 'http' and 'https' URI schemas with proxy URI, and 'no' with 'proxyexclude' list.

Should fix: #12402

Signed-off-by: Mohammed Abdellatif m.latief@gmail.com

[kesselb]

Thank you for taking care of this 👍

[kesselb]

We might add some hint like:

Use something like explode(',', getenv('NO_PROXY')) to sync this value with the global NO_PROXY option.

[kesselb]

@mlatief could you rebase the branch? Thanks 👍

[juliusknorr]

@mlatief Thanks a lot for this. Mind to do another rebase to trigger the CI again?

[juliusknorr]

Thanks, failures seem unrelated.

[kesselb]

Ah. I broke NO_PROXY and HTTPS_PROXY support with #14363 🙈

1. https://github.com/nextcloud/3rdparty/blob/d583bf2a4b2db903846bfbf1600f69f3b4b60702/guzzlehttp/guzzle/src/Client.php#L261-L268 Guzzle will read HTTPS_PROXY and NO_PROXY by default and use their values as default.

2. A request from Nextcloud will pass a array with proxy, verify and timeout. If there is no proxy configured with Nextcloud the value for proxy is null.

3. https://github.com/nextcloud/3rdparty/blob/d583bf2a4b2db903846bfbf1600f69f3b4b60702/guzzlehttp/guzzle/src/Client.php#L320 sometime we will hit this code where $options are the values passed from Nextcloud and $defaults are the defaults from guzzle.

Take this a example:

<?php

$defaults = [
    'proxy' => ['https' => '127.0.0.1', 'no' => 'mydomain.com']
];

$options = [
    'proxy' => null
];

var_dump($options + $defaults);

Result:

array(1) {
  ["proxy"]=>
  NULL
}

To restore the default guzzle behaviour we MUST not set proxy as request option if there is no one. I can shoot another pr if this one is merged or @mlatief is willing clean up my mess ;)

[mlatief]

Would it be enough for example to modify this:

server/lib/private/Http/Client/Client.php

Lines 68 to 73 in 86047bf

	$defaults = [
	RequestOptions::PROXY => $this->getProxyUri(),
	RequestOptions::VERIFY => $this->getCertBundle(),
	RequestOptions::TIMEOUT => 30,
	];

and set proxy only if Nextcloud is configured to use one?

Also I would be interested in adding a test case for this, however I can't easily figure out a way to send the request to guzzle and see what values it used for proxy (or other options for that matter).

[kesselb]

Yes that's the right place. I'm not sure how to realize a test. But we actually should not test that guzzle is behaving correctly. Just ensure we pass the right data.

[mlatief]

Now there is a check if getProxyUri() returns null before adding 'proxy' key.

In the process, I was reconsidering if 'proxy' should revert back to be just a URI string. However, that would mean that if Nextcloud is configured to use a 'proxy', there won't be an easy way
to configure NO_PROXY hosts.

Do you think if proxyexclude is empty we should read NO_PROXY, something akin to: https://github.com/nextcloud/3rdparty/blob/7f4a8f54d850a92e50e143d8ef4d59ae8cca73ac/guzzlehttp/guzzle/src/Client.php#L265 ? For now I just added a note to proxy configuration in the sample config file.

[kesselb]

Good point 👍

I don't know to be honest. Guzzle uses + to combine the data but this is not recursive. I think the best we can do is:

1. We don't have any proxy information: Don't pass proxy to Guzzle so the defaults are used.
2. A proxy is defined: Pass proxy to Guzzle and add a warning to the docs that NO_PROXY is ignored for Nextcloud requests.

We are able to read a NO_PROXY value as fallback (for example if proxyexclude is not defined) but that mixes explicit and implicit configuration. For example: HTTPS_PROXY and NO_PROXY are defined. Admin want Nextcloud to use a different proxy. The NO_PROXY value does not work for the other proxy. With a fallback we would use the NO_PROXY value also for the other proxy.

I would prefer: If a proxy is defined with Nextcloud also proxyexclude must be defined. A admin can still use getenv(NO_PROXY) to keep the value in sync with the system wide default. If we document it probably everyone should be happy.

[kesselb]

Guzzle (the http library used by Nextcloud) is reading the environment variables HTTP_PROXY (only for cli request), HTTPS_PROXY and NO_PROXY by default.

If you configure proxy with Nextcloud any default configuration by Guzzle is overwritten. Make sure to set proxyexclude accordingly if necessary.

[kesselb]

Suggested change

	if( $proxy !== null ) {
	if($proxy !== null) {

[kesselb]

https://github.com/nextcloud/3rdparty/blob/d583bf2a4b2db903846bfbf1600f69f3b4b60702/guzzlehttp/guzzle/src/Client.php#L265-L268

If getenv('NO_PROXY') is empty the no element is not set. We should probably do the same. Only set no if there is a value for proxyexclude.

[welcome]

Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22