Proxy Support [Solved]

New features which should be implemented in Porteus Kiosk Edition and the kiosk wizard.
jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Proxy Support [Solved]

Post#1 by jmalon » 25 Mar 2013, 17:00

Which method would you suggest for utilizing our DansGuardian proxy server in PKE? Modify the Mozilla preference file or use a global setting in something like /etc/profile? Thank you for your help.

When running the kiosk wizard, I see that /tmp/kiosk-creator/003/usr/lib/firefox-19.0.2/defaults/pref/pklock-settings.js is created. Can I add the following lines to pklock-settings.js to utilize the proxy server in Firefox?

user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);


Update Slackware Behind A Proxy
http://www.unixmen.com/update-slackewar ... d-a-proxy/


And then run /tmp/custom-kiosk/porteus/make_iso.sh to create the new ISO.
Last edited by jmalon on 02 Apr 2013, 18:34, edited 1 time in total.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#2 by jmalon » 25 Mar 2013, 18:53

I think I'm a bit closer to getting this figured out using this post:

Firefox Add ons?
viewtopic.php?f=102&t=1741

1. I've unsquashed the 003-settings.xzm file using unsquashfs 003-settings.xzm.
2. I've edited the /tmp/custom-kiosk/porteus/base/squashfs-root/home/guest/.mozilla/firefox/c3pp43bg.default/prefs.js file to add the proxy settings:

user_pref("network.proxy.ftp", "proxy.example.com");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);

3. From within /tmp/custom-kiosk/porteus/base I've run sudo mksquashfs squashfs-root 003-settings.xzm -b 256K -Xbcj x86 -noappend to squash the file.

Problem: I'm receiving the message "mksquashfs: Unrecognised compressor option -Xbcj
mksquashfs: Did you forget to specify -comp, or specify it after the compressor specific option?"

I'm using Linux Mint 13 (maya) with kernel 3.2.0-39-generic.
Last edited by jmalon on 27 Mar 2013, 20:53, edited 1 time in total.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4548
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Proxy Support

Post#3 by fanthom » 25 Mar 2013, 19:29

Can I add the following lines to pklock-settings.js to utilize the proxy server in Firefox?
afaik this file should be encrypted by the wizard (brokenman implemented this feature so he will know better)
I've unsquashed the 003-settings.xzm file using unsquashfs 003-settings.xzm.
glad to see that you are learning fast :)
003-settings.xzm is crucial as whole /home/guest directory gets deleted after each firefox restart (to make sure we start clean) and essential files are unpacked from 003-settings.xzm. please have a look on /etc/xdg/openbox/autostart and you'll know everything.
Problem: I'm receiving the message "mksquashfs: Unrecognised compressor option -Xbcj
you can safely skip '-Xbcj x86' arguments. the only downside is that your module will be a bit bigger and slower to decompress.

btw: you could ask Mint devs to recompile kernel with:

Code: Select all

CONFIG_XZ_DEC_X86=y
which will produce smaller and faster (for decompression) xz archives.

btw2: i believe that brokenman has proxy support on his TODO list. not sure when it'll be implemented so feel free to experiment with kiosk in the mean time :)
Please add [Solved] to your thread title if the solution was found.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#4 by jmalon » 25 Mar 2013, 20:33

I tried it without -Xbcj x86. It squashed without any errors. I built the ISO, but the proxy settings don't seem to have taken effect. I'll keep working on it.

Thank you for your help!

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#5 by jmalon » 25 Mar 2013, 21:12

I tried again after rebooting to clear out /tmp. I get the same result. I'm pretty sure I'm doing the steps correctly. Perhaps PKE doesn't recognize proxy.example.com, so I should use the IP address instead. I'll give it a try and post what I find.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#6 by jmalon » 25 Mar 2013, 21:35

I repeated the process using the IP address instead of proxy.example.com and have the same issue. Seems like it should work, but it doesn't. I'll keep working on it.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4548
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Proxy Support

Post#7 by fanthom » 25 Mar 2013, 21:48

maybe firewall is blocking your proxy port?
please have a look at /etc/rc.d/rc.FireWall from 003-settings.xzm which ports are allowed.

btw: you can disable firewall completely through the wizard or manually be taking off exec bit from rc.FireWall script.
Please add [Solved] to your thread title if the solution was found.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#8 by jmalon » 25 Mar 2013, 22:00

I've also tried adding proxy="http://xxx.xxx.xxx.xxx:3128" to the end of the append line in isolinux.cfg in /tmp/custom-kiosk/boot/isolinux and rebuilding the ISO file. Still no luck. :wall:

Just tried http_proxy="http://xxx.xxx.xxx.xxx:3128" too. No change.
Last edited by jmalon on 25 Mar 2013, 22:09, edited 1 time in total.

User avatar
brokenman
Site Admin
Site Admin
Posts: 5439
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: Proxy Support

Post#9 by brokenman » 25 Mar 2013, 22:06

You can add these settings to prefs.js and they should work. The lockdown file overrides anything in the pref.js file but there is nothing in there that would affect proxies. You can't add anything to the lockdown file as it is encrypted during the wizard process. Seeing port 3128 i agree with fanthom, probably the firewall.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#10 by Hamza » 25 Mar 2013, 22:09

Port 3128 is a proxy port used by Squid. An authentication is certainly needed.
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#11 by jmalon » 25 Mar 2013, 22:20

Our pfSense firewall makes all our IP addresses (a few exceptions) go through the proxy server to filter "bad" sites. We don't use authentication on our proxy servers. These are the same settings I use on our Windows PCs and my Linux Mint box to get to the Internet through our proxy servers. Our proxy servers are DansGuardian and Squid3 on Ubuntu servers.

The settings below are ones that I took from my Linux Mint Firefox settings (prefs.js) that are working.

user_pref("network.proxy.ftp", "xxx.xxx.org");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "xxx.xxx.org");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "xxx.xxx.org");
user_pref("network.proxy.socks_port", 3128);
user_pref("network.proxy.ssl", "xxx.xxx.org");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);
Last edited by Hamza on 25 Mar 2013, 22:24, edited 1 time in total.
Reason: Deleted sensitive infos

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#12 by Hamza » 25 Mar 2013, 22:26

Can you put these settings on a standard firefox running on a standard Porteus ISO and tell us if that works or not?
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#13 by jmalon » 25 Mar 2013, 22:36

Will do. I'll try to do it first thing tomorrow. Have to get home to the wife and kids.

Thank you all again for your help on this!!!

User avatar
fanthom
Site Admin
Site Admin
Posts: 4548
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Proxy Support

Post#14 by fanthom » 25 Mar 2013, 22:41

@guys
Kiosk has internal firewall builtin so unless disabled wont let you connect to port 3128.
please read my previous post once again how to do it.
Please add [Solved] to your thread title if the solution was found.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#15 by jmalon » 26 Mar 2013, 14:39

Sorry, I completely missed the firewall post. I'll try that today too.

Post Reply