Kiosk 4.8.0 not properly applying proxy autoconfiguration script settings
Posted: 17 May 2019, 00:57
We're trying to get Porteus Kiosk 4.8.0 set up behind a proxy with remote management enabled, but after enabling the proxy server settings, we're having some trouble getting the kiosk to download the kiosk-config.txt file both during the setup process and after the next boot. Our proxy.pac file is configured so that all HTTP traffic goes to port 8080 on the proxy server, and all HTTPS traffic goes to port 8443 - except for traffic to the server hosting the config files, which is sent direct. During the setup process, the kiosk is able to download the proxy.pac and Chrome just fine, but then past that it just can't seem to get the kiosk-config.txt. The kiosk just displays an error message that says "Server is not accessible or remote file is not present on it". Interestingly enough, however, Chrome is able to successfully access the kiosk-config. I think the proxy configuration is not being properly applied at the OS level. In order to complete the setup wizard, I copied the kiosk-config.txt file from our webserver and put it on a thumbdrive, then loaded it onto the kiosk that way.
To test whether or not the proxy server settings were being correctly applied, I first enabled SSH and used the Ctrl+Alt+F1 shortcut to get a command shell. I ran the command and it failed to download the file with error 502 Proxy Error. TMG denied the specified URL (12202); further examination showed that wget connected to the proxy server instead of directly to <config_server_ip>! That's not correct based on our proxy.pac configuration, so I verified that the kiosk had gotten a complete and proper copy of the proxy.pac with the command The readout of this file matched the proxy.pac on the server exactly. gave me an output of DIRECT, as expected. However, when I run the command it returned both values as http://<proxy_server_ip>:8080; shouldn't the $https_proxy variable contain https://<proxy_server_ip>:8443 instead, like in our proxy.pac? Further, if I run the command the output only contains localhost,127.0.0.1, and does not include <config_server_ip>. If I use the command to set $https_proxy to https://<proxy_server_ip>:8443, as well as add <config_server_ip> to $no_proxy, then run the wget command (from above) again, it will successfully download the proxy-config.txt file without error. Porteus Kiosk does not appear to be correctly parsing and applying the settings in the proxy.pac to the OS's proxy settings.
As a workaround, I tried adding to our kiosk-config.txt, but that made no difference and Porteus Kiosk still failed to download the config files.
Is there anything else we can try to get this working? We're hoping to deploy these kiosks in production as soon as we can once this issue is resolved. Thank you in advance for your assistance!
Here's a redacted copy of our proxy.pac:
And here's a redacted copy of our kiosk-config.txt:
To test whether or not the proxy server settings were being correctly applied, I first enabled SSH and used the Ctrl+Alt+F1 shortcut to get a command shell. I ran the command
Code: Select all
wget http://<user>:<pass>@<config_server_ip>/kiosk-config.txt
Code: Select all
cat /opt/scripts/proxy.pac
Code: Select all
pactester -p /opt/scripts/proxy.pac -u http://<config_server_ip>/proxy/proxy.pac
Code: Select all
echo $http_proxy; echo $https_proxy
Code: Select all
echo $no_proxy
Code: Select all
export
As a workaround, I tried adding
Code: Select all
run_command=export http_proxy="172.16.216.2:8080"; export https_proxy="172.16.216.2:8443"; export no_proxy="localhost,127.0.0.1,172.16.1.104"
Is there anything else we can try to get this working? We're hoping to deploy these kiosks in production as soon as we can once this issue is resolved. Thank you in advance for your assistance!
Here's a redacted copy of our proxy.pac:
Code: Select all
function FindProxyForURL(url, host) {
if (shExpMatch(host, "<config_server_ip>")) {
return "DIRECT";
}
if (shExpMatch(url, "https://*")) {
return "PROXY <proxy_server_ip>:8443; PROXY <proxy_server_fqdn>:8443";
} else {
return "PROXY <proxy_server_ip>:8080; PROXY <proxy_server_fqdn>:8080";
}
}
Code: Select all
connection=wired
dhcp=yes
browser=chrome
homepage_check=Kiosk is not available - please ask for assistance
session_idle=10
scheduled_action=Monday-18:00 Tuesday-18:00 Wednesday-18:00 Thursday-18:00 Friday-18:00 action:halt
allow_popup_windows=yes
rtc_wake=Monday-06:00 Tuesday-06:00 Wednesday-06:00 Thursday-06:00 Friday-06:00
timezone=America/Chicago
screensaver_idle=1
slide_duration=12
root_password=Password1
additional_components=uefi.zip 06-fonts.xzm 08-ssh.xzm
removable_devices=yes
enable_file_protocol=yes
shutdown_menu=reboot restart-session
homepage=http://<corporate_kiosk_portal_url>
kiosk_config=http://<user>:<pass>@<config_server_ip>/kiosk-config.txt
wallpaper=http://<user>:<pass>@<config_server_ip>/wallpaper.jpg
# screensaver_video=http://<config_server_ip>/proxy/KioskAttract.mp4
screensaver_archive=http://<user>:<pass>@<config_server_ip>/Slideshow.zip
proxy_config=http://<config_server_ip>/proxy/proxy.pac
debug=yes