We're trying to get Porteus Kiosk 4.8.0 set up behind a proxy with remote management enabled, but after enabling the proxy server settings, we're having some trouble getting the kiosk to download the kiosk-config.txt file both during the setup process and after the next boot. Our proxy.pac file is configured so that all HTTP traffic goes to port 8080 on the proxy server, and all HTTPS traffic goes to port 8443 - except for traffic to the server hosting the config files, which is sent direct. During the setup process, the kiosk is able to download the proxy.pac and Chrome just fine, but then past that it just can't seem to get the kiosk-config.txt. The kiosk just displays an error message that says "Server is not accessible or remote file is not present on it". Interestingly enough, however, Chrome is able to successfully access the kiosk-config. I think the proxy configuration is not being properly applied at the OS level. In order to complete the setup wizard, I copied the kiosk-config.txt file from our webserver and put it on a thumbdrive, then loaded it onto the kiosk that way.
To test whether or not the proxy server settings were being correctly applied, I first enabled SSH and used the Ctrl+Alt+F1 shortcut to get a command shell. I ran the command
Code: Select all
wget http://<user>:<pass>@<config_server_ip>/kiosk-config.txt
and it failed to download the file with error
502 Proxy Error. TMG denied the specified URL (12202); further examination showed that wget connected to the proxy server instead of directly to <config_server_ip>! That's not correct based on our proxy.pac configuration, so I verified that the kiosk had gotten a complete and proper copy of the proxy.pac with the command
The readout of this file matched the proxy.pac on the server exactly.
Code: Select all
pactester -p /opt/scripts/proxy.pac -u http://<config_server_ip>/proxy/proxy.pac
gave me an output of
DIRECT, as expected. However, when I run the command
Code: Select all
echo $http_proxy; echo $https_proxy
it returned both values as http://<proxy_server_ip>:8080; shouldn't the $https_proxy variable contain https://<proxy_server_ip>:8443 instead, like in our proxy.pac? Further, if I run the command
the output only contains
localhost,127.0.0.1, and does
not include <config_server_ip>. If I use the
command to set
$https_proxy to https://<proxy_server_ip>:8443, as well as add <config_server_ip> to
$no_proxy, then run the wget command (from above) again, it will successfully download the proxy-config.txt file without error. Porteus Kiosk does not appear to be correctly parsing and applying the settings in the proxy.pac to the OS's proxy settings.
As a workaround, I tried adding
Code: Select all
run_command=export http_proxy="172.16.216.2:8080"; export https_proxy="172.16.216.2:8443"; export no_proxy="localhost,127.0.0.1,172.16.1.104"
to our kiosk-config.txt, but that made no difference and Porteus Kiosk still failed to download the config files.
Is there anything else we can try to get this working? We're hoping to deploy these kiosks in production as soon as we can once this issue is resolved. Thank you in advance for your assistance!
Here's a redacted copy of our proxy.pac:
Code: Select all
function FindProxyForURL(url, host) {
if (shExpMatch(host, "<config_server_ip>")) {
return "DIRECT";
}
if (shExpMatch(url, "https://*")) {
return "PROXY <proxy_server_ip>:8443; PROXY <proxy_server_fqdn>:8443";
} else {
return "PROXY <proxy_server_ip>:8080; PROXY <proxy_server_fqdn>:8080";
}
}
And here's a redacted copy of our kiosk-config.txt:
Code: Select all
connection=wired
dhcp=yes
browser=chrome
homepage_check=Kiosk is not available - please ask for assistance
session_idle=10
scheduled_action=Monday-18:00 Tuesday-18:00 Wednesday-18:00 Thursday-18:00 Friday-18:00 action:halt
allow_popup_windows=yes
rtc_wake=Monday-06:00 Tuesday-06:00 Wednesday-06:00 Thursday-06:00 Friday-06:00
timezone=America/Chicago
screensaver_idle=1
slide_duration=12
root_password=Password1
additional_components=uefi.zip 06-fonts.xzm 08-ssh.xzm
removable_devices=yes
enable_file_protocol=yes
shutdown_menu=reboot restart-session
homepage=http://<corporate_kiosk_portal_url>
kiosk_config=http://<user>:<pass>@<config_server_ip>/kiosk-config.txt
wallpaper=http://<user>:<pass>@<config_server_ip>/wallpaper.jpg
# screensaver_video=http://<config_server_ip>/proxy/KioskAttract.mp4
screensaver_archive=http://<user>:<pass>@<config_server_ip>/Slideshow.zip
proxy_config=http://<config_server_ip>/proxy/proxy.pac
debug=yes