diff --git a/misc/alpine-install.func b/misc/alpine-install.func index 874558e2f..893817a1f 100644 --- a/misc/alpine-install.func +++ b/misc/alpine-install.func @@ -138,6 +138,7 @@ network_check() { # This function updates the Container OS by running apk upgrade with mirror fallback update_os() { msg_info "Updating Container OS" + configure_http_proxy if ! $STD apk -U upgrade; then msg_warn "apk update failed (dl-cdn.alpinelinux.org), trying alternate mirrors..." local alpine_mirrors="mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org" @@ -243,7 +244,7 @@ EOF msg_ok "Customized Container" fi - echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update + echo 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/'"${app}"'.sh)"' >/usr/bin/update chmod +x /usr/bin/update post_progress_to_api } diff --git a/misc/build.func b/misc/build.func index b90c89901..9b7c9351e 100644 --- a/misc/build.func +++ b/misc/build.func @@ -1018,6 +1018,9 @@ base_settings() { fi fi + HTTP_PROXY="${var_http_proxy:-}" + HTTP_NO_PROXY="${var_http_no_proxy:-}" + MTU=${var_mtu:-""} _sd_val="${var_searchdomain:-""}" [[ -n "$_sd_val" ]] && SD="-searchdomain=$_sd_val" || SD="" @@ -1071,7 +1074,7 @@ load_vars_file() { # Allowed var_* keys local VAR_WHITELIST=( - var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl + var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain @@ -1250,6 +1253,18 @@ load_vars_file() { continue fi ;; + var_http_proxy) + if [[ -n "$var_val" ]] && ! [[ "$var_val" =~ ^https?://[^[:space:]]+(:[0-9]+)?/?$ ]]; then + msg_warn "Invalid HTTP proxy URL '$var_val' in $file, ignoring" + continue + fi + ;; + var_http_no_proxy) + if [[ -n "$var_val" ]] && [[ ! "$var_val" =~ ^[a-zA-Z0-9.*_:/-]+(,[a-zA-Z0-9.*_:/-]+)*$ ]]; then + msg_warn "Invalid no_proxy value '$var_val' in $file, ignoring" + continue + fi + ;; var_container_storage | var_template_storage) # Validate that the storage exists and is active on the current node local _storage_status @@ -1289,7 +1304,7 @@ default_var_settings() { # Allowed var_* keys (alphabetically sorted) # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) local VAR_WHITELIST=( - var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl + var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage @@ -1369,6 +1384,10 @@ var_ssh=no # var_apt_cacher_ip=http://proxy.local # var_apt_cacher_ip=https://proxy.local:443 +# HTTP/HTTPS proxy (optional - for networks requiring a proxy) +# var_http_proxy=http://proxy.local:8080 +# var_http_no_proxy=localhost,127.0.0.1,.local + # Features/Tags/verbosity var_fuse=no var_tun=no @@ -1468,7 +1487,7 @@ get_app_defaults_path() { if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) declare -ag VAR_WHITELIST=( - var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl + var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain @@ -1616,6 +1635,8 @@ _build_current_app_vars_tmp() { _ssh_auth="${SSH_AUTHORIZED_KEY:-}" _apt_cacher="${APT_CACHER:-}" _apt_cacher_ip="${APT_CACHER_IP:-}" + _http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}" + _http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}" _fuse="${ENABLE_FUSE:-no}" _tun="${ENABLE_TUN:-no}" _gpu="${ENABLE_GPU:-no}" @@ -1667,6 +1688,8 @@ _build_current_app_vars_tmp() { [ -n "$_apt_cacher" ] && echo "var_apt_cacher=$(_sanitize_value "$_apt_cacher")" [ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")" + [ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")" + [ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")" [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")" [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")" @@ -1830,7 +1853,7 @@ advanced_settings() { TAGS="community-script${var_tags:+;${var_tags}}" fi local STEP=1 - local MAX_STEP=29 + local MAX_STEP=30 # Store values for back navigation - inherit from var_* app defaults local _ct_type="${var_unprivileged:-1}" @@ -1849,6 +1872,8 @@ advanced_settings() { local _ipv6_gate="" local _apt_cacher="${var_apt_cacher:-no}" local _apt_cacher_ip="${var_apt_cacher_ip:-}" + local _http_proxy="${var_http_proxy:-}" + local _http_no_proxy="${var_http_no_proxy:-}" local _mtu="${var_mtu:-}" local _sd="${var_searchdomain:-}" local _ns="${var_ns:-}" @@ -2626,9 +2651,46 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 24: Container Timezone + # STEP 24: HTTP/HTTPS Proxy # ═══════════════════════════════════════════════════════════════════════════ 24) + local http_proxy_default_flag="--defaultno" + [[ -n "$_http_proxy" ]] && http_proxy_default_flag="" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "HTTP/HTTPS PROXY" \ + --ok-button "Next" --cancel-button "Back" \ + $http_proxy_default_flag \ + --yesno "\nUse HTTP/HTTPS proxy?\n\nRequired when internet access must go through a proxy server.\n(e.g. corporate networks)\n\n(App default: ${var_http_proxy:-none})" 14 62; then + if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "HTTP PROXY URL" \ + --inputbox "\nEnter HTTP proxy URL:\n(e.g. http://proxy.local:8080)" 12 62 "$_http_proxy" \ + 3>&1 1>&2 2>&3); then + _http_proxy="$result" + local _no_proxy_default="${_http_no_proxy:-localhost,127.0.0.1,.local}" + if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "NO_PROXY EXCEPTIONS" \ + --inputbox "\nEnter NO_PROXY exceptions (comma-separated):\nLeave empty for defaults." 12 62 "$_no_proxy_default" \ + 3>&1 1>&2 2>&3); then + _http_no_proxy="$result" + fi + fi + else + if [ $? -eq 1 ]; then + _http_proxy="" + _http_no_proxy="" + else + ((STEP--)) + continue + fi + fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 25: Container Timezone + # ═══════════════════════════════════════════════════════════════════════════ + 25) local tz_hint="$_ct_timezone" [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)" @@ -2651,9 +2713,9 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 25: Container Protection + # STEP 26: Container Protection # ═══════════════════════════════════════════════════════════════════════════ - 25) + 26) local protect_default_flag="--defaultno" [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag="" @@ -2675,9 +2737,9 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 26: Device Node Creation (mknod) + # STEP 27: Device Node Creation (mknod) # ═══════════════════════════════════════════════════════════════════════════ - 26) + 27) local mknod_default_flag="--defaultno" [[ "$_enable_mknod" == "1" ]] && mknod_default_flag="" @@ -2699,9 +2761,9 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 27: Mount Filesystems + # STEP 28: Mount Filesystems # ═══════════════════════════════════════════════════════════════════════════ - 27) + 28) local mount_hint="" [[ -n "$_mount_fs" ]] && mount_hint="$_mount_fs" || mount_hint="(none)" @@ -2722,9 +2784,9 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 28: Optional host-side post-install hook (path on the Proxmox HOST) + # STEP 29: Optional host-side post-install hook (path on the Proxmox HOST) # ═══════════════════════════════════════════════════════════════════════════ - 28) + 29) local _hook_prompt="Optional: absolute path to a *.sh file ON THE PROXMOX HOST. It runs as root on the HOST (NOT in the LXC) after the container @@ -2774,9 +2836,9 @@ Leave empty to skip." ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 29: Verbose Mode & Confirmation + # STEP 30: Verbose Mode & Confirmation # ═══════════════════════════════════════════════════════════════════════════ - 29) + 30) local verbose_default_flag="--defaultno" [[ "$_verbose" == "yes" ]] && verbose_default_flag="" @@ -2804,6 +2866,7 @@ Leave empty to skip." local tz_display="${_ct_timezone:-Host TZ}" local apt_display="${_apt_cacher:-no}" [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip" + local http_proxy_display="${_http_proxy:-(none)}" local post_install_display="${_post_install:-(none)}" local post_install_warn="" @@ -2833,6 +2896,7 @@ Features: Advanced: Timezone: $tz_display APT Cacher: $apt_display + HTTP Proxy: $http_proxy_display Verbose: $_verbose Post-Install Script: ${post_install_display}${post_install_warn}" @@ -2876,6 +2940,8 @@ Advanced: CT_TIMEZONE="$_ct_timezone" APT_CACHER="$_apt_cacher" APT_CACHER_IP="$_apt_cacher_ip" + HTTP_PROXY="$_http_proxy" + HTTP_NO_PROXY="$_http_no_proxy" VERBOSE="$_verbose" var_post_install="$_post_install" @@ -2891,6 +2957,8 @@ Advanced: var_timezone="$_ct_timezone" var_apt_cacher="$_apt_cacher" var_apt_cacher_ip="$_apt_cacher_ip" + var_http_proxy="$_http_proxy" + var_http_no_proxy="$_http_no_proxy" # Format optional values [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU="" @@ -2928,6 +2996,7 @@ Advanced: [[ "${PROTECT_CT:-no}" == "yes" || "${PROTECT_CT:-no}" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Protection: ${BGN}Enabled${CL}" [[ -n "${CT_TIMEZONE:-}" ]] && echo -e "${INFO}${BOLD}${DGN}Timezone: ${BGN}$CT_TIMEZONE${CL}" [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}" + [[ -n "${HTTP_PROXY:-}" ]] && echo -e "${INFO}${BOLD}${DGN}HTTP Proxy: ${BGN}$HTTP_PROXY${CL}" echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}" echo -e "${CREATING}${BOLD}${RD}Creating an LXC of ${APP} using the above advanced settings${CL}" @@ -3765,6 +3834,47 @@ start() { # SECTION 8: CONTAINER CREATION & DEPLOYMENT # ============================================================================== +# ------------------------------------------------------------------------------ +# _apply_http_proxy_in_container() +# +# - Writes persistent proxy settings into the LXC before base package install +# - Ensures apt/apk/curl work behind corporate proxies during early setup +# ------------------------------------------------------------------------------ +_apply_http_proxy_in_container() { + local proxy="${HTTP_PROXY:-}" + local noproxy="${HTTP_NO_PROXY:-}" + [[ -z "$proxy" || -z "${CTID:-}" ]] && return 0 + [[ -z "$noproxy" ]] && noproxy="localhost,127.0.0.1,.local" + + msg_info "Applying HTTP proxy in container" + local tmpf + tmpf="$(mktemp)" + cat >"$tmpf" </dev/null 2>&1 || { + rm -f "$tmpf" + msg_warn "Failed to push HTTP proxy profile into container" + return 0 + } + pct exec "$CTID" -- chmod 644 /etc/profile.d/90-http-proxy.sh >/dev/null 2>&1 || true + + if [[ "$var_os" != "alpine" && "${APT_CACHER:-}" != "yes" ]]; then + cat >"$tmpf" </dev/null 2>&1 || true + fi + rm -f "$tmpf" + msg_ok "Applied HTTP proxy in container" +} + # ------------------------------------------------------------------------------ # build_container() # @@ -3891,6 +4001,12 @@ build_container() { export SESSION_ID="$SESSION_ID" export CACHER="$APT_CACHER" export CACHER_IP="$APT_CACHER_IP" + if [[ -n "${HTTP_PROXY:-}" ]]; then + export HTTP_PROXY HTTPS_PROXY="$HTTP_PROXY" http_proxy="$HTTP_PROXY" https_proxy="$HTTP_PROXY" + export NO_PROXY="${HTTP_NO_PROXY:-}" no_proxy="${HTTP_NO_PROXY:-}" + export var_http_proxy="$HTTP_PROXY" + export var_http_no_proxy="${HTTP_NO_PROXY:-}" + fi export tz="$timezone" export APPLICATION="$APP" export app="$NSAPP" @@ -4374,6 +4490,8 @@ EOF local install_exit_code=0 + _apply_http_proxy_in_container + # Continue with standard container setup if [ "$var_os" == "alpine" ]; then sleep 3 @@ -4381,10 +4499,13 @@ EOF https://dl-cdn.alpinelinux.org/alpine/latest-stable/main https://dl-cdn.alpinelinux.org/alpine/latest-stable/community EOF' - pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq" >>"$BUILD_LOG" 2>&1 || { + pct exec "$CTID" -- ash -c 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apk add bash newt curl openssh nano mc ncurses jq' >>"$BUILD_LOG" 2>&1 || { msg_warn "apk install failed (dl-cdn.alpinelinux.org), trying alternate mirrors..." local alpine_exit=0 pct exec "$CTID" -- ash -c ' + set -a + [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh + set +a ALPINE_MIRRORS="mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org" for m in $(printf "%s\n" $ALPINE_MIRRORS | shuf); do if wget -q --spider --timeout=2 "http://$m/alpine/latest-stable/main/" 2>/dev/null; then @@ -4443,13 +4564,16 @@ EOF pct exec "$CTID" -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf" fi - pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || { + pct exec "$CTID" -- bash -c "set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || { local failed_mirror failed_mirror=$(pct exec "$CTID" -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown") msg_warn "apt-get update failed (${failed_mirror})." msg_custom "ℹ️" "${YW}" "Probing alternate mirrors (this can take 1-2 minutes on network issues)" local mirror_exit=0 pct exec "$CTID" -- env APT_BASE="$_base_pkgs" bash -c ' + set -a + [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh + set +a DISTRO=$(. /etc/os-release 2>/dev/null && echo "$ID" || echo "debian") echo " Mirror fallback for distro: $DISTRO" diff --git a/misc/core.func b/misc/core.func index 6e9e590e0..adf5a68d9 100644 --- a/misc/core.func +++ b/misc/core.func @@ -970,6 +970,53 @@ is_verbose_mode() { [[ "$verbose" != "no" ]] } +# ------------------------------------------------------------------------------ +# configure_http_proxy() +# +# - Applies var_http_proxy / var_http_no_proxy inside the container +# - Persists proxy env for login shells, systemd, and package managers +# - Skips APT proxy config when APT Cacher-NG is active +# ------------------------------------------------------------------------------ +configure_http_proxy() { + local proxy="${HTTP_PROXY:-${http_proxy:-${var_http_proxy:-}}}" + local noproxy="${HTTP_NO_PROXY:-${no_proxy:-${var_http_no_proxy:-}}}" + [[ -z "$proxy" ]] && return 0 + [[ -z "$noproxy" ]] && noproxy="localhost,127.0.0.1,.local" + + msg_info "Configuring HTTP proxy" + cat >/etc/profile.d/90-http-proxy.sh </etc/apt/apt.conf.d/00aptproxy local _proxy_raw="${CACHER_IP}" local _proxy_host _proxy_port _proxy_url @@ -509,7 +510,7 @@ EOF systemctl restart "$(basename "$(dirname "$GETTY_OVERRIDE")" | sed 's/\.d//')" msg_ok "Customized Container" fi - echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update + echo 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/'"${app}"'.sh)"' >/usr/bin/update chmod +x /usr/bin/update if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then