@@ -1018,9 +1018,6 @@ base_settings() {
fi
fi
HTTP_PROXY = " ${ var_http_proxy :- } "
HTTP_NO_PROXY = " ${ var_http_no_proxy :- } "
MTU = ${ var_mtu :- "" }
_sd_val = " ${ var_searchdomain :- "" } "
[ [ -n " $_sd_val " ] ] && SD = " -searchdomain= $_sd_val " || SD = ""
@@ -1074,7 +1071,7 @@ load_vars_file() {
# Allowed var_* keys
local VAR_WHITELIST = (
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1253,18 +1250,6 @@ load_vars_file() {
continue
fi
; ;
var_http_proxy)
if [ [ -n " $var_val " ] ] && ! [ [ " $var_val " = ~ ^https?://[ ^[ :space:] ] +( :[ 0-9] +) ?/?$ ] ] ; then
msg_warn " Invalid HTTP proxy URL ' $var_val ' in $file , ignoring "
continue
fi
; ;
var_http_no_proxy)
if [ [ -n " $var_val " ] ] && [ [ ! " $var_val " = ~ ^[ a-zA-Z0-9.*_:/-] +( ,[ a-zA-Z0-9.*_:/-] +) *$ ] ] ; then
msg_warn " Invalid no_proxy value ' $var_val ' in $file , ignoring "
continue
fi
; ;
var_container_storage | var_template_storage)
# Validate that the storage exists and is active on the current node
local _storage_status
@@ -1304,7 +1289,7 @@ default_var_settings() {
# Allowed var_* keys (alphabetically sorted)
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
local VAR_WHITELIST = (
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -1384,10 +1369,6 @@ var_ssh=no
# var_apt_cacher_ip=http://proxy.local
# var_apt_cacher_ip=https://proxy.local:443
# HTTP/HTTPS proxy (optional - for networks requiring a proxy)
# var_http_proxy=http://proxy.local:8080
# var_http_no_proxy=localhost,127.0.0.1,.local
# Features/Tags/verbosity
var_fuse = no
var_tun = no
@@ -1487,7 +1468,7 @@ get_app_defaults_path() {
if ! declare -p VAR_WHITELIST >/dev/null 2>& 1; then
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
declare -ag VAR_WHITELIST = (
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1635,8 +1616,6 @@ _build_current_app_vars_tmp() {
_ssh_auth = " ${ SSH_AUTHORIZED_KEY :- } "
_apt_cacher = " ${ APT_CACHER :- } "
_apt_cacher_ip = " ${ APT_CACHER_IP :- } "
_http_proxy = " ${ HTTP_PROXY :- ${ var_http_proxy :- } } "
_http_no_proxy = " ${ HTTP_NO_PROXY :- ${ var_http_no_proxy :- } } "
_fuse = " ${ ENABLE_FUSE :- no } "
_tun = " ${ ENABLE_TUN :- no } "
_gpu = " ${ ENABLE_GPU :- no } "
@@ -1688,8 +1667,6 @@ _build_current_app_vars_tmp() {
[ -n " $_apt_cacher " ] && echo " var_apt_cacher= $( _sanitize_value " $_apt_cacher " ) "
[ -n " $_apt_cacher_ip " ] && echo " var_apt_cacher_ip= $( _sanitize_value " $_apt_cacher_ip " ) "
[ -n " $_http_proxy " ] && echo " var_http_proxy= $( _sanitize_value " $_http_proxy " ) "
[ -n " $_http_no_proxy " ] && echo " var_http_no_proxy= $( _sanitize_value " $_http_no_proxy " ) "
[ -n " $_fuse " ] && echo " var_fuse= $( _sanitize_value " $_fuse " ) "
[ -n " $_tun " ] && echo " var_tun= $( _sanitize_value " $_tun " ) "
@@ -1853,7 +1830,7 @@ advanced_settings() {
TAGS = " community-script ${ var_tags : +; ${ var_tags } } "
fi
local STEP = 1
local MAX_STEP = 30
local MAX_STEP = 29
# Store values for back navigation - inherit from var_* app defaults
local _ct_type = " ${ var_unprivileged :- 1 } "
@@ -1872,8 +1849,6 @@ advanced_settings() {
local _ipv6_gate = ""
local _apt_cacher = " ${ var_apt_cacher :- no } "
local _apt_cacher_ip = " ${ var_apt_cacher_ip :- } "
local _http_proxy = " ${ var_http_proxy :- } "
local _http_no_proxy = " ${ var_http_no_proxy :- } "
local _mtu = " ${ var_mtu :- } "
local _sd = " ${ var_searchdomain :- } "
local _ns = " ${ var_ns :- } "
@@ -2651,46 +2626,9 @@ advanced_settings() {
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 24: HTTP/HTTPS Proxy
# STEP 24: Container Timezone
# ═══════════════════════════════════════════════════════════════════════════
24)
local http_proxy_default_flag = "--defaultno"
[ [ -n " $_http_proxy " ] ] && http_proxy_default_flag = ""
if whiptail --backtitle " Proxmox VE Helper Scripts [Step $STEP / $MAX_STEP ] " \
--title "HTTP/HTTPS PROXY" \
--ok-button "Next" --cancel-button "Back" \
$http_proxy_default_flag \
--yesno " \nUse HTTP/HTTPS proxy?\n\nRequired when internet access must go through a proxy server.\n(e.g. corporate networks)\n\n(App default: ${ var_http_proxy :- none } ) " 14 62; then
if result = $( whiptail --backtitle " Proxmox VE Helper Scripts [Step $STEP / $MAX_STEP ] " \
--title "HTTP PROXY URL" \
--inputbox "\nEnter HTTP proxy URL:\n(e.g. http://proxy.local:8080)" 12 62 " $_http_proxy " \
3>& 1 1>& 2 2>& 3) ; then
_http_proxy = " $result "
local _no_proxy_default = " ${ _http_no_proxy :- localhost ,127.0.0.1,.local } "
if result = $( whiptail --backtitle " Proxmox VE Helper Scripts [Step $STEP / $MAX_STEP ] " \
--title "NO_PROXY EXCEPTIONS" \
--inputbox "\nEnter NO_PROXY exceptions (comma-separated):\nLeave empty for defaults." 12 62 " $_no_proxy_default " \
3>& 1 1>& 2 2>& 3) ; then
_http_no_proxy = " $result "
fi
fi
else
if [ $? -eq 1 ] ; then
_http_proxy = ""
_http_no_proxy = ""
else
( ( STEP--) )
continue
fi
fi
( ( STEP++) )
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 25: Container Timezone
# ═══════════════════════════════════════════════════════════════════════════
25)
local tz_hint = " $_ct_timezone "
[ [ -z " $tz_hint " ] ] && tz_hint = "(empty - will use host timezone)"
@@ -2713,9 +2651,9 @@ advanced_settings() {
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 26 : Container Protection
# STEP 25 : Container Protection
# ═══════════════════════════════════════════════════════════════════════════
26 )
25 )
local protect_default_flag = "--defaultno"
[ [ " $_protect_ct " = = "yes" || " $_protect_ct " = = "1" ] ] && protect_default_flag = ""
@@ -2737,9 +2675,9 @@ advanced_settings() {
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 27 : Device Node Creation (mknod)
# STEP 26 : Device Node Creation (mknod)
# ═══════════════════════════════════════════════════════════════════════════
27 )
26 )
local mknod_default_flag = "--defaultno"
[ [ " $_enable_mknod " = = "1" ] ] && mknod_default_flag = ""
@@ -2761,9 +2699,9 @@ advanced_settings() {
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 28 : Mount Filesystems
# STEP 27 : Mount Filesystems
# ═══════════════════════════════════════════════════════════════════════════
28 )
27 )
local mount_hint = ""
[ [ -n " $_mount_fs " ] ] && mount_hint = " $_mount_fs " || mount_hint = "(none)"
@@ -2784,9 +2722,9 @@ advanced_settings() {
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 29 : Optional host-side post-install hook (path on the Proxmox HOST)
# STEP 28 : Optional host-side post-install hook (path on the Proxmox HOST)
# ═══════════════════════════════════════════════════════════════════════════
29 )
28 )
local _hook_prompt = " Optional: absolute path to a *.sh file ON THE PROXMOX HOST.
It runs as root on the HOST ( NOT in the LXC) after the container
@@ -2836,9 +2774,9 @@ Leave empty to skip."
; ;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 30 : Verbose Mode & Confirmation
# STEP 29 : Verbose Mode & Confirmation
# ═══════════════════════════════════════════════════════════════════════════
30 )
29 )
local verbose_default_flag = "--defaultno"
[ [ " $_verbose " = = "yes" ] ] && verbose_default_flag = ""
@@ -2866,7 +2804,6 @@ Leave empty to skip."
local tz_display = " ${ _ct_timezone :- Host TZ } "
local apt_display = " ${ _apt_cacher :- no } "
[ [ " $_apt_cacher " = = "yes" && -n " $_apt_cacher_ip " ] ] && apt_display = " $_apt_cacher_ip "
local http_proxy_display = " ${ _http_proxy :- (none) } "
local post_install_display = " ${ _post_install :- (none) } "
local post_install_warn = ""
@@ -2896,7 +2833,6 @@ Features:
Advanced:
Timezone: $tz_display
APT Cacher: $apt_display
HTTP Proxy: $http_proxy_display
Verbose: $_verbose
Post-Install Script: ${ post_install_display } ${ post_install_warn } "
@@ -2940,8 +2876,6 @@ Advanced:
CT_TIMEZONE = " $_ct_timezone "
APT_CACHER = " $_apt_cacher "
APT_CACHER_IP = " $_apt_cacher_ip "
HTTP_PROXY = " $_http_proxy "
HTTP_NO_PROXY = " $_http_no_proxy "
VERBOSE = " $_verbose "
var_post_install = " $_post_install "
@@ -2957,8 +2891,6 @@ Advanced:
var_timezone = " $_ct_timezone "
var_apt_cacher = " $_apt_cacher "
var_apt_cacher_ip = " $_apt_cacher_ip "
var_http_proxy = " $_http_proxy "
var_http_no_proxy = " $_http_no_proxy "
# Format optional values
[ [ -n " $_mtu " ] ] && MTU = " ,mtu= $_mtu " || MTU = ""
@@ -2996,7 +2928,6 @@ Advanced:
[ [ " ${ PROTECT_CT :- no } " = = "yes" || " ${ PROTECT_CT :- no } " = = "1" ] ] && echo -e " ${ CONTAINERTYPE } ${ BOLD } ${ DGN } Protection: ${ BGN } Enabled ${ CL } "
[ [ -n " ${ CT_TIMEZONE :- } " ] ] && echo -e " ${ INFO } ${ BOLD } ${ DGN } Timezone: ${ BGN } $CT_TIMEZONE ${ CL } "
[ [ " $APT_CACHER " = = "yes" ] ] && echo -e " ${ INFO } ${ BOLD } ${ DGN } APT Cacher: ${ BGN } $APT_CACHER_IP ${ CL } "
[ [ -n " ${ HTTP_PROXY :- } " ] ] && echo -e " ${ INFO } ${ BOLD } ${ DGN } HTTP Proxy: ${ BGN } $HTTP_PROXY ${ CL } "
echo -e " ${ SEARCH } ${ BOLD } ${ DGN } Verbose Mode: ${ BGN } $VERBOSE ${ CL } "
echo -e " ${ CREATING } ${ BOLD } ${ RD } Creating an LXC of ${ APP } using the above advanced settings ${ CL } "
@@ -3834,47 +3765,6 @@ start() {
# SECTION 8: CONTAINER CREATION & DEPLOYMENT
# ==============================================================================
# ------------------------------------------------------------------------------
# _apply_http_proxy_in_container()
#
# - Writes persistent proxy settings into the LXC before base package install
# - Ensures apt/apk/curl work behind corporate proxies during early setup
# ------------------------------------------------------------------------------
_apply_http_proxy_in_container( ) {
local proxy = " ${ HTTP_PROXY :- } "
local noproxy = " ${ HTTP_NO_PROXY :- } "
[ [ -z " $proxy " || -z " ${ CTID :- } " ] ] && return 0
[ [ -z " $noproxy " ] ] && noproxy = "localhost,127.0.0.1,.local"
msg_info "Applying HTTP proxy in container"
local tmpf
tmpf = " $( mktemp) "
cat >" $tmpf " <<EOF
export http_proxy = " $proxy "
export https_proxy = " $proxy "
export HTTP_PROXY = " $proxy "
export HTTPS_PROXY = " $proxy "
export no_proxy = " $noproxy "
export NO_PROXY = " $noproxy "
EOF
pct push " $CTID " " $tmpf " /etc/profile.d/90-http-proxy.sh >/dev/null 2>& 1 || {
rm -f " $tmpf "
msg_warn "Failed to push HTTP proxy profile into container"
return 0
}
pct exec " $CTID " -- chmod 644 /etc/profile.d/90-http-proxy.sh >/dev/null 2>& 1 || true
if [ [ " $var_os " != "alpine" && " ${ APT_CACHER :- } " != "yes" ] ] ; then
cat >" $tmpf " <<EOF
Acquire::http::Proxy " $proxy " ;
Acquire::https::Proxy " $proxy " ;
EOF
pct push " $CTID " " $tmpf " /etc/apt/apt.conf.d/95http-proxy >/dev/null 2>& 1 || true
fi
rm -f " $tmpf "
msg_ok "Applied HTTP proxy in container"
}
# ------------------------------------------------------------------------------
# build_container()
#
@@ -4001,12 +3891,6 @@ build_container() {
export SESSION_ID = " $SESSION_ID "
export CACHER = " $APT_CACHER "
export CACHER_IP = " $APT_CACHER_IP "
if [ [ -n " ${ HTTP_PROXY :- } " ] ] ; then
export HTTP_PROXY HTTPS_PROXY = " $HTTP_PROXY " http_proxy = " $HTTP_PROXY " https_proxy = " $HTTP_PROXY "
export NO_PROXY = " ${ HTTP_NO_PROXY :- } " no_proxy = " ${ HTTP_NO_PROXY :- } "
export var_http_proxy = " $HTTP_PROXY "
export var_http_no_proxy = " ${ HTTP_NO_PROXY :- } "
fi
export tz = " $timezone "
export APPLICATION = " $APP "
export app = " $NSAPP "
@@ -4490,8 +4374,6 @@ EOF
local install_exit_code = 0
_apply_http_proxy_in_container
# Continue with standard container setup
if [ " $var_os " = = "alpine" ] ; then
sleep 3
@@ -4499,13 +4381,10 @@ EOF
https://dl-cdn.alpinelinux.org/alpine/latest-stable/main
https://dl-cdn.alpinelinux.org/alpine/latest-stable/community
EOF'
pct exec " $CTID " -- ash -c 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apk add bash newt curl openssh nano mc ncurses jq' " $BUILD_LOG " 2>& 1 || {
pct exec " $CTID " -- ash -c " apk add bash newt curl openssh nano mc ncurses jq" " $BUILD_LOG " 2>& 1 || {
msg_warn "apk install failed (dl-cdn.alpinelinux.org), trying alternate mirrors..."
local alpine_exit = 0
pct exec " $CTID " -- ash -c '
set -a
[ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh
set +a
ALPINE_MIRRORS = "mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org"
for m in $( printf "%s\n" $ALPINE_MIRRORS | shuf) ; do
if wget -q --spider --timeout= 2 " http:// $m /alpine/latest-stable/main/ " 2>/dev/null; then
@@ -4564,16 +4443,13 @@ EOF
pct exec " $CTID " -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf"
fi
pct exec " $CTID " -- bash -c " set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apt-get update 2>&1 && apt-get install -y ${ _base_pkgs } 2>&1 " >>" $BUILD_LOG " 2>& 1 || {
pct exec " $CTID " -- bash -c " apt-get update 2>&1 && apt-get install -y ${ _base_pkgs } 2>&1 " >>" $BUILD_LOG " 2>& 1 || {
local failed_mirror
failed_mirror = $( pct exec " $CTID " -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown" )
msg_warn " apt-get update failed ( ${ failed_mirror } ). "
msg_custom "ℹ " ${ YW } " "Probing alternate mirrors (this can take 1-2 minutes on network issues)"
local mirror_exit = 0
pct exec " $CTID " -- env APT_BASE = " $_base_pkgs " bash -c '
set -a
[ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh
set +a
DISTRO = $( . /etc/os-release 2>/dev/null && echo " $ID " || echo "debian" )
echo " Mirror fallback for distro: $DISTRO "
MickLesk