Skip to content

c8y-remote-access-plugin does not use http proxy settings when configured #3598

Closed
Closed
c8y-remote-access-plugin does not use http proxy settings when configured#3598
Assignees
jarhodes314
Labels
bugSomething isn't workingtheme:troubleshootingTheme: Troubleshooting and remote control
Milestone
1.5.1
@reubenmiller

Description

@reubenmiller
reubenmiller
opened on May 7, 2025

Describe the bug

The c8y-remote-access-plugin does not use the HTTP proxy settings when establishing a connection to Cumulocity. This results in the Remote Access connection failing with a generic error / timeout.

Below shows that a device is using a HTTP proxy:

tedge connect c8y --test
test connection to Cumulocity cloud.:
        device id: TST_jump_broad_varnish
        cloud profile: <none>
        cloud host: thin-edge-io.eu-latest.cumulocity.com:8883
        auth type: Certificate
        certificate file: /etc/tedge/device-certs/tedge-certificate.pem
        cryptoki: false
        bridge: built-in
        service manager: systemd
        mosquitto version: 2.0.11
        proxy_url: http://127.0.0.1:8080/

To Reproduce

The easiest way to reproduce this is by using the following system test:

  • Install thin-edge.io behind a Proxy using wget

The above system test does the following:

  1. Configure a device with a HTTP proxy and reject all other non-localhost traffic that does not go through the proxy (e.g. use iptables)
  2. Install and configure thin-edge.io
  3. Configure thin-edge.io to use the http proxy
  4. Create a Cumulocity Remote Access configuration for SSH (and using public/private keys authentication)
  5. Add the public key to the /root/.ssh/authorized_keys file of the device
  6. Start the ssh service (e.g. systemd start ssh)
  7. In the Cumulocity Device Management Application, try to an Web SSH session with the device

Note: If the iptables rules are deleted, then the Remote Access connection successfully works (which indicates that the c8y-remote-access-plugin tries to connect via a direct connection and does not try to use the http proxy).

Expected behavior

The c8y-remote-access-plugin should use the http proxy if it is configured when trying to communicate with the outside world.

Screenshots

Environment (please complete the following information):

Property Value
OS [incl. version] Debian GNU/Linux 12 (bookworm)
Hardware [incl. revision] unknown
System-Architecture Linux 9296ee38b304 6.8.0-39-generic #39-Ubuntu SMP PREEMPT_DYNAMIC Sat Jul 6 02:50:39 UTC 2024 aarch64 GNU/Linux
thin-edge.io version tedge 1.5.0

Additional context

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingtheme:troubleshootingTheme: Troubleshooting and remote control

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions