Bug or Feature Request? - Libreelec behind a http-proxy

    I've a Raspi with Libreelec 12.0.0 running in a ipv4-LAN behind a http-proxy.
    The Proxy is the only way to connect to the internet.
    All other traffic will be logged and blocked by the firewall.

    In Kodi I've filled out the Proxy-Settings, and Kodi himself is using the Proxy correctly.

    But after starting Libreelec, the firewall-logs are continuously showing blocked IP's initiated by Libreelec:

    82.165.8.211:80
    212.227.81.55:80

    Obviously they are caused by the Connman Service during his online check procedure.
    Connman is doing these online check request for "ipv4.connman.net" without using the proxy configuration of Kodi and of course the checks will fail.

    Ok, when disabling these checks in the connman conf file with "EnableOnlineCheck=false" these checks are breaking off.

    But, why isn't Libreelec/connman using the Proxy-config from Kodi for these checks?
    So far as i Know, this is the only place in Libreelec where a proxy can be defined.

    Quote from forrester

    why isn't Libreelec/connman using the Proxy-config from Kodi for these checks?

    Proxying in Linux is always application specific so Kodi proxy configuration is for Kodi and is not shared to other applications. You can also set a proxy in ConnMan (per connection) but I have a hunch the initial requests for ipv4/ipv6.connman.org are intentionally not routed to a configured proxy as those checks are performed before the network is declared up (and thus the connection that proxy config is associated with is not yet established).

    Thanks chewitt, so i'm thinking it's more a Feature Request than a Bug. ;)

    While writing this, i've tried to get connmann using my Proxy Configuration manually. My Libreelec-Raspi is connected over ethernet, so my steps for the connman-configuration are:

    Code
    connmanctl services
*AR Wired                ethernet_b827eb498c13_cable

connmanctl config ethernet_b827eb498c13_cable --proxy manual http://username:password@proxy-ip:port

    This configuration will be appended to "/storage/.cache/connman/ethernet_b827eb498c13_cable/settings" and will survive a reboot.

    The settings file looks like:

    I think the ip Settings in this file like address,gateway,dns .. had been read out of the kodi configs before and then given to connman.

    Why shouldn't it be possible for Libreelec to do the same for the proxy settings?

    Quote from forrester

    Why shouldn't it be possible for Libreelec to do the same for the proxy settings?

    It's not impossible. It's just unlikely to be implemented because, a) few people use/require local proxies and you're probably the 2nd or 3rd person that I can recall wanting to use them in the last decade, b) it would require Kodi patching and we try to minimise that, c) there's a simple workaround (as you have now implemented).

    Quote from chewitt

    c) there's a simple workaround (as you have now implemented).

    chewitt, unfortunately i've to realize that my connman-proxy config doesn't solve the problem.
    As soon as i've reset "EnableOnlineCheck=true", i've noticed that connman is doing his online checks anyway without using the proxy configuration in the settings file. :(

    Quote from chewitt

    I have a hunch the initial requests for ipv4/ipv6.connman.org are intentionally not routed to a configured proxy as those checks are performed before the network is declared up (and thus the connection that proxy config is associated with is not yet established).

    See previous statement ^ - If you want that changed, it's best to take up the discussion with the ConnMan developers.

    • New
    Quote from chewitt

    It's not impossible. It's just unlikely to be implemented because, a) few people use/require local proxies and you're probably the 2nd or 3rd person that I can recall wanting to use them in the last decade, b) it would require Kodi patching and we try to minimise that, c) there's a simple workaround (as you have now implemented).


    A quiet voice like mine is finally raising :) -> I have always patiently, quietly waited for LE to be able to use a proxy. It first cam up in 2017 but things weren't that ... "far"....

    I am 40 years old now and too old to be asking how to make a survey for that issue but would really appreciate if LE or the ConnMan developers consider to give LE such a basic functionality back.

    • New

    Maybe an alternative option: Use the http_proxy / https_proxy environment variables in the system shell profile.

    Usually, I'd try creating a drop-in .conf file /etc/profile.d/, with the contents:

    Code
    export http_proxy=http://username:password@proxy-ip:port
export https_proxy=$http_proxy

    Note that the lowercase variant of these variables seems to be the most widely accepted across most CLI tools & programming/scripting languages.

    However, it's not easily possible to create a file in the read-only filesystem on LibreELEC, and we can't simply remount it read-write since root / is squashfs. Alternatives would be to try a bind mount, or unpacking the /flash/SYSTEM squashfs image on another system, editing the file, and repackaging it. Maybe someone knows an easier way?

    • New
    Quote from cannonballgray

    would really appreciate if LE or the ConnMan developers consider to give LE such a basic functionality back.

    We have not 'removed' anything that broke proxy support. Proxying in Kodi works. Proxying in the OS works too, but proxy config methods are application specific (not OS-wide/catch-all) so you will need to follow whatever conventions the apps require.

    TrinitronX /storage/.profile can be created and used with LE for interactive shell config. If you want to export the variables to the system environment on boot this should be achievable from /storage/.config/autostart.sh.