Support for routing outbound HTTP requests via a proxy (#6239)

The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
2025-05-03 07:15:32 -04:00 · 2019-11-01 14:07:44 +00:00 · 2019-11-01 14:07:44 +00:00 · 1cb84c6486
commit 1cb84c6486
parent fe1f2b4520
16 changed files with 812 additions and 12 deletions
--- a/synapse/server.py
+++ b/synapse/server.py
@ -23,6 +23,7 @@
 # Imports required for the default HomeServer() implementation
 import abc
 import logging
+import os

 from twisted.enterprise import adbapi
 from twisted.mail.smtp import sendmail
@ -168,6 +169,7 @@ class HomeServer(object):
        "filtering",
        "http_client_context_factory",
        "simple_http_client",
+        "proxied_http_client",
        "media_repository",
        "media_repository_resource",
        "federation_transport_client",
@ -311,6 +313,13 @@ class HomeServer(object):
    def build_simple_http_client(self):
        return SimpleHttpClient(self)

+    def build_proxied_http_client(self):
+        return SimpleHttpClient(
+            self,
+            http_proxy=os.getenv("http_proxy"),
+            https_proxy=os.getenv("HTTPS_PROXY"),
+        )
+
    def build_room_creation_handler(self):
        return RoomCreationHandler(self)