Support for routing outbound HTTP requests via a proxy (#6239)

The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
2025-05-03 00:34:47 -04:00 · 2019-11-01 14:07:44 +00:00 · 2019-11-01 14:07:44 +00:00 · 1cb84c6486
commit 1cb84c6486
parent fe1f2b4520
16 changed files with 812 additions and 12 deletions
--- a/synapse/server.pyi
+++ b/synapse/server.pyi
@ -12,6 +12,7 @@ import synapse.handlers.message
 import synapse.handlers.room
 import synapse.handlers.room_member
 import synapse.handlers.set_password
+import synapse.http.client
 import synapse.rest.media.v1.media_repository
 import synapse.server_notices.server_notices_manager
 import synapse.server_notices.server_notices_sender
@ -38,6 +39,14 @@ class HomeServer(object):
        pass
    def get_state_resolution_handler(self) -> synapse.state.StateResolutionHandler:
        pass
+    def get_simple_http_client(self) -> synapse.http.client.SimpleHttpClient:
+        """Fetch an HTTP client implementation which doesn't do any blacklisting
+        or support any HTTP_PROXY settings"""
+        pass
+    def get_proxied_http_client(self) -> synapse.http.client.SimpleHttpClient:
+        """Fetch an HTTP client implementation which doesn't do any blacklisting
+        but does support HTTP_PROXY settings"""
+        pass
    def get_deactivate_account_handler(
        self,
    ) -> synapse.handlers.deactivate_account.DeactivateAccountHandler: