Proxy
In enterprises, proxies are a standard to secure and control network traffic.
A problem with a proxy can occur at two points in time:
- Installing AskUI
- AskUI Controller connection to AskUI Inference
Installing AskUI Through NTLM or Kerberos Proxy Server
A Windows New Technology LAN Manager (NTLM) or Kerberos proxy requires you to authenticate yourself. This is done via your currently logged in Windows user or the username/password combination (Linux, macOS). The easiest way to do this is to install a local proxy that handles the handshake with the proxy for you.
Install Local Proxy
We recommend Px as a local proxy. Install it in your preferred way and start it. The default port it runs on is 3128
.
Choose the binary option if a package manager is not feasible in your environment.
Windows Startup
You can add Px to the startup for the binary zipped option in Windows like this:
-
Create a
px-start.bat
file within the unzipped folder, e.g.,c:\tools\px
with the content:cd c:\tools\px (or whatever path you unzipped the archive to)
px.exe -
Double-Click on the
px-start.bat
file to start Px -
Optional: Set up Px to autostart on system startup so you don’t have to start it manually each time you want to use it
- Create a link to
px-start.bat
- Open the startup folder with
Windows logo key + R
, entershell:startup
- Move the link to
px-start.bat
into this folder
- Create a link to
Create .npmrc
file for npm
Create a .npmrc
file in your AskUI project. You want to make sure that:
registry
andnoproxy
point to your companies registry (i.e. Artifactory)proxy
andhttps-proxy
point to the local Px proxy
registry=<company-registry-url>
proxy=http://127.0.0.1:3128
https-proxy=http://127.0.0.1:3128
noproxy=<company-registry-url>
Set Environment Variables
Setting the proxy inside .npmrc
does not cover all cases. Sometimes a separate node
command spawns a new process which does not inherit the proxy settings. Therefore you need to set the environment variable HTTPS_PROXY
like this:
# Linux and macOS
# Add it to your favourite shell
# at startup if necessary
export HTTPS_PROXY=http://127.0.0.1:3128
AskUI Controller Connection to AskUI Inference
We describe two ways to connect to our backend AskUI Inference.
Using Default Configuration with hpagent
Per default, our library uses hpagent to support the use of HTTP and HTTPS proxies. hpagent
is an open source package which provides HTTP(S) proxies that keeps connections alive. To use it, you need to
- install
hpagent
npm install --save-dev hpagent
- configure which proxies to use by setting the proxies' URLs using the environment variables
HTTP_PROXY
orHTTPS_PROXY
export HTTP_PROXY=http://<your-proxy-url>
export HTTPS_PROXY=https://<your-proxy-url>
Manually Configuring the HTTP and HTTPS Agent
If you need even more control, you can also configure an HTTP agent and HTTPS agent supporting your proxy manually for either one or both,
- the AskUI Controller (configuring the
UiController
) running on the OS you would like to control and - the Inference API (configuring the
UiControlClient
) running on our servers and providing the vision to run your tests.
In the following example we are going to use hpagent again but you can use any HTTP and HTTPS agents that support proxies, e.g., the http.Agent or the https.Agent provided by the http
and https
module of Node.js, respectively.
- Install
hpagent
npm install --save-dev hpagent
- Import
hpagent
(or the agent(s) you would like to use) and configure theUiController
and/or theUiControlClient
inside thetest/helpers/askui-helper.ts
file.
import { HttpProxyAgent, HttpsProxyAgent } from 'hpagent'; // <-- Add imports
// other code
beforeAll(async () => {
// Add this block
const httpProxyUrl = "http://<your-proxy-url>" // <-- Adapt http proxy url
const httpsProxyUrl = "https://<your-proxy-url>" // <-- Adapt https proxy url
const proxyAgents = {
http: new HttpProxyAgent({
proxy: httpProxyUrl,
}),
https: new HttpsProxyAgent({
proxy: httpsProxyUrl,
}),
}
// other code
uiController = new UiController({
proxyAgents // <-- Set proxy agents
});
// other code
aui = await UiControlClient.build({
proxyAgents // <-- Set proxy agents
});
// other code
})
Here are some example for the httpProxyUrl
(for more details see docs from hpagent)
Proxy Type | URL | Description |
---|---|---|
HTTP | e.g. http://proxy.company.com:8293 | A HTTP proxy without authentication |
HTTP + Basic Auth | e.g. http://username:password@proxy.company.com:8293 | A HTTP proxy with authentication |
SOCKET | Socket proxies are not supported by hpagent |
Here are some example for the httpsProxyUrl
(for more details see docs from hpagent)
Proxy Type | URL | Description |
---|---|---|
HTTPS | e.g. https://proxy.company.com:8293 | A HTTPS proxy without authentication |
HTTPS + Basic Auth | e.g. https://username:password@proxy.company.com:8293 | A HTTP proxy with authentication. |
SOCKET | Socket proxies are not supported by hpagent |
Deep Package Inspection
Company proxies, like Zscalar, use deep package inspection to analyze the network traffic. Such proxies are adding self-signed certificates to the HTTPS request to break up the TLS connection.
This can result in the following error messages:
RequestError: self signed certificate
or
RequestError: unable to verify the first certificate
There are multiple options to deal with this:
Deactivate TLS certificate validation (NOT RECOMMENDED)
This option deactivates the TLS validation (see here) and is not recommended. Only for testing!
Windows:
set NODE_TLS_REJECT_UNAUTHORIZED 0
macOS/Unix:
export NODE_TLS_REJECT_UNAUTHORIZED=0
Add Self-Signed Certificate as Extra CA Certs (RECOMMENDED)
The other option is to add the self-signed certificate as extra certificates for Node.js.
- Get the certificate and convert it to a
.pem
file, e.g., by exporting it with Chrome. - Set the
NODE_EXTRA_CA_CERTS
with the following commands:
Windows:
set NODE_EXTRA_CA_CERTS '<path>\<cert>.pem'
macOS/Unix:
export NODE_EXTRA_CA_CERTS='<path>/<cert>.pem'
Additional information: