Proxy
In enterprises, proxies are a standard to secure and control network traffic.
A problem with a proxy can occur at two points in time:
- Installing AskUI
- AskUI Controller connection to AskUI Inference
Installing AskUI Through NTLM or Kerberos Proxy Server
A Windows New Technology LAN Manager (NTLM) or Kerberos proxy requires you to authenticate yourself. This is done via your currently logged in Windows user or the username/password combination (Linux, macOS). The easiest way to do this is to install a local proxy that handles the handshake with the proxy for you.
Install Local Proxy
We recommend Px as a local proxy. Install it in your preferred way and start it. The default port it runs on is 3128
.
Choose the binary option if a package manager is not feasible in your environment.
Windows Startup
You can add Px to the startup for the binary zipped option in Windows like this:
-
Create a
px-start.bat
file within the unzipped folder, for example,c:\tools\px
with the content:cd c:\tools\px (or whatever path you unzipped the archive to)
px.exe -
Double-Click on the
px-start.bat
file to start Px -
Optional: Set up Px to autostart on system startup so you don’t have to start it manually each time you want to use it
- Create a link to
px-start.bat
- Open the startup folder with
Windows logo key + R
, entershell:startup
- Move the link to
px-start.bat
into this folder
- Create a link to
Create .npmrc
file for npm
Create a .npmrc
file in your AskUI project. You want to make sure that:
registry
andnoproxy
point to your companies registry (i.e. Artifactory)proxy
andhttps-proxy
point to the local Px proxy
registry=<company-registry-url>
proxy=http://127.0.0.1:3128
https-proxy=http://127.0.0.1:3128
noproxy=<company-registry-url>
Set Environment Variables
Setting the proxy inside .npmrc
does not cover all cases. Sometimes a separate node
command spawns a new process which does not inherit the proxy settings. Therefore you need to set the environment variable HTTPS_PROXY
like this:
# Linux and macOS
# Add it to your favourite shell
# at startup if necessary
export HTTPS_PROXY=http://127.0.0.1:3128
AskUI Controller Connection to AskUI Inference
We describe two ways to connect to our backend AskUI Inference.
Using Default Configuration with hpagent
Per default, our library uses hpagent to support the use of HTTP and HTTPS proxies. hpagent
is an open source package which provides HTTP(S) proxies that keeps connections alive. To use it, you need to
- install
hpagent
npm install --save-dev hpagent
- configure which proxies to use by setting the proxies' URLs using the environment variables
HTTP_PROXY
orHTTPS_PROXY
export HTTP_PROXY=http://<your-proxy-url>
export HTTPS_PROXY=https://<your-proxy-url>
Manually Configuring the HTTP and HTTPS Agent
If you need even more control, you can also configure an HTTP agent and HTTPS agent supporting your proxy manually for either one or both,
- the AskUI Controller (configuring the
UiController
) running on the OS you would like to control and - the Inference API (configuring the
UiControlClient
) running on our servers and providing the vision to run your tests.
In the following example we are going to use hpagent again but you can use any HTTP and HTTPS agents that support proxies, for example, the http.Agent or the https.Agent provided by the http
and https
module of Node.js, respectively.
- Install
hpagent
npm install --save-dev hpagent
- Import
hpagent
(or the agent(s) you would like to use) and configure theUiController
and/or theUiControlClient
inside thetest/helpers/askui-helper.ts
file.
import { HttpProxyAgent, HttpsProxyAgent } from 'hpagent'; // <-- Add imports
// other code
beforeAll(async () => {
// Add this block
const httpProxyUrl = "http://<your-proxy-url>" // <-- Adapt http proxy url
const httpsProxyUrl = "https://<your-proxy-url>" // <-- Adapt https proxy url
const proxyAgents = {
http: new HttpProxyAgent({
proxy: httpProxyUrl,
}),
https: new HttpsProxyAgent({
proxy: httpsProxyUrl,
}),
}
// other code
uiController = new UiController({
proxyAgents // <-- Set proxy agents
});
// other code
aui = await UiControlClient.build({
proxyAgents // <-- Set proxy agents
});
// other code
})
Here are some examples for the httpProxyUrl
(for more details see docs from hpagent)
Proxy Type | URL | Description |
---|---|---|
HTTP | for example http://proxy.company.com:8293 | A HTTP proxy without authentication |
HTTP + Basic Auth | for example http://username:password@proxy.company.com:8293 | A HTTP proxy with authentication |
SOCKET | Socket proxies are not supported by hpagent |
Here are some examples for the httpsProxyUrl
(for more details see docs from hpagent)
Proxy Type | URL | Description |
---|---|---|
HTTPS | for example https://proxy.company.com:8293 | A HTTPS proxy without authentication |
HTTPS + Basic Auth | for example https://username:password@proxy.company.com:8293 | A HTTP proxy with authentication. |
SOCKET | Socket proxies are not supported by hpagent |
Deep Package Inspection
Company proxies, like Zscalar, use deep package inspection to analyze the network traffic. Such proxies are adding self-signed certificates to the HTTPS request to break up the TLS connection.
This can result in the following error messages:
RequestError: self signed certificate
or
RequestError: unable to verify the first certificate
You can add a self-signed certificate as extra CA Certs to solve this problem as detailed in the next section.
Add Self-Signed Certificate as Extra CA Certs (RECOMMENDED)
The following step-by-step instructions will show you how to add the correct certificate as extra CA Certs.
-
Open the certificate viewer in your browser.
Chrome: Depending on your operating system there is a Lock-icon left of your browser bar that opens the certificate viewer directly or another icon that opens a Site Information menu where you have to select Connection is Secure -> Certificate is Valid
Firefox: Click the Lock-icon left of your browser bar. click on Connection Secure -> More Information. Select the tab Security. Click View Certificate.
-
Chrome: Open the Details tab.
Firefox: Select the GTS Root R1 certificate.
-
Chrome: Select the Certificate GTS Root R1 and click Export... on the bottom right.
Firefox: Under Miscellaneous, you can download the certificate.
-
Save it somewhere you can find it.
Windows:
Add the following to your <project>\.askui\Settings\AskuiEnvironmentSettings.json
{
...
"environmentVariables": {
...
"NODE_EXTRA_CA_CERTS": "<insert absolute path of certificate>"
...
},
...
}
macOS/Unix:
export NODE_EXTRA_CA_CERTS='<insert absolute path of certificate>'
Additional information: