Capsule - Server Communication via Proxy¶

All inbound and outbound Capsule communication should be routable through a proxy. This is the case where a Capsule cannot directly route it’s traffic to the server nor can the server directly reach the Capsule. If we allow only proxying Capsule content syncing from the Foreman/Katello and a user locks down a Capsule’s HTTP traffic, this could break other functionality of the Capsule See diagram below.

Related BZs:
https://bugzilla.redhat.com/show_bug.cgi?id=1114083¶

Capsule to Server¶

• Pulp node syncing content from the server
• Puppet master reporting
• Qpid traffic (if client communication is routed through the Capsule)
• Sub-man traffic being routed via reverse-proxy to the Capsule

Server to Capsule¶

• Initial creation and discovery of the Capsule
• Feature refresh of the Capsule
• Qpid traffic (if client communication is routed through the Capsule)

Requirements¶

1. Capsules should support individual proxy configurations server side
2. Capsule puppet masters should support routing traffic through an HTTP proxy
3. Qpid should support routing traffic through a proxy on the Server or Capsule
4. Capsule reverse proxy should support routing through an external HTTP proxy