Set an HTTP Proxy for the piko agent

[flobaader]

Hi @andydunstall,

thanks for the awesome work with Piko!

Our piko agent needs to connect to the server via an HTTP proxy, because only outgoing traffic over this proxy is allowed.
Is it possible to configure something like this in the agent settings?

[andydunstall]

Hey @flobaader

I don't see why the agent needs any special configuration to work with a HTTP proxy? It doesn't know whether it's connecting to the server directly or via a proxy?

You can configure the Piko server URL with --connect.url, and the upstream service URL with as part of the listener configuration. Would that work for you?

Maybe I'm misunderstanding?

[flobaader]

Hi @andydunstall,

Thanks so much for your response! I really appreciate you taking the time to help us understand how Piko works.

I wanted to share a bit more about our environment to clarify what we're trying to accomplish:

Our network setup requires all outbound connections to go through our corporate HTTP proxy - this is a security policy we need to work within. I'm trying to figure out the best way to set up the Piko agent to respect this:

• Would setting HTTP_PROXY/HTTPS_PROXY environment variables be enough?
• If we're using Docker, should we handle this at the container level?
• Does Piko have any built-in settings for proxy configuration?

I'm also wondering about how HTTPS certificates will work in this scenario. Since we're connecting through an HTTP proxy but still need secure communication with the Piko server:

• Will the agent still establish a proper TLS connection through our HTTP proxy?
• Do we need to do anything special with certificates in this setup?

To clarify what I'm trying to achieve:

graph TD
    A[Local Services] <-->|Listening| B[Piko Agent]
    B -->|Outbound Connection| C[Corporate HTTP Proxy]
    C -->|Internet| D[Piko Server]
    D -->|Response| C
    C -->|Response| B
    
    subgraph Internal Network
        A
        B
        C
    end
    
    subgraph Internet
        D
    end

Loading

We're excited to get Piko working in our environment, and any guidance you could provide would be super helpful!
Thanks again for creating such a useful tool!

[andydunstall]

Would setting HTTP_PROXY/HTTPS_PROXY environment variables be enough?

I don't think that's supported, since the agent connects to the Piko server which has a custom dialer/transport

Does Piko have any built-in settings for proxy configuration?

No, though I'll look at adding (or you're welcome to have a go at contributing if you'd prefer)

I'll aim to get to it this weekend (I'm a bit busy this week so might take me a couple of days to get to). If you have any suggestions on what the easiest way for you to configure the agent would be, please suggest

We're excited to get Piko working in our environment, and any guidance you could provide would be super helpful!

Great to hear!

[andydunstall]

@flobaader I've added support in #237. Please test this out and let me know if it works for you :)

[flobaader]

Awesome, thank you @andydunstall - I need to compile the binary myself for the branch, right?

[andydunstall]

I need to compile the binary myself for the branch, right?

Yep - just use make piko