I currently own the Nokia N810 and found out that beside the Browser, Feed reader, and the Internet Radio app. No other Internet aware applications on diablo supports network proxy. Even the default IM application only works if you are using a direct Internet connection and will not work if you are working behind a network proxy. The OS its self allows for the user to setup a system wide proxy as part of setting up a connection profile. But most Internet aware 3rd party applications dont use it (or have embedded proxy support)

The situation is very different on my Nokia E71 every applications (including 3rd party) work using the system wide proxy settings.

It would be really cool if 3rd party application are developed to use the system wide proxy or embedded their own proxy support

Please use http://maemo.org/community/brainstorm/ to formulate your proposals and potential solutions to implement them. Thanks!

Thread moved to Brainstorm forum.

Example workaround: use IPT with POSTROUTING to redirect traffic to any port 80 to 127.0.0.1 port 8080 where your proxy server runs.

Why is this a suitable solution for Brainstorm? Surely it's a bug in any application which doesn't support the proxy - certainly the built in ones, and probably third party ones!

Setting the proxy for a connection should expose http_proxy correctly, this should be used by the standard Linux libraries in the absence of a better system configuration API for proxies.

Any application using libcurl, and many do, will automatically honour the http_proxy environment variable (which is what is set by that option). And this is common for other libraries and applications too, including the 'wget' command line tool, the Konqueror browser and other browsers (mozilla-derivates). So yes, I'm with Jaffa on this one.

(Of course, there are also internet-aware applications that are not talking a protocol that could be proxy'ed this way. You can't proxy Skype through the kind of proxy that you can specify with http_proxy or ftp_proxy, for example. You may redirect them through a VPN though.)

Setting the proxy for a connection should expose http_proxy correctly, this should be used by the standard Linux libraries in the absence of a better system configuration API for proxies.

GConf is the right way to do it IMHO (although almost nothing seems to get it right, see bug 3783 (https://bugs.maemo.org/show_bug.cgi?id=3783) and its dependencies). Environment variables can't be changed externally during an app's execution lifetime, so the apps can't notice proxy changes when a different network connection is activated for example.

Good point. It could be handled by using a transparent proxy instead, i.e. that the device runs IPTABLES and (http, ftp..) traffic is redirected to a proxy. iptables could then presumably be manipulated via GConf+helper app.

A transparent proxy would be a very limited solution, as it would only work for HTTP to port 80. People serve web pages, RSS feeds, media streams etc on all sort of ports, and transparently proxying HTTPS is of course out of the question.

No, it's not limited to port 80. It's equally easy to have iptables forwarding any port. But it may not be the optimal solution still. Of course, updating any and every application to handle a change of proxy is possible, but that sounds like a lot of work and there'll always be leftovers. That's why I'm thinking along lines where you fiddle with the network itself instead (for example, starting a VPN is a way of transparently direct traffic elsewhere, although not involving a (filtering/caching) proxy).

Okay we need some resolution on this-- is it a Brainstorm item or Bugzilla candidate? If the former, a proposal needs to be created and linked. If the latter, then a bug should be opened (or possibly expanded/voted if an existing one is applicable).

I will be more than happy to help either way.

No, it's not limited to port 80. It's equally easy to have iptables forwarding any port.

Sure, let me rephrase that to "limited to a small set of pre-defined ports". Otherwise it may be transparent for the applications but becomes a huge hassle for the user.

Another problem is that too much transparency can be a bad thing. What do you do if you want to access a non-HTTP service on port 80 (recent example (http://mg.pov.lt/blog/escaping-hotel-firewall.html))?

Okay we need some resolution on this-- is it a Brainstorm item or Bugzilla candidate?

Brainstorm, probably, but there's no harm in discussing it a bit more first :-)

I would like to generalise this a bit to a solution for all HTTP-speaking applications to support HTTP properly. If you look at bugzilla, most apps that do HTTP (eg RSS reader, media player, application manager) have the same types of bugs filed against them:

app doesn't obey proxy settings
app doesn't support HTTP authentication
app doesn't support HTTPS


plus a few less frequently occuring ones like handling of HTTP redirects.

In my mind the right solution would involve a high-level HTTP library that all apps[1] would be encouraged[2] to use. It should support HTTP/1.1 fully, notice proxy setting changes automatically (including exceptions), use the built-in certificate store for SSL/TLS, and in a perfect world also support proxy autoconfig[3]. Oh, and it should be language- and toolkit-independent.

[1] including some non-HTTP ones that could use CONNECT through an HTTP proxy (for example Jabber or IRC)
[2] exercise left to the reader ;-)
[3] this requires a javascript engine so decidedly non-trivial

It's a bug. There's an API which applications are supposed to use for the proxy (e.g. gconf's /system/proxy/mode or libconic's con_ic_connection_get_proxy_mode).

There are four possible bug types:


System doesn't set http_proxy environment variable for newly launched processes. (Haven't checked)
Built-in application doesn't respect proxy settings (such as #3712 (https://bugs.maemo.org/show_bug.cgi?id=3712))
Third-party application doesn't respect proxy settings
Application using non-HTTP traffic can't use SOCKS proxy or other tunnelling technique.


If there wants to be a generic technical solution to #4, I don't think Brainstorm's race-to-mediocrity and the inexperience-of-crowds will come up with a good technical solution. Perhaps maemo-developers would actually be better?

Well, for [1] and [2], at least, there's libcurl (http://curl.haxx.se/libcurl/) which several applications already use.

I really appreciate all the suggestions stated here.I am not a programmer. but i would like to help with. anything i can do because this bug/issue is affecting me and many other users who live behind network proxies greatly. right now on my n900 only the web browser respects the systemwide proxy. i am unable to use any other internet awared application because they simiply wont work (all the gpodder, mauku, omweather, internet radio, gtalkl, just name it) if it connect to the inernet it doesnt work. because for some reasons the applications have not been programed to use the systemwide proxy. It would help greatly if some of the problems, bugs and proposal stated here can be looked into and a working solution pushed into maemo.