For several years I've run my kickstart installs through a squid proxy that caches packages that I download. My kickstarts have something like this:
url --url=http://mirror.chpc.utah.edu/pub/fedora/linux/releases/31/Everything/x86_64/os/ --proxy=http://squid.example.com:3128 As I test many repeated Fedora installs in my network, I can rely on Squid's caching, so the packages download faster and I put less load on the Fedora mirrors. This all happens over plaintext HTTP, and as I do more Fedora automated installs, that's concerning. Is there any easy way to do similar package caching with a Fedora mirror that provides HTTPS? I read https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit . I think I would use this to have Squid to generate and sign its own certificates for the Fedora mirror host on the fly? I see pykickstart supports https URLs for --proxy, so I think I can just do --proxy https://squid.example.com:3128 ? I don't understand how I would get the installer to trust my custom CA to communicate with the HTTPS proxy, though. Am I headed in the right direction? Has anyone else done something like this? - Ken _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
