We are proud to announce the availability in beta of the Snap Enterprise Proxy.
The Snap Enterprise Proxy provides an on-premise edge proxy to the Snap Store for your devices. Devices are registered with the proxy, and all communication with the Store will flow through the proxy.
Features included in the beta:
provides a means to access the Snap Store for devices with restricted network access;
allows control of snap updates on attached devices;
caches snap downloads;
provides a management interface via CLI and RESTful API.
Enterprise deployments requiring use of the proxy should contact us.
How to get it?
In the time-honoured spirit of dog-fooding we have developed the Snap Enterprise Proxy as a strictly confined snap. Run sudo snap install snapstore --beta and follow the documentation for configuring the proxy and connecting devices.
Why do I want it?
You have restricted network access, i.e. your devices can’t directly reach the Snap Store (api.snapcraft.io:443)
You want to control which revisions roll out to your fleet of devices
Bugs should be filed in Launchpad. Please include the version of the Snap Enterprise Proxy, as well as the version of snapd on both the proxy and any devices affected.
This is great, thank you for sharing and thank you for the fantastic documentation.
I have a question and a little bit of feedback after reading the docs.
Q: is it sensible to run the proxy on my developer laptop? With my snapd developer hat on I will download and re-download core as a part of tests 100s of times a week. I can save some of my mobile data this way so I was very interested in setting this up.
Feedback: the documentation, specifically here, shows how to configure the snap proxy itself. I was surprised it doesn’t use the configure hook and the snap set snapstore some.thing=value syntax. Is this deliberate or just an omission?
It’s mostly that it seems quite involved for a desktop user to set up (not saying that snappy wants to do this but it’s rather involved compared to a toggle in Software & Updates on Ubuntu, for example, though perhaps I should file a bug to suggest that if this does work after considering the below).
You were suggesting that this solves the automatic refresh situation that some users consider an issue with snapd but as a desktop user I can’t actually satisfy the prerequisites, I don’t have a server, a domain name for the server, or ‘A PostgreSQL instance, and credentials for a user with CREATEROLE privileges, and either CREATEDB or a pre-created database with CREATE privileges on it for that user’. Is this possible to use just by installing on the desktop for the purpose of disabling automatic refresh? Those prerequisites don’t seem to cover that use-case, maybe they need tweaking?
I don’t know the answer since I haven’t looked into the implementation of the proxy, but I can say from principle that the point of the proxy is not to disable refreshes, but to offer further control on it at a large scale.
Similarly, snapd itself, with no external software, offers fine tuned control over refreshes, and more and more features are coming since we got started on this.
We want to discourage disabling of refreshes, with or without proxies, because this is an obvious dead end long term.
Actually given @sparkiegeek’s posts earlier maybe it is possible on one computer via LXD but there’s no docs on how to do so and do so in few steps so it’s not desktop-user-friendly and I suppose it’s not supposed to be as you say.
But there’s no GUI in Ubuntu (or any other GNU/Linux OS, as far as I’m aware) for the refresh timer feature, for example, though I have filed a bug for it.
Thanks for the bug report. Yeah, the GUI for managing snapd itself definitely needs love. The main GUI that we develop for Ubuntu packaging is Gnome Software itself, but it lacks configuration control for snapd proper right now.
Is it possible to install the snap enterprise proxy (actually called the snap-store-proxy) without a proper domain name? I know the prereqs say it is needed, but since I don’t have one, I am hoping there is a way so that I can try it out.
Maybe port forwarding on my NAT would work? So configuring snap proxy like so: proxy.db.connection=“postgresql://user:password@NAT_IP_ADDRESS:FORWARDED_PORT/db”?