Snap-proxy registration approval

store
1

Following this documentation, I ran snap-proxy register yesterday to register our snap proxy, but are still waiting on approval:

root@ubuntu:~# snap-proxy status
Store ID: { store id }
Status: pending
Connected Devices (updated daily): 0
Device Limit: None
Internal Service Status:
  memcached: running
  nginx: not running: [Errno -2] Name or service not known
  snapauth: running
  snapdevicegw: running
  snapdevicegw-local: running
  snapproxy: running
  snaprevs: running
root@ubuntu:~#

Is there an official way to request approval?

2

I think I approved your request (let me know if not; I can’t directly map your forum identity to that of the person who registered the proxy so I may have fumbled it).

  • Daniel
3

Yup, looks like it’s approved, thanks. Two follow up questions (I can a separate post if needed):

The documentation notes the following:

For evaluation purposes, we automatically grant the use of up to 5 devices.

Does this mean we can only have 5 devices use the proxy before we need we need to pay? Is there more information on this somewhere?

If you look at my snippet, nginx failed to load with [Errno -2] Name or service not known. It doesn’t look like snap-proxy exposes nginx logs anywhere obvious that I can tell, but taking a guess, I think it’s an issue with the proxy.domain variable. Looking at /snap/snap-store-proxy/current/templates/nginx.conf, I see the following line:

server_name {{ cfg['proxy.domain'] }};

We use a wildcard cert for our domain, and the snap-proxy host is something like ubuntu.domain.com. However, when I specify ubuntu.domain.com as the proxy.domain, I get the following error:

root@ubuntu:~# snap-proxy config proxy.domain="ubuntu.domain.com" 
proxy.domain: ubuntu.domain.com
root@ubuntu~# cat cert key | snap-proxy import-certificate
ubuntu.domain.com domain not supported by this TLS certificate
root@ubuntu:~#

When I use domain.com, it succeeds

root@ubuntu:~# sudo snap-proxy config proxy.domain="domain.com" 
proxy.domain: domain.com
root@ubuntu:~# cat cert key | snap-proxy import-certificate
TLS certificate for domain.com configured.
root@ubuntu:~#

But the snap-proxy host isn’t domain.com, it’s ubuntu.domain.com, which (I believe) causes the nginx error. Is there a workaround for this?

Edit: Furthermore, after changing proxy.domain to ubuntu.domain.com to get a working proxy (albeit without SSL), I can’t remove the cert I added, either by running snap-proxy remove-ca-certs or by trying to manually set proxy.tls.cert (which `snap-proxy config shows is set to the wildcard cert I set earlier):

root@ubuntu:~# snap-proxy remove-ca-certs
error: Could not remove /var/snap/snap-store-proxy/common/ca-certificates.crt
root@ubuntu:~# systemctl restart snapd
root@ubuntu:~# snap-proxy status
Store ID: { id }
Status: approved
Connected Devices (updated daily): 0
Device Limit: 150
Internal Service Status:
  memcached: running
  nginx: not running: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
  snapauth: running
  snapdevicegw: running
  snapdevicegw-local: running
  snapproxy: running
  snaprevs: running
root@ubuntu:~# # snap-proxy config shows proxy.tls.cert as the cert I set earlier
root@ubuntu:~# snap-proxy config proxy.tls.cert=""
no TLS certificate data
root@ubuntu:~# snap-proxy config proxy.tls.cert=
no TLS certificate data
root@ubuntu:~# snap-proxy config proxy.tls.cert="foo"
could not parse TLS certificate (PEM format)
root@ubuntu:~#
4

I created Snap-proxy wildcard cert issues for the cert issues, but would still appreciate some clarification on how many hosts are allowed to use the proxy. It looks like snap-proxy status now says 150 - what happens if we reach that limit, and is it possible to increase/decrease the limit?

5

Would still appreciate some clarification on how many hosts we’re allowed.