Available since version 3.9.0
Vantage6 algorithms are normally disconnected from the internet, and are therefore unable to connect to access data that is not connected to the node on node startup. Via this feature it is possible to whitelist certain domains, ips and ports to allow the algorithm to connect to these resources. It is important to note that only the http protocol is supported. If you require a different protocol, please look at SSH Tunnel.
As a node owner you are responsible for the security of your node. Make sure you understand the implications of whitelisting before enabling this feature.
Be aware that when a port is whitelisted it is whitelisted for all domains and ips.
Setting up whitelisting#
whitelist to the node configuration file:
whitelist: domains: - .google.com - github.com - host.docker.internal # docker host ip (windows/mac) ips: - 172.17.0.1 # docker bridge ip (linux) - 126.96.36.199 ports: - 443
This feature makes use of Squid, which is a proxy server. For every domain, ip and port a acl directive is created. See their documentation for more details on what valid values are.
Implementation details / Notes#
The algorithm container is provided with the environment variables
NO_PROXY. Unfortunately, there is no standard for handling these
variables. Therefore, whether this works will depend on the application you
are using. See this
post for more details.
In case the algorithm tries to connect to a domain that is not whitelisted, a http 403 error will be returned by the squid instance.
Make sure the requests from the algorithm are using the environment variables. Some libraries will ignore these variables and use their own configuration.
requestslibrary will work for all cases.
curlcommand will not work for vantage6 VPN addresses as the format of
no_proxyvariable is not supported. You can fix this by using the
--noproxyoption when requesting a VPN address.
VPN addresses in
no_proxy have the same format as in the node
configuration file, by default
10.76.0.0/16. Make sure the request
library understands this format when connecting to a VPN address.