Is there a secure way to access internet through a template?

I used dnf to download flatpak in a fedora template, but it worked without even netvm which supposed to provide internet access (I forgot about this at that time), but after executing this command it gave me an error that the address cannot be resolved flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

I relized that it has no netvm so I was stunned and I searched through the forum and found that qubes is configured to provide dnf and apt repo through a proxy that is accessible through localhost internal to the template (did not grasp the notion completely to be honest), but I know that it is not secure to connect a netvm to a template so what should I do for downloading software from other repos?

Is there anyway to execute this command and also access flatpak repo without connecting the template to a netvm?

1 Like

You need to use the proxy, check this:

2 Likes

Did all the steps exactly and revised for 1 time, but unfortunately not working, seems flatpak not connecting to the internet

Can you describe the steps you are doing to proceed?

This should be enough to add the remote:

export all_proxy=http://127.0.0.1:8082/
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
2 Likes

I already did this but I don’t know what was the problem, when I did “search” the terminal would freeze indefinetly and gives no any input prompt later or it says “no matches found” while for sure the package with in the repo, also for “install” it was freezing so I thought there was a problem some problem at first but it then list the packages after couple of minutes.

By the way the problem was resolved after applying updates to my fedora template.

But I have another question, what if I’m trying to install something from github or any other repo or an AppImage from any other trusted website? is there any safe way without exposing the template directly to the internet?

Because this blog post was specific to flatpak and to be honest I was just imitating the procedures and I don’t have enough technical knowledge to adapt it to other services/repos.

Your template is never connected to the Internet, it connects through a proxy that is in sys-firewall IIRC.

If you download an appimage or binary, you have two ways to proceed:

  • download it from an AppVM and move the file to the template
  • download from the template using the command line by using the proxy
1 Like

How to “download from the template using the command line by using the proxy”, please?

Replace $URL with the URL of the file you want to download.

curl -O -x http://127.0.0.1:8082 "$URL"
1 Like

Discussion report :page_with_curl:

A complete solution was given through:

[1] Is there a secure way to access internet through a template? - #2 by parulin
[2] Is there a secure way to access internet through a template? - #9 by solene

Summary :page_facing_up:

[1] @parulin points to a forum post by @solene which refers to a blog post of her guide to implement flatpak in a TemplateVM through internal proxy server to be able to download software from the repo to the template (which should not be connected to a netvm for security reasons)

[2] @solene gives general method to download files from specific URLs through the Template’s internal proxy server

2 Likes