Firewalls and Proxies

Since BlueSky on your clients’ computers is making an outgoing connection to the BlueSky server, it is almost never blocked by firewalls (at least not in SMB environments). Your admin connection comes back in through that established outgoing connection so it is not examined either.

In larger environments, outgoing connections to anything other than HTTP may be blocked and a proxy server required. BlueSky will detect an HTTPS proxy is in place by looking at the Network pane of System Preferences and will use the proxy server for its connections. This is automatic and seamless. And if you have a laptop user who switches from an office location with proxies, to a home network location with no proxies, BlueSky will adjust and reconnect within about 5 minutes of the location change.

It does this by swapping /var/bluesky/.ssh/config files - one that leverages corkscrew to go over HTTPS and the other that goes straight to SSH.

In the event that BlueSky cannot pick up on a proxy setting, you can manually specify the proxy to be used by entering this command on the computer:

/usr/libexec/PlistBuddy -c "Set :proxy 'proxy.pretendco.com 8080'" /var/bluesky/settings.plist

..if your proxy was http://proxy.pretendco.com:8080. Sub in the appropriate information.

In environments where outgoing ports are hard blocked (no proxy just straight port blocking), BlueSky will need TCP ports 443 and 3122 unblocked to your BlueSky server’s URL.