From e7b5e2c3812d706c470aeee9526b7eb3177bc18c Mon Sep 17 00:00:00 2001
From: Serhii Stanislavskyi <serhii.stanislavskyi@checkmarx.com>
Date: Fri, 6 Jun 2025 19:27:41 +0300
Subject: [PATCH 1/5] AST-99555: test router proxy func

---
 ziti/config.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ziti/config.go b/ziti/config.go
index 4c6a499b..c524d7c2 100644
--- a/ziti/config.go
+++ b/ziti/config.go
@@ -19,6 +19,7 @@ package ziti
 import (
 	"crypto/x509"
 	"encoding/json"
+	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/edge-api/rest_util"
 	"github.com/openziti/identity"
 	apis "github.com/openziti/sdk-golang/edge-apis"
@@ -116,6 +117,21 @@ func NewConfigFromFile(confFile string) (*Config, error) {
 		return nil, errors.Errorf("failed to load ziti configuration (%s): %v", confFile, err)
 	}
 
+	c.RouterProxy = func(addr string) *transport.ProxyConfiguration {
+		// Parse the HTTPS_PROXY env (or https:// proxy setting) for this address
+		req := &http.Request{URL: &url.URL{Host: addr}}
+		proxyURL, errProxy := http.ProxyFromEnvironment(req)
+		pfxlog.Logger().Infof("!!!!!!!!url: %s, proxyURL: %v, errProxy: %v", addr, proxyURL, errProxy)
+		if proxyURL == nil {
+			return nil // no proxy
+		}
+		// Extract host:port from proxyURL and create ProxyConfiguration
+		return &transport.ProxyConfiguration{
+			Type:    transport.ProxyTypeHttpConnect,
+			Address: proxyURL.Host,
+		}
+	}
+
 	return &c, nil
 }
 

From 51bbdc4444748f6c2f85b4b72546d16682dca14b Mon Sep 17 00:00:00 2001
From: Serhii Stanislavskyi <serhii.stanislavskyi@checkmarx.com>
Date: Tue, 10 Jun 2025 13:52:28 +0300
Subject: [PATCH 2/5] AST-99555: debug os env

---
 ziti/config.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ziti/config.go b/ziti/config.go
index c524d7c2..2a86fc16 100644
--- a/ziti/config.go
+++ b/ziti/config.go
@@ -121,7 +121,8 @@ func NewConfigFromFile(confFile string) (*Config, error) {
 		// Parse the HTTPS_PROXY env (or https:// proxy setting) for this address
 		req := &http.Request{URL: &url.URL{Host: addr}}
 		proxyURL, errProxy := http.ProxyFromEnvironment(req)
-		pfxlog.Logger().Infof("!!!!!!!!url: %s, proxyURL: %v, errProxy: %v", addr, proxyURL, errProxy)
+		val := os.Getenv("HTTPS_PROXY") // for debugging purposes
+		pfxlog.Logger().Infof("!!!!!!!!val: %s, url: %s, proxyURL: %v, errProxy: %v", val, addr, proxyURL, errProxy)
 		if proxyURL == nil {
 			return nil // no proxy
 		}

From 02432b7f52a6bea305ead68529e21c126811ef3a Mon Sep 17 00:00:00 2001
From: Serhii Stanislavskyi <serhii.stanislavskyi@checkmarx.com>
Date: Tue, 10 Jun 2025 16:20:26 +0300
Subject: [PATCH 3/5] AST-99555: testing ziti Url

---
 ziti/config.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ziti/config.go b/ziti/config.go
index 2a86fc16..b6359b80 100644
--- a/ziti/config.go
+++ b/ziti/config.go
@@ -119,10 +119,15 @@ func NewConfigFromFile(confFile string) (*Config, error) {
 
 	c.RouterProxy = func(addr string) *transport.ProxyConfiguration {
 		// Parse the HTTPS_PROXY env (or https:// proxy setting) for this address
-		req := &http.Request{URL: &url.URL{Host: addr}}
+		parsedUrl, errParse := url.Parse(c.ZtAPI)
+		if errParse != nil {
+			pfxlog.Logger().Infof("!!!111!!!!!error: %s", errParse.Error())
+			return nil
+		}
+		req := &http.Request{URL: parsedUrl}
 		proxyURL, errProxy := http.ProxyFromEnvironment(req)
 		val := os.Getenv("HTTPS_PROXY") // for debugging purposes
-		pfxlog.Logger().Infof("!!!!!!!!val: %s, url: %s, proxyURL: %v, errProxy: %v", val, addr, proxyURL, errProxy)
+		pfxlog.Logger().Infof("!!!!!!!!val: %s, ZtAPI: %s, addr: %s, proxyURL: %v, errProxy: %v", val, c.ZtAPI, addr, proxyURL, errProxy)
 		if proxyURL == nil {
 			return nil // no proxy
 		}

From d7e569628354a4939d0bed8a31d5080cb70930b9 Mon Sep 17 00:00:00 2001
From: Serhii Stanislavskyi <serhii.stanislavskyi@checkmarx.com>
Date: Fri, 13 Jun 2025 14:41:01 +0300
Subject: [PATCH 4/5] AST-99555: adding router proxy func

---
 ziti/config.go | 62 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/ziti/config.go b/ziti/config.go
index b6359b80..6a76c7ec 100644
--- a/ziti/config.go
+++ b/ziti/config.go
@@ -117,26 +117,7 @@ func NewConfigFromFile(confFile string) (*Config, error) {
 		return nil, errors.Errorf("failed to load ziti configuration (%s): %v", confFile, err)
 	}
 
-	c.RouterProxy = func(addr string) *transport.ProxyConfiguration {
-		// Parse the HTTPS_PROXY env (or https:// proxy setting) for this address
-		parsedUrl, errParse := url.Parse(c.ZtAPI)
-		if errParse != nil {
-			pfxlog.Logger().Infof("!!!111!!!!!error: %s", errParse.Error())
-			return nil
-		}
-		req := &http.Request{URL: parsedUrl}
-		proxyURL, errProxy := http.ProxyFromEnvironment(req)
-		val := os.Getenv("HTTPS_PROXY") // for debugging purposes
-		pfxlog.Logger().Infof("!!!!!!!!val: %s, ZtAPI: %s, addr: %s, proxyURL: %v, errProxy: %v", val, c.ZtAPI, addr, proxyURL, errProxy)
-		if proxyURL == nil {
-			return nil // no proxy
-		}
-		// Extract host:port from proxyURL and create ProxyConfiguration
-		return &transport.ProxyConfiguration{
-			Type:    transport.ProxyTypeHttpConnect,
-			Address: proxyURL.Host,
-		}
-	}
+	c.RouterProxy = routerProxyFromEnvironment
 
 	return &c, nil
 }
@@ -149,3 +130,44 @@ func NewConfigFromFile(confFile string) (*Config, error) {
 func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error) {
 	return rest_util.GetControllerWellKnownCaPool(controllerAddr)
 }
+
+// routerProxyFromEnvironment will return a ProxyConfiguration for the given address based on the environment variables
+func routerProxyFromEnvironment(addr string) *transport.ProxyConfiguration {
+	// Create a request with the address to parse
+	parsedURL, errParse := parseTLS(addr)
+	if errParse != nil {
+		pfxlog.Logger().Infof("Could not parse URL. Error: %s", errParse.Error())
+		return nil
+	}
+	req := &http.Request{URL: parsedURL}
+
+	// Parse the HTTPS_PROXY or HTTP_PROXY env for this address
+	proxyURL, errProxy := http.ProxyFromEnvironment(req)
+	if errProxy != nil {
+		pfxlog.Logger().Infof("Could not determine proxy from environment. Error: %s", errProxy.Error())
+		return nil
+	}
+	if proxyURL == nil {
+		return nil // no proxy
+	}
+
+	return &transport.ProxyConfiguration{
+		Type:    transport.ProxyTypeHttpConnect,
+		Address: proxyURL.Host,
+	}
+}
+
+// parseTLS is a helper function to parse a raw URL string that may be prefixed with "tls:".
+// If the URL is prefixed with "tls:", it will prepend "https://" and reparse it.
+func parseTLS(raw string) (*url.URL, error) {
+	u, err := url.Parse(raw)
+	if err != nil {
+		return nil, err
+	}
+
+	if u.Scheme == "tls" {
+		// Prepend standard "https://" and reparse
+		return url.Parse("https://" + u.Opaque)
+	}
+	return u, nil
+}

From 5bfa4c798ba0b571cb2025b8ad1d463a89ccfe25 Mon Sep 17 00:00:00 2001
From: Serhii Stanislavskyi <serhii.stanislavskyi@checkmarx.com>
Date: Wed, 18 Jun 2025 15:58:12 +0300
Subject: [PATCH 5/5] change logging functions

---
 ziti/config.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ziti/config.go b/ziti/config.go
index 6a76c7ec..ed91c95c 100644
--- a/ziti/config.go
+++ b/ziti/config.go
@@ -136,7 +136,7 @@ func routerProxyFromEnvironment(addr string) *transport.ProxyConfiguration {
 	// Create a request with the address to parse
 	parsedURL, errParse := parseTLS(addr)
 	if errParse != nil {
-		pfxlog.Logger().Infof("Could not parse URL. Error: %s", errParse.Error())
+		pfxlog.Logger().Warnf("Could not parse URL. Error: %s", errParse.Error())
 		return nil
 	}
 	req := &http.Request{URL: parsedURL}
@@ -144,7 +144,7 @@ func routerProxyFromEnvironment(addr string) *transport.ProxyConfiguration {
 	// Parse the HTTPS_PROXY or HTTP_PROXY env for this address
 	proxyURL, errProxy := http.ProxyFromEnvironment(req)
 	if errProxy != nil {
-		pfxlog.Logger().Infof("Could not determine proxy from environment. Error: %s", errProxy.Error())
+		pfxlog.Logger().Warnf("Could not determine proxy from environment. Error: %s", errProxy.Error())
 		return nil
 	}
 	if proxyURL == nil {