Autoproxy is provided to enable Clear Linux* OS to work smoothly behind a corporate proxy.


Autoproxy tries to detect a Proxy Auto-Config (PAC) script and use it to automatically resolve the proxy needed for a given connection. With Autoproxy, you can use Clear Linux OS inside any proxy environment without having to manually configure the proxies.

Corporate and private networks can be very complex, needing to restrict and control network connections for security reasons. The typical side effects are limited or blocked connectivity, and require manual configuration of proxies to perform the most mundane tasks, such as cloning a repo or checking for updates. With Clear Linux OS, all of the work is done behind the scenes to effortlessly use your network and have connections “just work”.

This feature removes severe complications with network connectivity due to proxy issues. You can automate tasks, such as unit testing, without worrying about the proxy not being set, and you can remove unset proxies from the equation when dealing with network unavailability across systems.

How it works

We designed Autoproxy around tools provided by most Linux* distributions with a few minor additions and modifications. We leveraged the DHCP and network information obtained from systemd and created a PAC-discovery daemon. The daemon uses the information to resolve a URL for a PAC file. The daemon then passes the URL into PACrunner*. PACrunner downloads the PAC file and uses the newly implemented Duktape* engine to parse it.


Figure 1: Autoproxy Flow

From that point on, any cURL* or network requests query PACrunner for the correct proxy to use. We modified the cURL library to communicate with PACrunner over DBus. However, cURL will ignore PACrunner and run normally if no PAC file is loaded or if you manually set any proxies. Thus, your environment settings are respected and no time is wasted trying to resolve a proxy. All these steps happen in the background with no user interaction.


Autoproxy allows Clear Linux OS to operate seamlessly behind a proxy because swupd and other Clear Linux OS tools are implemented on top of libcurl. Tools that do not use libcurl, like git, must be configured independently.

If you are familiar with PAC files and WPAD, you can use pacdiscovery and FindProxyForURL to troubleshoot problems with autproxy.


Learn more about WPAD, PAC files, and PAC functions at findproxyforurl.

Run pacdiscovery with no arguments to indicate

  1. if there is a problem resolving the WPAD host name resolution:

    failed getaddrinfo: No address associated with hostname
    Unable to find wpad host
  2. or if the pacrunner service is disabled (masked).

    PAC url:
    Failed to create proxy config: Unit pacrunner.service is masked.

Unmask the pacrunner service by running:

systemctl unmask pacrunner.service

FindProxyForURL with busctl can also indicate if the pacrunner.service is masked.

busctl call org.pacrunner /org/pacrunner/client org.pacrunner.Client
FindProxyForURL ss "" ""
Unit pacrunner.service is masked.
dig wpad, dig wpad.<domain>

FindProxyForURL returns the URL and port of the proxy server when an external URL and host are provided as arguments.

busctl call org.pacrunner /org/pacrunner/client org.pacrunner.Client
FindProxyForURL ss "" ""
s "PROXY<port>"

If a proxy server is not avialable, or if pacrunner is running without a PAC file, FindProxyForURL will return “DIRECT”.

busctl call org.pacrunner /org/pacrunner/client org.pacrunner.Client
FindProxyForURL ss "" ""

Once pacdiscovery is able to look up WPAD, restart the pacrunner service:

systemctl stop pacrunner
systemctl restart pacdiscovery


A “domain” or “search” entry in /etc/resolv.conf is required for short name lookups to resolve. The resolv.conf man page has additional details.