Difference between revisions of "Linux proxy"
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| = Linux proxy settings = | |||
| When you behind a firewall of a company proxy you may need to configure your Linux distro to pass proxy details to the applications in turn to connect to Internet. Most common application like curl, wget, git use an environment variables to know proxy settings but others like Firefox and desktop applications may need to be specifically configured within application itself.   | |||
| In the examples below depends on your proxy server you need to be authentication. Often it could be your own Active Directory login/password combination but it can be also Internet user login/password credentials. | |||
| ; | ;Proxy environment variables | ||
| <source lang="bash"> | |||
| http_proxy=http://example.com | |||
| https_proxy=$http_proxy   #or: https_proxy=URL | |||
| ftp_proxy=URL | |||
| no_proxy=string | |||
| </source> | |||
| ;Permanent  | Make sure you can resolve the proxy server DNS name otherwise use IP address | ||
| Append enviroment variables to ~/.profile | |||
| ;Proxy temporary configuration for a single command only | |||
| <source lang="bash"> | |||
| sudo env http_proxy=http://proxyserver.local:8080 apt-get update | |||
| sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update | |||
| </source> | |||
| ;Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables | |||
| <source lang="bash"> | |||
| export http_proxy=http://proxyserver.local:8080/ | |||
| export ftp_proxy=http://username:password@proxyserver.local:8080/ | |||
| sudo -E apt-get update  | |||
| </source> | |||
| ;Permanent proxy configuration for a user | |||
| Append proxy enviroment variables to a user <code>~/.profile</code> file. With sudo remember to use -E to preserve local environment variables | |||
| <source lang="bash"> | |||
| http_proxy="http://proxyserver.local:8080/" | |||
| </source> | |||
| ;Permanent proxy configuration for all users | |||
| Edit all users environment variables <code>sudo vi /etc/environment</code> and add proxy variables | |||
| <source lang="bash">  | |||
|  http_proxy="http://xxx.xxx.xxx.xxx:3128"  | |||
| https_proxy="http://xxx.xxx.xxx.xxx:3128"  | |||
|   ftp_proxy="http://xxx.xxx.xxx.xxx:3128" | |||
|    no_proxy="localhost,127.0.0.1" | |||
|  HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128" | |||
| HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128" | |||
|   FTP_PROXY="http://xxx.xxx.xxx.xxx:3128" | |||
|    NO_PROXY="localhost,127.0.0.1" | |||
| </source> | |||
| ;Manage local environment variables | ;Manage local environment variables | ||
| <source lang="bash"> | |||
| unset HTTP_PROXY   #unset HTTP_PROXY single variable | |||
| env -i bash        #unset all local variables back to default on login | |||
| exec bash          #unset all local variables back to default on login | |||
| </source> | |||
| = Applications custom proxy setting = | |||
| == Wget == | |||
| Some proxy servers require authorization to enable you to use them. The authorization consists of ''username'' and ''password'', which must be sent by eg. Wget. As with HTTP authorization, several authentication schemes exist. For proxy authorization only the ''Basic authentication'' scheme is currently implemented. | |||
| You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this: | |||
| <source lang="bash"> | |||
| wget http://username:mypassword@proxy.company.com:8001/ | |||
| </source> | |||
| Alternatively, you may use the '''proxy-user''' and '''proxy-password''' options, and the equivalent .wgetrc settings '''proxy_user''' and '''proxy_password''' to set the proxy username and password. | |||
| = Proxy servers = | |||
| == CNTLM - Linux == | |||
| # Install CNTLM <code>sudo apt-get install</code> | |||
| # Copy an updated template into <code>/etc/cntlm.conf</code> | |||
| # Generate password hash and test Internet access<br><code>sudo cntlm -c /etc/cntlm.conf -I -M http://www.bbc.co.uk<br>cntlm -H -u 'username' -d 'domain.local'  #generates hash only</code> | |||
| # Replace ''PassNTLMv2'' hash value in the config file <code>/etc/cntlm.conf</code> with the generated hash. | |||
| # Restart <code> services cntlm restart</code> | |||
| Cntlm template to copy into <code>/etc/cntlm.conf</code> | |||
| <source lang="bash"> | |||
| # Cntlm Authentication Proxy Configuration | |||
| Username	foobar      #your windows username | |||
| Domain		home.local | |||
| # Password	password | |||
| # PassLM     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |||
| # PassNT     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |||
| # PassNTLMv2      XXXXX3AD50AC2DC59B62324EE9202E29 # username's password hash | |||
| # Workstation	netbios_hostname | |||
| # List proxies | |||
| Proxy		172.31.10.100:8080      #proxy with access to Internet | |||
| # Do not use proxy - exception url's | |||
| NoProxy	*.home.local, localhost, 127.0.0.*, 10.*, 192.168.* | |||
| Listen		3128 | |||
| Listen		172.31.20.128:3128   #interface ip you want proxy listen on | |||
| # Enable to allow access from other computers | |||
| Gateway	yes | |||
| # Useful in Gateway mode to allow/restrict certain IPs | |||
| # Specifiy individual IPs or subnets one rule per line. | |||
| # | |||
| Allow		127.0.0.1           #allow connect from localhost | |||
| Allow		172.31.147.128      #ip of VM or remote PC that you authorize to use the proxy | |||
| #Deny		0/0 | |||
| </source> | |||
| = Maven proxy = | |||
| If you are behind the proxy Maven needs to be configured to use it: | |||
| * global settings: <tt>/etc/maven/settings.xml</tt> | |||
| * local: <tt>~/.m2/settings.xml</tt> | |||
| The easiest is to use local file | |||
| <source lang="xml"> | |||
| vi ~/.m2/settings.xml | |||
| <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" | |||
|   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |||
|   xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 | |||
|                       http://maven.apache.org/xsd/settings-1.0.0.xsd"> | |||
|   <proxies> | |||
|     <proxy> | |||
|       <active>true</active> | |||
|       <protocol>http</protocol> | |||
|       <host>proxy_host_IP-or-DNS</host> | |||
|       <port>3128</port> | |||
|       <nonProxyHosts>maven</nonProxyHosts> | |||
|     </proxy> | |||
|   </proxies> | |||
| </settings> | |||
| </source> | |||
| = [[Docker#HTTP_proxy|Docker proxy]] = | |||
| = Resources = | = Resources = | ||
| *[http://askubuntu.com/questions/158557/setting-proxy-from-terminal setting-proxy-from-terminal] | *[http://askubuntu.com/questions/158557/setting-proxy-from-terminal setting-proxy-from-terminal] | ||
| *[http://cntlm.sourceforge.net/ Cntlm Authentication Proxy] NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft | |||
Latest revision as of 13:48, 16 September 2018
Linux proxy settings
When you behind a firewall of a company proxy you may need to configure your Linux distro to pass proxy details to the applications in turn to connect to Internet. Most common application like curl, wget, git use an environment variables to know proxy settings but others like Firefox and desktop applications may need to be specifically configured within application itself.
In the examples below depends on your proxy server you need to be authentication. Often it could be your own Active Directory login/password combination but it can be also Internet user login/password credentials.
- Proxy environment variables
http_proxy=http://example.com https_proxy=$http_proxy #or: https_proxy=URL ftp_proxy=URL no_proxy=string
Make sure you can resolve the proxy server DNS name otherwise use IP address
- Proxy temporary configuration for a single command only
sudo env http_proxy=http://proxyserver.local:8080 apt-get update sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update
- Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables
export http_proxy=http://proxyserver.local:8080/ export ftp_proxy=http://username:password@proxyserver.local:8080/ sudo -E apt-get update
- Permanent proxy configuration for a user
Append proxy enviroment variables to a user ~/.profile file. With sudo remember to use -E to preserve local environment variables
http_proxy="http://proxyserver.local:8080/"
- Permanent proxy configuration for all users
Edit all users environment variables sudo vi /etc/environment and add proxy variables
http_proxy="http://xxx.xxx.xxx.xxx:3128" https_proxy="http://xxx.xxx.xxx.xxx:3128" ftp_proxy="http://xxx.xxx.xxx.xxx:3128" no_proxy="localhost,127.0.0.1" HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128" HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128" FTP_PROXY="http://xxx.xxx.xxx.xxx:3128" NO_PROXY="localhost,127.0.0.1"
- Manage local environment variables
unset HTTP_PROXY #unset HTTP_PROXY single variable env -i bash #unset all local variables back to default on login exec bash #unset all local variables back to default on login
Applications custom proxy setting
Wget
Some proxy servers require authorization to enable you to use them. The authorization consists of username and password, which must be sent by eg. Wget. As with HTTP authorization, several authentication schemes exist. For proxy authorization only the Basic authentication scheme is currently implemented.
You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this:
wget http://username:mypassword@proxy.company.com:8001/
Alternatively, you may use the proxy-user and proxy-password options, and the equivalent .wgetrc settings proxy_user and proxy_password to set the proxy username and password.
Proxy servers
CNTLM - Linux
- Install CNTLM sudo apt-get install
- Copy an updated template into /etc/cntlm.conf
- Generate password hash and test Internet accesssudo cntlm -c /etc/cntlm.conf -I -M http://www.bbc.co.uk
 cntlm -H -u 'username' -d 'domain.local' #generates hash only
- Replace PassNTLMv2 hash value in the config file /etc/cntlm.confwith the generated hash.
- Restart services cntlm restart
Cntlm template to copy into /etc/cntlm.conf
# Cntlm Authentication Proxy Configuration Username foobar #your windows username Domain home.local # Password password # PassLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # PassNT xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # PassNTLMv2 XXXXX3AD50AC2DC59B62324EE9202E29 # username's password hash # Workstation netbios_hostname # List proxies Proxy 172.31.10.100:8080 #proxy with access to Internet # Do not use proxy - exception url's NoProxy *.home.local, localhost, 127.0.0.*, 10.*, 192.168.* Listen 3128 Listen 172.31.20.128:3128 #interface ip you want proxy listen on # Enable to allow access from other computers Gateway yes # Useful in Gateway mode to allow/restrict certain IPs # Specifiy individual IPs or subnets one rule per line. # Allow 127.0.0.1 #allow connect from localhost Allow 172.31.147.128 #ip of VM or remote PC that you authorize to use the proxy #Deny 0/0
Maven proxy
If you are behind the proxy Maven needs to be configured to use it:
- global settings: /etc/maven/settings.xml
- local: ~/.m2/settings.xml
The easiest is to use local file
vi ~/.m2/settings.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <proxies>
    <proxy>
      <active>true</active>
      <protocol>http</protocol>
      <host>proxy_host_IP-or-DNS</host>
      <port>3128</port>
      <nonProxyHosts>maven</nonProxyHosts>
    </proxy>
  </proxies>
</settings>
Docker proxy
Resources
- setting-proxy-from-terminal
- Cntlm Authentication Proxy NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft