Difference between revisions of "Linux proxy"

From Ever changing code
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 6: Line 6:


;Proxy environment variables
;Proxy environment variables
http_proxy=<nowiki>http://example.com</nowiki>
<source lang="bash">
https_proxy=$http_proxy   or   https_proxy=URL
http_proxy=http://example.com
ftp_proxy=URL
https_proxy=$http_proxy   #or: https_proxy=URL
no_proxy=string
ftp_proxy=URL
no_proxy=string
</source>
 


Make sure you can resolve the proxy server DNS name otherwise use IP address
Make sure you can resolve the proxy server DNS name otherwise use IP address


;Proxy temporary configuration for a single command only
;Proxy temporary configuration for a single command only
<nowiki>sudo env http_proxy=http://proxyserver.local:8080 apt-get update</nowiki>
<source lang="bash">
<nowiki>sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update</nowiki>
sudo env http_proxy=http://proxyserver.local:8080 apt-get update
sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update
</source>
 


;Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables
;Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables
<nowiki>export http_proxy=http://proxyserver.local:8080/</nowiki>
<source lang="bash">
<nowiki>export ftp_proxy=http://username:password@proxyserver.local:8080/</nowiki>
export http_proxy=http://proxyserver.local:8080/
sudo -E apt-get update  
export ftp_proxy=http://username:password@proxyserver.local:8080/
sudo -E apt-get update  
</source>
 


;Permanent proxy configuration for a user
;Permanent proxy configuration for a user
Append proxy enviroment variables to a user <code>~/.profile</code> file. With sudo remember to use -E to preserve local environment variables
Append proxy enviroment variables to a user <code>~/.profile</code> file. With sudo remember to use -E to preserve local environment variables
<nowiki>http_proxy=http://proxyserver.local:8080/</nowiki>
<source lang="bash">
http_proxy="http://proxyserver.local:8080/"
</source>
 


;Permanent proxy configuration for all users
;Permanent proxy configuration for all users
Edit all users environment variables <code>sudo vi /etc/environment</code> and add proxy variables
Edit all users environment variables <code>sudo vi /etc/environment</code> and add proxy variables


<nowiki> http_proxy="http://xxx.xxx.xxx.xxx:3128"
<source lang="bash">  
https_proxy="http://xxx.xxx.xxx.xxx:3128"
http_proxy="http://xxx.xxx.xxx.xxx:3128"  
ftp_proxy="http://xxx.xxx.xxx.xxx:3128"
https_proxy="http://xxx.xxx.xxx.xxx:3128"  
no_proxy="localhost,127.0.0.1"
  ftp_proxy="http://xxx.xxx.xxx.xxx:3128"
  no_proxy="localhost,127.0.0.1"
 
  HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
  HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128"
HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128"
FTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
  FTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
NO_PROXY="localhost,127.0.0.1"</nowiki>
  NO_PROXY="localhost,127.0.0.1"
</source>
 


;Manage local environment variables
;Manage local environment variables
unset HTTP_PROXY  #unset HTTP_PROXY single variable
<source lang="bash">
env -i bash        #unset all local variables back to default on login
unset HTTP_PROXY  #unset HTTP_PROXY single variable
exec bash          #unset all local variables back to default on login
env -i bash        #unset all local variables back to default on login
exec bash          #unset all local variables back to default on login
</source>


= Applications custom proxy setting =
= Applications custom proxy setting =
Line 48: Line 66:


You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this:
You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this:
 
<source lang="bash">
<nowiki>wget http://username:mypassword@proxy.company.com:8001/</nowiki>
wget http://username:mypassword@proxy.company.com:8001/
 
</source>
Alternatively, you may use the '''proxy-user''' and '''proxy-password''' options, and the equivalent .wgetrc settings '''proxy_user''' and '''proxy_password''' to set the proxy username and password.
Alternatively, you may use the '''proxy-user''' and '''proxy-password''' options, and the equivalent .wgetrc settings '''proxy_user''' and '''proxy_password''' to set the proxy username and password.


Line 57: Line 75:
# Install CNTLM <code>sudo apt-get install</code>
# Install CNTLM <code>sudo apt-get install</code>
# Copy an updated template into <code>/etc/cntlm.conf</code>
# Copy an updated template into <code>/etc/cntlm.conf</code>
# Generate password hash and test Internet access<br><code>sudo cntlm -c /etc/cntlm.conf -I -M <nowiki>http://www.bbc.co.uk</nowiki><br>cntlm -H -u 'username' -d 'domain.local'  #generates hash only</code>
# Generate password hash and test Internet access<br><code>sudo cntlm -c /etc/cntlm.conf -I -M http://www.bbc.co.uk<br>cntlm -H -u 'username' -d 'domain.local'  #generates hash only</code>
# Replace ''PassNTLMv2'' hash value in the config file <code>/etc/cntlm.conf</code> with the generated hash.
# Replace ''PassNTLMv2'' hash value in the config file <code>/etc/cntlm.conf</code> with the generated hash.
# Restart <code> services cntlm restart</code>
# Restart <code> services cntlm restart</code>


Cntlm template to copy into <code>/etc/cntlm.conf</code>
Cntlm template to copy into <code>/etc/cntlm.conf</code>
# Cntlm Authentication Proxy Configuration
<source lang="bash">
# Cntlm Authentication Proxy Configuration
Username <span style="color: blue">foofoo</span>     #your windows username
Username foobar     #your windows username
Domain <span style="color: blue">home.local</span>
Domain home.local
# Password password
# Password password
# Use hashes instead
# PassLM    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassLM    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNT    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNT    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNTLMv2      XXXXX3AD50AC2DC59B62324EE9202E29 # username's password hash
# PassNTLMv2      <span style="color: blue">XXXXX3AD50AC2DC59B62324EE9202E29</span> # username's password hash
 
# Workstation netbios_hostname
# Workstation netbios_hostname
# List proxies
# List proxies
Proxy 172.31.10.100:8080      #proxy with access to Internet
Proxy <span style="color: blue">172.31.10.100:8080</span>     #proxy with access to Internet
 
# Do not use proxy - exception url's
# Do not use proxy - exception url's
NoProxy *.home.local, localhost, 127.0.0.*, 10.*, 192.168.*
NoProxy *.home.local, localhost, 127.0.0.*, 10.*, 192.168.*
 
Listen 3128
Listen 3128
Listen 172.31.20.128:3128  #interface ip you want proxy listen on
Listen <span style="color: blue">172.31.20.128</span>:3128  #interface ip you want proxy listen on
 
# Enable to allow access from other computers
# Enable to allow access from other computers
Gateway yes
Gateway yes
# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
Allow 127.0.0.1          #allow connect from localhost
Allow <span style="color: blue">172.31.147.128</span>      #ip of VM or remote PC that you authorize to use the proxy
#Deny 0/0


# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
Allow 127.0.0.1          #allow connect from localhost
Allow 172.31.147.128      #ip of VM or remote PC that you authorize to use the proxy
#Deny 0/0
</source>
= Maven proxy =
= Maven proxy =
If you are behind the proxy Maven needs to be configured to use it:
If you are behind the proxy Maven needs to be configured to use it:
Line 98: Line 115:


The easiest is to use local file
The easiest is to use local file
vi ~/.m2/settings.xml
<source lang="xml">
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
vi ~/.m2/settings.xml
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
  <proxies>
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <proxy>
  <proxies>
      <active>true</active>
    <proxy>
      <protocol>http</protocol>
      <active>true</active>
      <host>proxy_host_IP-or-DNS</host>
      <protocol>http</protocol>
      <port>3128</port>
      <host>proxy_host_IP-or-DNS</host>
      <nonProxyHosts>maven</nonProxyHosts>
      <port>3128</port>
    </proxy>
      <nonProxyHosts>maven</nonProxyHosts>
  </proxies>
    </proxy>
</settings>
  </proxies>
</settings>
</source>
= [[Docker#HTTP_proxy|Docker proxy]] =


= Resources =
= Resources =
*[http://askubuntu.com/questions/158557/setting-proxy-from-terminal setting-proxy-from-terminal]
*[http://askubuntu.com/questions/158557/setting-proxy-from-terminal setting-proxy-from-terminal]
*[http://cntlm.sourceforge.net/ Cntlm Authentication Proxy] NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft
*[http://cntlm.sourceforge.net/ Cntlm Authentication Proxy] NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft

Latest revision as of 13:48, 16 September 2018

Linux proxy settings

When you behind a firewall of a company proxy you may need to configure your Linux distro to pass proxy details to the applications in turn to connect to Internet. Most common application like curl, wget, git use an environment variables to know proxy settings but others like Firefox and desktop applications may need to be specifically configured within application itself.

In the examples below depends on your proxy server you need to be authentication. Often it could be your own Active Directory login/password combination but it can be also Internet user login/password credentials.

Proxy environment variables
http_proxy=http://example.com
https_proxy=$http_proxy   #or: https_proxy=URL
ftp_proxy=URL
no_proxy=string


Make sure you can resolve the proxy server DNS name otherwise use IP address

Proxy temporary configuration for a single command only
sudo env http_proxy=http://proxyserver.local:8080 apt-get update
sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update


Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables
export http_proxy=http://proxyserver.local:8080/
export ftp_proxy=http://username:password@proxyserver.local:8080/
sudo -E apt-get update


Permanent proxy configuration for a user

Append proxy enviroment variables to a user ~/.profile file. With sudo remember to use -E to preserve local environment variables 

http_proxy="http://proxyserver.local:8080/"


Permanent proxy configuration for all users

Edit all users environment variables sudo vi /etc/environment and add proxy variables 

http_proxy="http://xxx.xxx.xxx.xxx:3128" 
https_proxy="http://xxx.xxx.xxx.xxx:3128" 
  ftp_proxy="http://xxx.xxx.xxx.xxx:3128"
   no_proxy="localhost,127.0.0.1"

 HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128"
  FTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
   NO_PROXY="localhost,127.0.0.1"


Manage local environment variables
unset HTTP_PROXY   #unset HTTP_PROXY single variable
env -i bash        #unset all local variables back to default on login
exec bash          #unset all local variables back to default on login

Applications custom proxy setting

Wget

Some proxy servers require authorization to enable you to use them. The authorization consists of username and password, which must be sent by eg. Wget. As with HTTP authorization, several authentication schemes exist. For proxy authorization only the Basic authentication scheme is currently implemented.

You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this: 

wget http://username:mypassword@proxy.company.com:8001/

Alternatively, you may use the proxy-user and proxy-password options, and the equivalent .wgetrc settings proxy_user and proxy_password to set the proxy username and password.

Proxy servers

CNTLM - Linux

  1. Install CNTLM sudo apt-get install
  2. Copy an updated template into /etc/cntlm.conf
  3. Generate password hash and test Internet access
    sudo cntlm -c /etc/cntlm.conf -I -M http://www.bbc.co.uk
    cntlm -H -u 'username' -d 'domain.local' #generates hash only
  4. Replace PassNTLMv2 hash value in the config file /etc/cntlm.conf with the generated hash.
  5. Restart services cntlm restart

Cntlm template to copy into /etc/cntlm.conf 

# Cntlm Authentication Proxy Configuration
Username	foobar      #your windows username
Domain		home.local
# Password	password
# PassLM     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNT     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNTLMv2      XXXXX3AD50AC2DC59B62324EE9202E29 # username's password hash

# Workstation	netbios_hostname
# List proxies
Proxy		172.31.10.100:8080      #proxy with access to Internet

# Do not use proxy - exception url's
NoProxy	*.home.local, localhost, 127.0.0.*, 10.*, 192.168.*

Listen		3128
Listen		172.31.20.128:3128   #interface ip you want proxy listen on

# Enable to allow access from other computers
Gateway	yes

# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
Allow		127.0.0.1           #allow connect from localhost
Allow		172.31.147.128      #ip of VM or remote PC that you authorize to use the proxy
#Deny		0/0

Maven proxy

If you are behind the proxy Maven needs to be configured to use it:

  • global settings: /etc/maven/settings.xml
  • local: ~/.m2/settings.xml

The easiest is to use local file 

vi ~/.m2/settings.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <proxies>
    <proxy>
      <active>true</active>
      <protocol>http</protocol>
      <host>proxy_host_IP-or-DNS</host>
      <port>3128</port>
      <nonProxyHosts>maven</nonProxyHosts>
    </proxy>
  </proxies>
</settings>

Docker proxy

Resources

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_proxy&oldid=3166