Linux proxy settings

When you behind a firewall of a company proxy you may need to configure your Linux distro to pass proxy details to the applications in turn to connect to Internet. Most common application like curl, wget, git use an environment variables to know proxy settings but others like Firefox and desktop applications may need to be specifically configured within application itself.

In the examples below depends on your proxy server you need to be authentication. Often it could be your own Active Directory login/password combination but it can be also Internet user login/password credentials.

Proxy environment variables

http_proxy=http://example.com
https_proxy=$http_proxy   #or: https_proxy=URL
ftp_proxy=URL
no_proxy=string

Make sure you can resolve the proxy server DNS name otherwise use IP address

Proxy temporary configuration for a single command only

sudo env http_proxy=http://proxyserver.local:8080 apt-get update
sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update

Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables

export http_proxy=http://proxyserver.local:8080/
export ftp_proxy=http://username:password@proxyserver.local:8080/
sudo -E apt-get update

Permanent proxy configuration for a user

Append proxy enviroment variables to a user ~/.profile file. With sudo remember to use -E to preserve local environment variables

http_proxy="http://proxyserver.local:8080/"

Permanent proxy configuration for all users

Edit all users environment variables sudo vi /etc/environment and add proxy variables

http_proxy="http://xxx.xxx.xxx.xxx:3128" 
https_proxy="http://xxx.xxx.xxx.xxx:3128" 
  ftp_proxy="http://xxx.xxx.xxx.xxx:3128"
   no_proxy="localhost,127.0.0.1"

 HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128"
  FTP_PROXY="http://xxx.xxx.xxx.xxx:3128"
   NO_PROXY="localhost,127.0.0.1"

Manage local environment variables

unset HTTP_PROXY   #unset HTTP_PROXY single variable
env -i bash        #unset all local variables back to default on login
exec bash          #unset all local variables back to default on login

Applications custom proxy setting

Wget

Some proxy servers require authorization to enable you to use them. The authorization consists of username and password, which must be sent by eg. Wget. As with HTTP authorization, several authentication schemes exist. For proxy authorization only the Basic authentication scheme is currently implemented.

You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this:

wget http://username:mypassword@proxy.company.com:8001/

Alternatively, you may use the proxy-user and proxy-password options, and the equivalent .wgetrc settings proxy_user and proxy_password to set the proxy username and password.

Proxy servers

CNTLM - Linux

1. Install CNTLM sudo apt-get install
2. Copy an updated template into /etc/cntlm.conf
3. Generate password hash and test Internet access
   sudo cntlm -c /etc/cntlm.conf -I -M http://www.bbc.co.uk
cntlm -H -u 'username' -d 'domain.local' #generates hash only
4. Replace PassNTLMv2 hash value in the config file /etc/cntlm.conf with the generated hash.
5. Restart services cntlm restart

Cntlm template to copy into /etc/cntlm.conf

# Cntlm Authentication Proxy Configuration
Username	foobar      #your windows username
Domain		home.local
# Password	password
# PassLM     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNT     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# PassNTLMv2      XXXXX3AD50AC2DC59B62324EE9202E29 # username's password hash

# Workstation	netbios_hostname
# List proxies
Proxy		172.31.10.100:8080      #proxy with access to Internet

# Do not use proxy - exception url's
NoProxy	*.home.local, localhost, 127.0.0.*, 10.*, 192.168.*

Listen		3128
Listen		172.31.20.128:3128   #interface ip you want proxy listen on

# Enable to allow access from other computers
Gateway	yes

# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
Allow		127.0.0.1           #allow connect from localhost
Allow		172.31.147.128      #ip of VM or remote PC that you authorize to use the proxy
#Deny		0/0

Maven proxy

If you are behind the proxy Maven needs to be configured to use it:

• global settings: /etc/maven/settings.xml
• local: ~/.m2/settings.xml

The easiest is to use local file

vi ~/.m2/settings.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <proxies>
    <proxy>
      <active>true</active>
      <protocol>http</protocol>
      <host>proxy_host_IP-or-DNS</host>
      <port>3128</port>
      <nonProxyHosts>maven</nonProxyHosts>
    </proxy>
  </proxies>
</settings>

Docker proxy

Resources

• setting-proxy-from-terminal
• Cntlm Authentication Proxy NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft