Linux proxy
Linux proxy settings
When you behind a firewall of a company proxy you may need to configure your Linux distro to pass proxy details to the applications in turn to connect to Internet. Most common application like curl, wget, git use an environment variables to know proxy settings but others like Firefox and desktop applications may need to be specifically configured within application itself.
In the examples below depends on your proxy server you need to be authentication. Often it could be your own Active Directory login/password combination but it can be also Internet user login/password credentials.
- Proxy environment variables
http_proxy=http://example.com https_proxy=$http_proxy or https_proxy=URL ftp_proxy=URL no_proxy=string
Make sure you can resolve the proxy server DNS name otherwise use IP address
- Proxy temporary configuration for a single command only
sudo env http_proxy=http://proxyserver.local:8080 apt-get update sudo env http_proxy=http://username:password@10.0.0.1:8080 apt-get update
- Proxy temp configuration for duration of a session. With sudo remember to use -E to preserve local environment variables
export http_proxy=http://proxyserver.local:8080/ export ftp_proxy=http://username:password@proxyserver.local:8080/ sudo -E apt-get update
- Permanent proxy configuration for a user
Append proxy enviroment variables to a user ~/.profile file. With sudo remember to use -E to preserve local environment variables
http_proxy=http://proxyserver.local:8080/
- Permanent proxy configuration for all users
Edit all users environment variables sudo vi /etc/environment and add proxy variables
http_proxy="http://xxx.xxx.xxx.xxx:3128" https_proxy="http://xxx.xxx.xxx.xxx:3128" ftp_proxy="http://xxx.xxx.xxx.xxx:3128" no_proxy="localhost,127.0.0.1" HTTP_PROXY="http://xxx.xxx.xxx.xxx:3128" HTTPS_PROXY="http://xxx.xxx.xxx.xxx:3128" FTP_PROXY="http://xxx.xxx.xxx.xxx:3128" NO_PROXY="localhost,127.0.0.1"
- Manage local environment variables
unset HTTP_PROXY #unset HTTP_PROXY single variable env -i bash #unset all local variables back to default on login exec bash #unset all local variables back to default on login
Applications custom proxy setting
Wget
Some proxy servers require authorization to enable you to use them. The authorization consists of username and password, which must be sent by eg. Wget. As with HTTP authorization, several authentication schemes exist. For proxy authorization only the Basic authentication scheme is currently implemented.
You may specify your username and password either through the proxy URL or through the command-line options. Assuming that the company’s proxy is located at 'proxy.company.com' at port 8001, a proxy URL location containing authorization data might look like this:
wget http://username:mypassword@proxy.company.com:8001/
Alternatively, you may use the proxy-user and proxy-password options, and the equivalent .wgetrc settings proxy_user and proxy_password to set the proxy username and password.
Proxy servers
CNTLM - Linux
- Install CNTLM sudo apt-get install
- Copy an updated template into /etc/cntlm.conf
- Generate password hash and test Internet accesssudo cntlm -c /etc/cntlm.conf -I -M http://www.bbc.co.uk
 cntlm -H -u 'username' -d 'domain.local' #generates hash only
- Replace PassNTLMv2 hash value in the config file /etc/cntlm.confwith the generated hash.
- Restart services cntlm restart
Cntlm template to copy into /etc/cntlm.conf
# Cntlm Authentication Proxy Configuration Username foofoo #your windows username Domain home.local # Password password # Use hashes instead # PassLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # PassNT xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # PassNTLMv2 XXXXX3AD50AC2DC59B62324EE9202E29 # username's password hash # Workstation netbios_hostname # List proxies Proxy 172.31.10.100:8080 #proxy with access to Internet # Do not use proxy - exception url's NoProxy *.home.local, localhost, 127.0.0.*, 10.*, 192.168.* Listen 3128 Listen 172.31.20.128:3128 #interface ip you want proxy listen on # Enable to allow access from other computers Gateway yes # Useful in Gateway mode to allow/restrict certain IPs # Specifiy individual IPs or subnets one rule per line. # Allow 127.0.0.1 #allow connect from localhost Allow 172.31.147.128 #ip of VM or remote PC that you authorize to use the proxy #Deny 0/0
Maven proxy
If you are behind the proxy Maven needs to be configured to use it:
- global settings: /etc/maven/settings.xml
- local: ~/.m2/settings.xml
The easiest is to use local file
vi ~/.m2/settings.xml <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <proxies> <proxy> <active>true</active> <protocol>http</protocol> <host>proxy_host_IP-or-DNS</host> <port>3128</port> <nonProxyHosts>maven</nonProxyHosts> </proxy> </proxies> </settings>
Resources
- setting-proxy-from-terminal
- Cntlm Authentication Proxy NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft