proxy

proxy for bash

# global settings
$ cat /etc/bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/

# individual account settings
$ cat ~/.bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/

proxy for curl

$ curl -x http://proxy.domain.com:80 <https://target.server.com>
  • to get head only

    $ curl -kvI -x http://proxy.domain.com:80 <https://target.server.com>

proxy for yum

$ cat /etc/yum.conf
[main]
proxy=http://proxy.domain.com:80

proxy for apt

[!TIP|label:see also]

$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://proxy.domain.com:80";
Acquire::https::Proxy "http://proxy.domain.com:80";
Acquire::ftp::Proxy "http://proxy.domain.com:80";

proxy for docker

[!TIP|label:see also]

for docker build

$ mkdir -p ~/.docker
$ cat > ~/.docker/config.json << EOF
{
        "proxies": {
                "default": {
                        "httpProxy": "http://proxy.domain.com:80",
                        "httpsProxy": "http://proxy.domain.com:80"
                }
        }
}
EOF
  • or via cmd directly

    $ docker build \
             --build-arg http_proxy=http://proxy.domain.com:80 \
             --build-arg https_proxy=http://proxy.domain.com:443 \

for docker pull

# for rootless mode
$ mkdir -p ~/.config/systemd/user/docker.service.d/
# or regular mode
$ sudo mkdir -p /etc/systemd/system/docker.service.d

$ sudo bash -c "cat > /etc/systemd/system/docker.service.d" << EOF
[Service]
Environment="HTTP_PROXY=http://proxy.domain.com:80"
Environment="HTTPS_PROXY=https://proxy.domain.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
EOF

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

# verify
$ systemctl show docker --property Environment
Environment=HTTPS_PROXY=http://proxy.domain.com:443 HTTP_PROXY=http://proxy.domain.com:80 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp

proxy for pip

[!TIP|label:paths]

  • MS Windows: %APPDATA%\pip\pip.ini

  • MacOS: $HOME/Library/Application Support/pip/pip.conf

  • Unix: $HOME/.config/pip/pip.conf

$ pip config set global.proxy http://proxy.domain.com:80

using directly

$ pip install --proxy http://proxy.domain.com:80 git-review

proxy for ssh

nc

$ ssh -vT \
      -o "ProxyCommand=nc -X connect -x proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com
# or
$ ssh -vT \
      -o "ProxyCommand=netcat -X connect -x proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        nc -X connect -x proxy.domain.com:80 %h %p
  • for socks5

    ProxyCommand        nc -X 5 -x proxy.domain.com:80 %h %p

corkscrew

$ brew install corkscrew

$ ssh -vT \
      -o "ProxyCommand=corkscrew proxy.domain.com 80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        corkscrew proxy.domain.com 80 %h %p

$ brew install nmap

$ ssh -vT \
      -o "ProxyCommand=ncat --proxy proxy.domain.com:80 --proxy-type http %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        ncat --proxy proxy.domain.com:80 --proxy-type http %h %p
  • for socks5

    ProxyCommand        ncat --proxy proxy.domain.com:80 --proxy-type socks5 %h %p

[!NOTE] applicable to git for windows

$ brew install connect

$ ssh -vT \
      -o "ProxyCommand=connect -H proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        connect -H proxy.domain.com:80 %h %p
  • for socks5

    ProxyCommand        connect -S proxy.domain.com:80 %h %p

[!NOTE]

proxy for git

[!NOTE|label:references]

http.proxy and https.proxy

$ git config --global https.proxy 'http://proxy.domain.com:80'   # using privoxy convert socks to http
$ git config --global http.proxy  'http://proxy.domain.com:80'
$ git config --global https.sslVerify false                       # unable to access '...': Unknown SSL protocol error in connection to ...:443
$ git config --global http.sslVerify false                        # unable to access '...': Unknown SSL protocol error in connection to ...:443
  • or gitPorxy

    $ cat ~/.gitconfig
    # Proxy settings
    [core]
            gitproxy=proxy-command for kernel.org
            gitproxy=default-proxy ; for all the rest
  • for specific url

    $ git config --global http.https://github.com http://proxy.domain.com:80
    $ git config --global http.https://chromium.googlesource.com http://proxy.domain.com:80
  • or

    $ cat ~/.gitconfig
    [http]
      proxy = http://proxy.domain.com:80
    [https]
      proxy = http://proxy.domain.com:80
    [http "https://chromium.googlesource.com"]
      proxy = http://proxy.domain.com:80
    [http "https://github.com"]
      proxy = http://proxy.domain.com:80
  • for socks5

    $ git config --global socks.proxy "proxy.domain.com:80"
    
    # or
    $ git config --global socks.proxy "socks5://proxy.domain.com:80"
  • additional usage

    $ cat ~/.gitconfig
    ...
    [url "git@ssh.github.com"]
      insteadOf    = git@github.com
    [url "git@ssh.github.com:"]
      insteadOf    = https://github.com/
    [http]
      sslVerify    = false
      postBuffer   = 524288000
      # sslVersion = tlsv1.1
      # sslVersion = tlsv1.2
      # sslVersion = tlsv1.3
    ...
  • show current configure

    $ git config --global --get-regexp http.*
    $ git config --global --get-regexp .*proxy.*
  • unset

    $ git config --global --unset http.proxy
    $ git config --global --unset http.https://github.com
    
    $ git config --global --unset http.sslVerify
    $ git config --global --unset http.https://domain.com.sslVerify

core.gitproxy

$ git config --global core.gitproxy https://proxy.domain.com:80
$ git config --global url.git://github.com/.insteadOf git@github.com:

core.sshCommand

[!NOTE]

A new configuration variable core.sshCommand has been added to specify what value for GIT_SSH_COMMAND to use per repository.

$ git config --global core.sshCommand "ssh -v -o 'ProxyCommand=connect -H proxy.domain.com:80 %h %p'"

# or
$ git -c core.sshCommand "ssh -v -o 'ProxyCommand=commect -H proxy.domain.com:80 %h %p'" clone git@github.com/marslo/ibook.git

proxy for npm

[!NOTE|label:referencs]

$ npm config set proxy http://proxy.domain.com:80/
$ npm config set https-proxy http://proxy.domain.com:80/
$ npm config set noproxy '127.0.0.1,noproxy.domain.com'

# optional
$ npm config set strict-ssl false
  • or

    $ cat ~/.npmrc
    strict-ssl=false
    proxy=http://proxy.domain.com:80/
    https-proxy=http://proxy.domain.com:80/

proxy for nc

[!NOTE|label:manual page]

-X proxy_version
        Requests that nc should use the specified protocol when talking to the proxy server.
        Supported protocols are:
        - “4” (SOCKS v.4)
        - “5” (SOCKS v.5)
        - “connect” (HTTPS proxy)
        If the protocol is not specified, SOCKS version 5 is used.
  • additional

    -T protocols=all
# with proxy
$ nc -zv -X connect -x proxy.domain.com:80 google.com 443
nc: Proxy error: "HTTP/1.1 200 Connection established"

# without proxy
$ nc -zv google.com 443
nc: connectx to google.com port 443 (tcp) failed: Operation timed out

[!NOTE|label:https proxy] Since version 7.52.0, curl can do HTTPS to the proxy separately from the connection to the server. This TLS connection is handled separately from the server connection so instead of --insecure and --cacert to control the certificate verification, you use --proxy-insecure and --proxy-cacert. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totally separate from the TLS connection to the server.

Q&A

nc : nc: Proxy error: "HTTP/1.1 200 Connection established"

  • issue

    $ nc -X connect -x 127.0.0.1:8080 -zv git.domain.com 22
    nc: Proxy error: "HTTP/1.1 200 Connection established"
  • solution

    $ corkscrew 127.0.0.1 8080 git.domain.com 22
    SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0)
    ^C
    
    $ ncat --proxy 127.0.0.1:1087 --proxy-type http sample.gerrit.com 29418
    SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0)
    ^C
    
    $ cat ~/.ssh/config
      Host  git.domain.com
            Hostname              git.domain.com
            User                  marslo
            Port                  22
            StrictHostKeyChecking no
            UserKnownHostsFile    ~/.ssh/known_hosts
            ProxyCommand          corkscrew 127.0.0.1 8080 %h %p
            # or
            ProxyCommand          ncat --proxy 127.0.0.1:8080 --proxy-type http %h %p
    
    # verify in ssh
    $ ssh -vT -o "ProxyCommand=corkscrew 127.0.0.1 8080 %h %p" -p 22 git.domain.com

proxy with kubeconfig

[!NOTE|label:see also]

$ kubectl config set-cluster <my-cluster-name> --proxy-url=<my-proxy-url>

# i.e.
$ kubectl config set-cluster development --proxy-url=http://proxy.domain.com:8080

proxy with windows

[!NOTE]

  • add/modify

    > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1
    > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port
    > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username
    > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password
    > netsh winhttp import proxy source=ie
  • or

    > netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost"
    
    REM show
    > netsh winhttp show proxy
    
    REM reset
    > netsh winhttp reset proxy
  • or

    > netsh winhttp set proxy 127.0.0.1:1080
    > netsh winhttp set proxy proxy-server="socks=127.0.0.1:9150" bypass-list="127.0.0.1"
    > netsh winhttp set proxy proxy-server="socks=localhost:9150" bypass-list="localhost"
    > netsh winhttp set proxy proxy-server="http=127.0.0.1:1080"  bypass-list="127.0.0.1"
    > netsh winhttp set proxy proxy-server="https=127.0.0.1:1080" bypass-list="127.0.0.1"
  • check

    $ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" | find AutoConfigURL
        AutoConfigURL    REG_SZ    http://proxy.domain.com/file.pac
    
    REM full list
    $ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
    
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
        CertificateRevocation    REG_DWORD    0x1
        DisableCachingOfSSLPages    REG_DWORD    0x0
        IE5_UA_Backup_Flag    REG_SZ    5.0
        PrivacyAdvanced    REG_DWORD    0x1
        SecureProtocols    REG_DWORD    0x800
        User Agent    REG_SZ    Mozilla/5.0 (compatible; MSIE 9.0; Win32)
        SecureProtocolsUpdated    REG_DWORD    0x1
        EnableNegotiate    REG_DWORD    0x1
        ProxyEnable    REG_DWORD    0x0
        MigrateProxy    REG_DWORD    0x1
        AutoConfigURL    REG_SZ    http://proxy.domain.com/file.pac

Last updated