proxy

references:

proxy for bash

# global settings
$ cat /etc/bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/

# individual account settings
$ cat ~/.bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/

proxy for curl

$ curl -x http://proxy.domain.com:80 <https://target.server.com>

  • to get head only

    $ curl -kvI -x http://proxy.domain.com:80 <https://target.server.com>

proxy for yum

$ cat /etc/yum.conf
[main]
proxy=http://proxy.domain.com:80

proxy for apt

[!TIP|label:see also]

$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://proxy.domain.com:80";
Acquire::https::Proxy "http://proxy.domain.com:80";
Acquire::ftp::Proxy "http://proxy.domain.com:80";

proxy for docker

[!TIP|label:see also]

for docker build

$ mkdir -p ~/.docker
$ cat > ~/.docker/config.json << EOF
{
        "proxies": {
                "default": {
                        "httpProxy": "http://proxy.domain.com:80",
                        "httpsProxy": "http://proxy.domain.com:80"
                }
        }
}
EOF

  • or via cmd directly

    $ docker build \
         --build-arg http_proxy=http://proxy.domain.com:80 \
         --build-arg https_proxy=http://proxy.domain.com:443 \

for docker pull

# for rootless mode
$ mkdir -p ~/.config/systemd/user/docker.service.d/
# or regular mode
$ sudo mkdir -p /etc/systemd/system/docker.service.d

$ sudo bash -c "cat > /etc/systemd/system/docker.service.d" << EOF
[Service]
Environment="HTTP_PROXY=http://proxy.domain.com:80"
Environment="HTTPS_PROXY=https://proxy.domain.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
EOF

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

# verify
$ systemctl show docker --property Environment
Environment=HTTPS_PROXY=http://proxy.domain.com:443 HTTP_PROXY=http://proxy.domain.com:80 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp

proxy for pip

[!TIP|label:paths]

  • MS Windows: %APPDATA%\pip\pip.ini

  • MacOS: $HOME/Library/Application Support/pip/pip.conf

  • Unix: $HOME/.config/pip/pip.conf

setup via command line

$ pip config set global.proxy http://proxy.domain.com:80

using directly

$ pip install --proxy http://proxy.domain.com:80 git-review

proxy for ssh

nc

$ ssh -vT \
      -o "ProxyCommand=nc -X connect -x proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com
# or
$ ssh -vT \
      -o "ProxyCommand=netcat -X connect -x proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        nc -X connect -x proxy.domain.com:80 %h %p

  • for socks5

    ProxyCommand        nc -X 5 -x proxy.domain.com:80 %h %p

corkscrew

$ brew install corkscrew

$ ssh -vT \
      -o "ProxyCommand=corkscrew proxy.domain.com 80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        corkscrew proxy.domain.com 80 %h %p

ncat

$ brew install nmap

$ ssh -vT \
      -o "ProxyCommand=ncat --proxy proxy.domain.com:80 --proxy-type http %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        ncat --proxy proxy.domain.com:80 --proxy-type http %h %p

  • for socks5

    ProxyCommand        ncat --proxy proxy.domain.com:80 --proxy-type socks5 %h %p

connect

[!NOTE] applicable to git for windows

$ brew install connect

$ ssh -vT \
      -o "ProxyCommand=connect -H proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        connect -H proxy.domain.com:80 %h %p

  • for socks5

    ProxyCommand        connect -S proxy.domain.com:80 %h %p

socat

[!NOTE]

proxy for git

[!NOTE|label:references]

http.proxy and https.proxy

$ git config --global https.proxy 'http://proxy.domain.com:80'   # using privoxy convert socks to http
$ git config --global http.proxy  'http://proxy.domain.com:80'
$ git config --global https.sslVerify false                       # unable to access '...': Unknown SSL protocol error in connection to ...:443
$ git config --global http.sslVerify false                        # unable to access '...': Unknown SSL protocol error in connection to ...:443

  • or gitPorxy

    $ cat ~/.gitconfig
# Proxy settings
[core]
        gitproxy=proxy-command for kernel.org
        gitproxy=default-proxy ; for all the rest

  • for specific url

    $ git config --global http.https://github.com http://proxy.domain.com:80
$ git config --global http.https://chromium.googlesource.com http://proxy.domain.com:80

  • or

    $ cat ~/.gitconfig
[http]
  proxy = http://proxy.domain.com:80
[https]
  proxy = http://proxy.domain.com:80
[http "https://chromium.googlesource.com"]
  proxy = http://proxy.domain.com:80
[http "https://github.com"]
  proxy = http://proxy.domain.com:80

  • for socks5

    $ git config --global socks.proxy "proxy.domain.com:80"

# or
$ git config --global socks.proxy "socks5://proxy.domain.com:80"

  • additional usage

    $ cat ~/.gitconfig
...
[url "git@ssh.github.com"]
  insteadOf    = git@github.com
[url "git@ssh.github.com:"]
  insteadOf    = https://github.com/
[http]
  sslVerify    = false
  postBuffer   = 524288000
  # sslVersion = tlsv1.1
  # sslVersion = tlsv1.2
  # sslVersion = tlsv1.3
...

  • show current configure

    $ git config --global --get-regexp http.*
$ git config --global --get-regexp .*proxy.*

  • unset

    $ git config --global --unset http.proxy
$ git config --global --unset http.https://github.com

$ git config --global --unset http.sslVerify
$ git config --global --unset http.https://domain.com.sslVerify

core.gitproxy

$ git config --global core.gitproxy https://proxy.domain.com:80
$ git config --global url.git://github.com/.insteadOf git@github.com:

core.sshCommand

[!NOTE]

A new configuration variable core.sshCommand has been added to specify what value for GIT_SSH_COMMAND to use per repository.

$ git config --global core.sshCommand "ssh -v -o 'ProxyCommand=connect -H proxy.domain.com:80 %h %p'"

# or
$ git -c core.sshCommand "ssh -v -o 'ProxyCommand=commect -H proxy.domain.com:80 %h %p'" clone git@github.com/marslo/ibook.git

proxy for npm

[!NOTE|label:referencs]

$ npm config set proxy http://proxy.domain.com:80/
$ npm config set https-proxy http://proxy.domain.com:80/
$ npm config set noproxy '127.0.0.1,noproxy.domain.com'

# optional
$ npm config set strict-ssl false

  • or

    $ cat ~/.npmrc
strict-ssl=false
proxy=http://proxy.domain.com:80/
https-proxy=http://proxy.domain.com:80/

proxy for nc

[!NOTE|label:manual page]

-X proxy_version
        Requests that nc should use the specified protocol when talking to the proxy server.
        Supported protocols are:
        - “4” (SOCKS v.4)
        - “5” (SOCKS v.5)
        - “connect” (HTTPS proxy)
        If the protocol is not specified, SOCKS version 5 is used.

  • additional

    -T protocols=all
# with proxy
$ nc -zv -X connect -x proxy.domain.com:80 google.com 443
nc: Proxy error: "HTTP/1.1 200 Connection established"

# without proxy
$ nc -zv google.com 443
nc: connectx to google.com port 443 (tcp) failed: Operation timed out

proxy for ssl

[!NOTE|label:https proxy] Since version 7.52.0, curl can do HTTPS to the proxy separately from the connection to the server. This TLS connection is handled separately from the server connection so instead of --insecure and --cacert to control the certificate verification, you use --proxy-insecure and --proxy-cacert. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totally separate from the TLS connection to the server.

Q&A

nc : nc: Proxy error: "HTTP/1.1 200 Connection established"

  • issue

    $ nc -X connect -x 127.0.0.1:8080 -zv git.domain.com 22
nc: Proxy error: "HTTP/1.1 200 Connection established"

  • solution

    $ corkscrew 127.0.0.1 8080 git.domain.com 22
SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0)
^C

$ ncat --proxy 127.0.0.1:1087 --proxy-type http sample.gerrit.com 29418
SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0)
^C

$ cat ~/.ssh/config
  Host  git.domain.com
        Hostname              git.domain.com
        User                  marslo
        Port                  22
        StrictHostKeyChecking no
        UserKnownHostsFile    ~/.ssh/known_hosts
        ProxyCommand          corkscrew 127.0.0.1 8080 %h %p
        # or
        ProxyCommand          ncat --proxy 127.0.0.1:8080 --proxy-type http %h %p

# verify in ssh
$ ssh -vT -o "ProxyCommand=corkscrew 127.0.0.1 8080 %h %p" -p 22 git.domain.com

proxy with kubeconfig

[!NOTE|label:see also]

$ kubectl config set-cluster <my-cluster-name> --proxy-url=<my-proxy-url>

# i.e.
$ kubectl config set-cluster development --proxy-url=http://proxy.domain.com:8080

proxy with windows

[!NOTE]

  • add/modify

    > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1
> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port
> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username
> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password
> netsh winhttp import proxy source=ie

  • or

    > netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost"

REM show
> netsh winhttp show proxy

REM reset
> netsh winhttp reset proxy

  • or

    > netsh winhttp set proxy 127.0.0.1:1080
> netsh winhttp set proxy proxy-server="socks=127.0.0.1:9150" bypass-list="127.0.0.1"
> netsh winhttp set proxy proxy-server="socks=localhost:9150" bypass-list="localhost"
> netsh winhttp set proxy proxy-server="http=127.0.0.1:1080"  bypass-list="127.0.0.1"
> netsh winhttp set proxy proxy-server="https=127.0.0.1:1080" bypass-list="127.0.0.1"

  • check

    $ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" | find AutoConfigURL
    AutoConfigURL    REG_SZ    http://proxy.domain.com/file.pac

REM full list
$ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    CertificateRevocation    REG_DWORD    0x1
    DisableCachingOfSSLPages    REG_DWORD    0x0
    IE5_UA_Backup_Flag    REG_SZ    5.0
    PrivacyAdvanced    REG_DWORD    0x1
    SecureProtocols    REG_DWORD    0x800
    User Agent    REG_SZ    Mozilla/5.0 (compatible; MSIE 9.0; Win32)
    SecureProtocolsUpdated    REG_DWORD    0x1
    EnableNegotiate    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x0
    MigrateProxy    REG_DWORD    0x1
    AutoConfigURL    REG_SZ    http://proxy.domain.com/file.pac
PreviouswidgetNextcolors

Last updated