proxy

• proxy for bash

• proxy for curl

• proxy for yum

• proxy for apt

• proxy for docker

  • for docker build

  • for docker pull

• proxy for pip

  • setup via command line

  • using directly

• proxy for ssh

  • nc

  • corkscrew

  • ncat

  • connect

  • socat

• proxy for git

  • http.proxy and https.proxy

  • core.gitproxy

  • core.sshCommand

• proxy for npm

• proxy for nc

• proxy for ssl

• Q&A

  • nc : nc: Proxy error: "HTTP/1.1 200 Connection established"

• proxy with kubeconfig

• proxy with windows

references:

• How to Use Netcat Commands: Examples and Cheat Sheets

• SSH Tunneling and Proxying

• bryanpkc/corkscrew

• nc / netcat

• gotoh/ssh-connect

• larryhou/connect-proxy

proxy for bash

# global settings
$ cat /etc/bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/

# individual account settings
$ cat ~/.bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/

proxy for curl

$ curl -x http://proxy.domain.com:80 <https://target.server.com>

• to get head only

  $ curl -kvI -x http://proxy.domain.com:80 <https://target.server.com>

proxy for yum

$ cat /etc/yum.conf
[main]
proxy=http://proxy.domain.com:80

proxy for apt

[!TIP|label:see also]

• * imarlso : apt.conf

$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://proxy.domain.com:80";
Acquire::https::Proxy "http://proxy.domain.com:80";
Acquire::ftp::Proxy "http://proxy.domain.com:80";

proxy for docker

[!TIP|label:see also]

• * imarslo : docker proxy

• * imarslo : setup proxy in daemon.json

for docker build

$ mkdir -p ~/.docker
$ cat > ~/.docker/config.json << EOF
{
        "proxies": {
                "default": {
                        "httpProxy": "http://proxy.domain.com:80",
                        "httpsProxy": "http://proxy.domain.com:80"
                }
        }
}
EOF

• or via cmd directly

  $ docker build \
           --build-arg http_proxy=http://proxy.domain.com:80 \
           --build-arg https_proxy=http://proxy.domain.com:443 \

for docker pull

# for rootless mode
$ mkdir -p ~/.config/systemd/user/docker.service.d/
# or regular mode
$ sudo mkdir -p /etc/systemd/system/docker.service.d

$ sudo bash -c "cat > /etc/systemd/system/docker.service.d" << EOF
[Service]
Environment="HTTP_PROXY=http://proxy.domain.com:80"
Environment="HTTPS_PROXY=https://proxy.domain.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
EOF

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

# verify
$ systemctl show docker --property Environment
Environment=HTTPS_PROXY=http://proxy.domain.com:443 HTTP_PROXY=http://proxy.domain.com:80 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp

proxy for pip

[!TIP|label:paths]

• MS Windows: %APPDATA%\pip\pip.ini

• MacOS: $HOME/Library/Application Support/pip/pip.conf

• Unix: $HOME/.config/pip/pip.conf

setup via command line

$ pip config set global.proxy http://proxy.domain.com:80

using directly

$ pip install --proxy http://proxy.domain.com:80 git-review

proxy for ssh

nc

$ ssh -vT \
      -o "ProxyCommand=nc -X connect -x proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com
# or
$ ssh -vT \
      -o "ProxyCommand=netcat -X connect -x proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        nc -X connect -x proxy.domain.com:80 %h %p

• for socks5

  ProxyCommand        nc -X 5 -x proxy.domain.com:80 %h %p

corkscrew

$ brew install corkscrew

$ ssh -vT \
      -o "ProxyCommand=corkscrew proxy.domain.com 80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        corkscrew proxy.domain.com 80 %h %p

ncat

$ brew install nmap

$ ssh -vT \
      -o "ProxyCommand=ncat --proxy proxy.domain.com:80 --proxy-type http %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        ncat --proxy proxy.domain.com:80 --proxy-type http %h %p

• for socks5

  ProxyCommand        ncat --proxy proxy.domain.com:80 --proxy-type socks5 %h %p

connect

[!NOTE] applicable to git for windows

$ brew install connect

$ ssh -vT \
      -o "ProxyCommand=connect -H proxy.domain.com:80 %h %p" \
      -p 22 \
      ssh://remote.git.com

$ cat ~/.ssh/config
Host  github.com
      User                username@domain.com
      ServerAliveInterval 60
      Hostname            ssh.github.com
      Port                443
      ProxyCommand        connect -H proxy.domain.com:80 %h %p

• for socks5

  ProxyCommand        connect -S proxy.domain.com:80 %h %p

socat

[!NOTE]

• he socat Command in Linux

• sit/gitproxy-socat

proxy for git

[!NOTE|label:references]

• evantoli/GitConfigHttpProxy.md

• Using git with a proxy

• yougg/proxy.md

• evantoli/GitConfigHttpProxy.md

• Tutorial: how to use git through a proxy

• cms-sw/cms-git-tools

• no ssl verify:

  • set GIT_SSL_NO_VERIFY=true

  • echo http{,s} | fmt -1 | xargs -i git config --global {}.sslVerify=false

• how to debug:

  • https : GIT_CURL_VERBOSE=1 git ... or GIT_TRACE_CURL=true git ...

  • ssh : GIT_SSH_COMMAND='ssh -v' git ... or git -c sshCommand='ssh -v' ...

• core.gitproxy

  A "proxy command" to execute (as command host port) instead of establishing direct connection to the
  remote server when using the Git protocol for fetching. If the variable value is in the
  "COMMAND for DOMAIN" format, the command is applied only on hostnames ending with the specified
  domain string. This variable may be set multiple times and is matched in the given order; the first
  match wins.
  
  Can be overridden by the GIT_PROXY_COMMAND environment variable (which always applies universally,
  without the special "for" handling).

http.proxy and https.proxy

$ git config --global https.proxy 'http://proxy.domain.com:80'   # using privoxy convert socks to http
$ git config --global http.proxy  'http://proxy.domain.com:80'
$ git config --global https.sslVerify false                       # unable to access '...': Unknown SSL protocol error in connection to ...:443
$ git config --global http.sslVerify false                        # unable to access '...': Unknown SSL protocol error in connection to ...:443

• or gitPorxy

  $ cat ~/.gitconfig
  # Proxy settings
  [core]
          gitproxy=proxy-command for kernel.org
          gitproxy=default-proxy ; for all the rest

• for specific url

  $ git config --global http.https://github.com http://proxy.domain.com:80
  $ git config --global http.https://chromium.googlesource.com http://proxy.domain.com:80

• or

  $ cat ~/.gitconfig
  [http]
    proxy = http://proxy.domain.com:80
  [https]
    proxy = http://proxy.domain.com:80
  [http "https://chromium.googlesource.com"]
    proxy = http://proxy.domain.com:80
  [http "https://github.com"]
    proxy = http://proxy.domain.com:80

• for socks5

  $ git config --global socks.proxy "proxy.domain.com:80"
  
  # or
  $ git config --global socks.proxy "socks5://proxy.domain.com:80"

• additional usage

  $ cat ~/.gitconfig
  ...
  [url "git@ssh.github.com"]
    insteadOf    = git@github.com
  [url "git@ssh.github.com:"]
    insteadOf    = https://github.com/
  [http]
    sslVerify    = false
    postBuffer   = 524288000
    # sslVersion = tlsv1.1
    # sslVersion = tlsv1.2
    # sslVersion = tlsv1.3
  ...

• show current configure

  $ git config --global --get-regexp http.*
  $ git config --global --get-regexp .*proxy.*

• unset

  $ git config --global --unset http.proxy
  $ git config --global --unset http.https://github.com
  
  $ git config --global --unset http.sslVerify
  $ git config --global --unset http.https://domain.com.sslVerify

core.gitproxy

$ git config --global core.gitproxy https://proxy.domain.com:80
$ git config --global url.git://github.com/.insteadOf git@github.com:

core.sshCommand

[!NOTE]

• core.sshCommand since 26 Jun 2016 commit 3c8ede3

A new configuration variable core.sshCommand has been added to specify what value for GIT_SSH_COMMAND to use per repository.

$ git config --global core.sshCommand "ssh -v -o 'ProxyCommand=connect -H proxy.domain.com:80 %h %p'"

# or
$ git -c core.sshCommand "ssh -v -o 'ProxyCommand=commect -H proxy.domain.com:80 %h %p'" clone git@github.com/marslo/ibook.git

proxy for npm

[!NOTE|label:referencs]

• npm config

• Is there a way to make npm install (the command) to work behind proxy?

• How to fix SSL certificate error when running Npm on Windows?

$ npm config set proxy http://proxy.domain.com:80/
$ npm config set https-proxy http://proxy.domain.com:80/
$ npm config set noproxy '127.0.0.1,noproxy.domain.com'

# optional
$ npm config set strict-ssl false

• or

  $ cat ~/.npmrc
  strict-ssl=false
  proxy=http://proxy.domain.com:80/
  https-proxy=http://proxy.domain.com:80/

proxy for nc

[!NOTE|label:manual page]

-X proxy_version
        Requests that nc should use the specified protocol when talking to the proxy server.
        Supported protocols are:
        - “4” (SOCKS v.4)
        - “5” (SOCKS v.5)
        - “connect” (HTTPS proxy)
        If the protocol is not specified, SOCKS version 5 is used.

• additional

  -T protocols=all

# with proxy
$ nc -zv -X connect -x proxy.domain.com:80 google.com 443
nc: Proxy error: "HTTP/1.1 200 Connection established"

# without proxy
$ nc -zv google.com 443
nc: connectx to google.com port 443 (tcp) failed: Operation timed out

proxy for ssl

[!NOTE|label:https proxy] Since version 7.52.0, curl can do HTTPS to the proxy separately from the connection to the server. This TLS connection is handled separately from the server connection so instead of --insecure and --cacert to control the certificate verification, you use --proxy-insecure and --proxy-cacert. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totally separate from the TLS connection to the server.

Q&A

nc : nc: Proxy error: "HTTP/1.1 200 Connection established"

• issue

  $ nc -X connect -x 127.0.0.1:8080 -zv git.domain.com 22
  nc: Proxy error: "HTTP/1.1 200 Connection established"

• solution

  $ corkscrew 127.0.0.1 8080 git.domain.com 22
  SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0)
  ^C
  
  $ ncat --proxy 127.0.0.1:1087 --proxy-type http sample.gerrit.com 29418
  SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0)
  ^C
  
  $ cat ~/.ssh/config
    Host  git.domain.com
          Hostname              git.domain.com
          User                  marslo
          Port                  22
          StrictHostKeyChecking no
          UserKnownHostsFile    ~/.ssh/known_hosts
          ProxyCommand          corkscrew 127.0.0.1 8080 %h %p
          # or
          ProxyCommand          ncat --proxy 127.0.0.1:8080 --proxy-type http %h %p
  
  # verify in ssh
  $ ssh -vT -o "ProxyCommand=corkscrew 127.0.0.1 8080 %h %p" -p 22 git.domain.com

proxy with kubeconfig

[!NOTE|label:see also]

• * imarslo : Kubectl context and configuration

$ kubectl config set-cluster <my-cluster-name> --proxy-url=<my-proxy-url>

# i.e.
$ kubectl config set-cluster development --proxy-url=http://proxy.domain.com:8080

proxy with windows

[!NOTE]

• How can we configure the .pac proxy to git

• otahi/pacproxy

• add/modify

  > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1
  > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port
  > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username
  > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password
  > netsh winhttp import proxy source=ie

• or

  > netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost"
  
  REM show
  > netsh winhttp show proxy
  
  REM reset
  > netsh winhttp reset proxy

• or

  > netsh winhttp set proxy 127.0.0.1:1080
  > netsh winhttp set proxy proxy-server="socks=127.0.0.1:9150" bypass-list="127.0.0.1"
  > netsh winhttp set proxy proxy-server="socks=localhost:9150" bypass-list="localhost"
  > netsh winhttp set proxy proxy-server="http=127.0.0.1:1080"  bypass-list="127.0.0.1"
  > netsh winhttp set proxy proxy-server="https=127.0.0.1:1080" bypass-list="127.0.0.1"

• check

  $ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" | find AutoConfigURL
      AutoConfigURL    REG_SZ    http://proxy.domain.com/file.pac
  
  REM full list
  $ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
  
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
      CertificateRevocation    REG_DWORD    0x1
      DisableCachingOfSSLPages    REG_DWORD    0x0
      IE5_UA_Backup_Flag    REG_SZ    5.0
      PrivacyAdvanced    REG_DWORD    0x1
      SecureProtocols    REG_DWORD    0x800
      User Agent    REG_SZ    Mozilla/5.0 (compatible; MSIE 9.0; Win32)
      SecureProtocolsUpdated    REG_DWORD    0x1
      EnableNegotiate    REG_DWORD    0x1
      ProxyEnable    REG_DWORD    0x0
      MigrateProxy    REG_DWORD    0x1
      AutoConfigURL    REG_SZ    http://proxy.domain.com/file.pac