- proxy for bash
- proxy for curl
- proxy for yum
- proxy for apt
- proxy for docker
- proxy for pip
- proxy for ssh
- proxy for git
- proxy for npm
- proxy for nc
- proxy for ssl
- Q&A
- proxy with kubeconfig
- proxy with windows
proxy for bash
# global settings
$ cat /etc/bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/
# individual account settings
$ cat ~/.bashrc
export http_proxy=http://proxy.domain.com:80/
export https_proxy=http://proxy.domain.com:80/
proxy for curl
$ curl -x http://proxy.domain.com:80 <https://target.server.com>
- to get head only
$ curl -kvI -x http://proxy.domain.com:80 <https://target.server.com>
proxy for yum
$ cat /etc/yum.conf
[main]
proxy=http://proxy.domain.com:80
proxy for apt
[!TIP|label:see also]
$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://proxy.domain.com:80";
Acquire::https::Proxy "http://proxy.domain.com:80";
Acquire::ftp::Proxy "http://proxy.domain.com:80";
proxy for docker
[!TIP|label:see also]
for docker build
$ mkdir -p ~/.docker
$ cat > ~/.docker/config.json << EOF
{
"proxies": {
"default": {
"httpProxy": "http://proxy.domain.com:80",
"httpsProxy": "http://proxy.domain.com:80"
}
}
}
EOF
- or via cmd directly
$ docker build \ --build-arg http_proxy=http://proxy.domain.com:80 \ --build-arg https_proxy=http://proxy.domain.com:443 \
for docker pull
# for rootless mode
$ mkdir -p ~/.config/systemd/user/docker.service.d/
# or regular mode
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo bash -c "cat > /etc/systemd/system/docker.service.d" << EOF
[Service]
Environment="HTTP_PROXY=http://proxy.domain.com:80"
Environment="HTTPS_PROXY=https://proxy.domain.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
EOF
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
# verify
$ systemctl show docker --property Environment
Environment=HTTPS_PROXY=http://proxy.domain.com:443 HTTP_PROXY=http://proxy.domain.com:80 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp
proxy for pip
[!TIP|label:paths]
- MS Windows:
%APPDATA%\pip\pip.ini
- MacOS:
$HOME/Library/Application Support/pip/pip.conf
- Unix:
$HOME/.config/pip/pip.conf
setup via command line
$ pip config set global.proxy http://proxy.domain.com:80
using directly
$ pip install --proxy http://proxy.domain.com:80 git-review
proxy for ssh
nc
$ ssh -vT \
-o "ProxyCommand=nc -X connect -x proxy.domain.com:80 %h %p" \
-p 22 \
ssh://remote.git.com
# or
$ ssh -vT \
-o "ProxyCommand=netcat -X connect -x proxy.domain.com:80 %h %p" \
-p 22 \
ssh://remote.git.com
$ cat ~/.ssh/config
Host github.com
User my.account@mail.com
ServerAliveInterval 60
Hostname ssh.github.com
Port 443
ProxyCommand nc -X connect -x proxy.domain.com:80 %h %p
- for socks5
ProxyCommand nc -X 5 -x proxy.domain.com:80 %h %p
corkscrew
$ brew install corkscrew
$ ssh -vT \
-o "ProxyCommand=corkscrew proxy.domain.com 80 %h %p" \
-p 22 \
ssh://remote.git.com
$ cat ~/.ssh/config
Host github.com
User my.account@mail.com
ServerAliveInterval 60
Hostname ssh.github.com
Port 443
ProxyCommand corkscrew proxy.domain.com 80 %h %p
ncat
$ brew install nmap
$ ssh -vT \
-o "ProxyCommand=ncat --proxy proxy.domain.com:80 --proxy-type http %h %p" \
-p 22 \
ssh://remote.git.com
$ cat ~/.ssh/config
Host github.com
User my.account@mail.com
ServerAliveInterval 60
Hostname ssh.github.com
Port 443
ProxyCommand ncat --proxy proxy.domain.com:80 --proxy-type http %h %p
- for socks5
ProxyCommand ncat --proxy proxy.domain.com:80 --proxy-type socks5 %h %p
connect
[!NOTE] applicable to git for windows
$ brew install connect
$ ssh -vT \
-o "ProxyCommand=connect -H proxy.domain.com:80 %h %p" \
-p 22 \
ssh://remote.git.com
$ cat ~/.ssh/config
Host github.com
User my.account@mail.com
ServerAliveInterval 60
Hostname ssh.github.com
Port 443
ProxyCommand connect -H proxy.domain.com:80 %h %p
- for socks5
ProxyCommand connect -S proxy.domain.com:80 %h %p
socat
[!NOTE]
proxy for git
[!NOTE|label:references]
- evantoli/GitConfigHttpProxy.md
- Using git with a proxy
- yougg/proxy.md
- evantoli/GitConfigHttpProxy.md
- Tutorial: how to use git through a proxy
- cms-sw/cms-git-tools
- no ssl verify:
set GIT_SSL_NO_VERIFY=true
echo http{,s} | fmt -1 | xargs -i git config --global {}.sslVerify=false
- how to debug:
- https :
GIT_CURL_VERBOSE=1 git ...
orGIT_TRACE_CURL=true git ...
- ssh :
GIT_SSH_COMMAND='ssh -v' git ...
orgit -c sshCommand='ssh -v' ...
A "proxy command" to execute (as command host port) instead of establishing direct connection to the remote server when using the Git protocol for fetching. If the variable value is in the "COMMAND for DOMAIN" format, the command is applied only on hostnames ending with the specified domain string. This variable may be set multiple times and is matched in the given order; the first match wins. Can be overridden by the GIT_PROXY_COMMAND environment variable (which always applies universally, without the special "for" handling).
http.proxy and https.proxy
$ git config --global https.proxy 'http://proxy.domain.com:80' # using privoxy convert socks to http
$ git config --global http.proxy 'http://proxy.domain.com:80'
$ git config --global https.sslVerify false # unable to access '...': Unknown SSL protocol error in connection to ...:443
$ git config --global http.sslVerify false # unable to access '...': Unknown SSL protocol error in connection to ...:443
for specific url
$ git config --global http.https://github.com http://proxy.domain.com:80 $ git config --global http.https://chromium.googlesource.com http://proxy.domain.com:80
or
$ cat ~/.gitconfig [http] proxy = http://proxy.domain.com:80 [https] proxy = http://proxy.domain.com:80 [http "https://chromium.googlesource.com"] proxy = http://proxy.domain.com:80 [http "https://github.com"] proxy = http://proxy.domain.com:80
-
$ git config --global socks.proxy "proxy.domain.com:80" # or $ git config --global socks.proxy "socks5://proxy.domain.com:80"
additional usage
$ cat ~/.gitconfig ... [url "git@ssh.github.com"] insteadOf = git@github.com [url "git@ssh.github.com:"] insteadOf = https://github.com/ [http] sslVerify = false postBuffer = 524288000 # sslVersion = tlsv1.1 # sslVersion = tlsv1.2 # sslVersion = tlsv1.3 ...
show current configure
$ git config --global --get-regexp http.* $ git config --global --get-regexp .*proxy.*
unset
$ git config --global --unset http.proxy $ git config --global --unset http.https://github.com $ git config --global --unset http.sslVerify $ git config --global --unset http.https://domain.com.sslVerify
core.gitproxy
$ git config --global core.gitproxy https://proxy.domain.com:80
$ git config --global url.git://github.com/.insteadOf git@github.com:
core.sshCommand
[!NOTE]
- core.sshCommand since 26 Jun 2016 commit 3c8ede3
A new configuration variable
core.sshCommand
has been added to specify what value forGIT_SSH_COMMAND
to use per repository.
$ git config --global core.sshCommand "ssh -v -o 'ProxyCommand=connect -H proxy.domain.com:80 %h %p'"
# or
$ git -c core.sshCommand "ssh -v -o 'ProxyCommand=commect -H proxy.domain.com:80 %h %p'" clone git@github.com/marslo/ibook.git
proxy for npm
[!NOTE|label:referencs]
$ npm config set proxy http://proxy.domain.com:80/
$ npm config set https-proxy http://proxy.domain.com:80/
$ npm config set noproxy '127.0.0.1,my.noproxy.com'
# optional
$ npm config set strict-ssl false
- or
$ cat ~/.npmrc strict-ssl=false proxy=http://proxy.domain.com:80/ https-proxy=http://proxy.domain.com:80/
proxy for nc
[!NOTE|label:manual page]
-X proxy_version Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are: - “4” (SOCKS v.4) - “5” (SOCKS v.5) - “connect” (HTTPS proxy) If the protocol is not specified, SOCKS version 5 is used.
- additional
-T protocols=all
# with proxy
$ nc -zv -X connect -x proxy.domain.com:80 google.com 443
nc: Proxy error: "HTTP/1.1 200 Connection established"
# without proxy
$ nc -zv google.com 443
nc: connectx to google.com port 443 (tcp) failed: Operation timed out
proxy for ssl
[!NOTE|label:https proxy] Since version 7.52.0, curl can do HTTPS to the proxy separately from the connection to the server. This TLS connection is handled separately from the server connection so instead of
--insecure
and--cacert
to control the certificate verification, you use--proxy-insecure
and--proxy-cacert
. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totally separate from the TLS connection to the server.
Q&A
nc : nc: Proxy error: "HTTP/1.1 200 Connection established"
issue
$ nc -X connect -x 127.0.0.1:8080 -zv git.domain.com 22 nc: Proxy error: "HTTP/1.1 200 Connection established"
solution
$ corkscrew 127.0.0.1 8080 git.domain.com 22 SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0) ^C $ ncat --proxy 127.0.0.1:1087 --proxy-type http sample.gerrit.com 29418 SSH-2.0-GerritCodeReview_2.16.27-RP-1.10.2.4 (SSHD-CORE-2.0.0) ^C $ cat ~/.ssh/config Host git.domain.com Hostname git.domain.com User marslo Port 22 StrictHostKeyChecking no UserKnownHostsFile ~/.ssh/known_hosts ProxyCommand corkscrew 127.0.0.1 8080 %h %p # or ProxyCommand ncat --proxy 127.0.0.1:8080 --proxy-type http %h %p # verify in ssh $ ssh -vT -o "ProxyCommand=corkscrew 127.0.0.1 8080 %h %p" -p 22 git.domain.com
proxy with kubeconfig
[!NOTE|label:see also]
$ kubectl config set-cluster <my-cluster-name> --proxy-url=<my-proxy-url>
# i.e.
$ kubectl config set-cluster development --proxy-url=http://proxy.domain.com:8080
proxy with windows
[!NOTE]
-
> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username > reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password > netsh winhttp import proxy source=ie
-
> netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost" REM show > netsh winhttp show proxy REM reset > netsh winhttp reset proxy
-
> netsh winhttp set proxy 127.0.0.1:1080 > netsh winhttp set proxy proxy-server="socks=127.0.0.1:9150" bypass-list="127.0.0.1" > netsh winhttp set proxy proxy-server="socks=localhost:9150" bypass-list="localhost" > netsh winhttp set proxy proxy-server="http=127.0.0.1:1080" bypass-list="127.0.0.1" > netsh winhttp set proxy proxy-server="https=127.0.0.1:1080" bypass-list="127.0.0.1"
check
$ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" | find AutoConfigURL AutoConfigURL REG_SZ http://proxy.domain.com/file.pac REM full list $ reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings CertificateRevocation REG_DWORD 0x1 DisableCachingOfSSLPages REG_DWORD 0x0 IE5_UA_Backup_Flag REG_SZ 5.0 PrivacyAdvanced REG_DWORD 0x1 SecureProtocols REG_DWORD 0x800 User Agent REG_SZ Mozilla/5.0 (compatible; MSIE 9.0; Win32) SecureProtocolsUpdated REG_DWORD 0x1 EnableNegotiate REG_DWORD 0x1 ProxyEnable REG_DWORD 0x0 MigrateProxy REG_DWORD 0x1 AutoConfigURL REG_SZ http://proxy.domain.com/file.pac