Suppose you are working in an R&D environment with only intranet access. And you can only browse the internet in the browser through a proxy, this article may help you configure your environment to make your daily life easier.
We only consider a Linux environment, or Windows with cygwin.
Check the proxy address in your browser
Let’s use IE as an example. It is under menu [Tools] -> [Internet Options] -> [Connections] -> [Lan settings] -> [proxy server]. If you use a pac file to automatically configure the proxy, you need to check the content in the pac file to find the proxy address out.
Let use http://proxy.example.com as the proxy address, and port 8080 is the proxy’s port. It’s possible the proxy also requires authentificaiton. Let’s suppose the domain name in a Windows domain is CHINA, with the domain username is egUserName and password is egPassword.
Configure http_proxy and https_proxy in Shell
Please add the two lines into your linux’s .bashrc or .bash_profile
export http_proxy="http://CHINA\\egUserName:egPassword@proxy.example.com:8080" export https_proxy="https://CHINA\\egUserName:egPassword@proxy.example.com:8080"
After this, many tools can work properly, like wget, curl, etc.
Configure http_proxy for Git
You can use git commands to do the configuration. Let’s modify ~/.gitconfig file directly.
[http] proxy = "https://CHINA\\egUserName:egPassword@proxy.example.com:8080" sslVerify = false [https] proxy = "https://CHINA\\egUserName:egPassword@proxy.example.com:8080"
We use https proxy address for both http and https. You can tweak it to see whether it works in your environment. The “sslVerify = false” is used to disable the ssl verification during git data transmission. Otherwise, if your company does deep packet inspection in the https proxy connection, it will cause troubles for the git to verify the data.
After this configuration, all the http/https git address should work, like https://yourRepoServer.com/yourRepo/yourProject.git. You may still need to attach the username and password, e.g. yourGitAccout and yourGitPassword in the address, like https://yourGitAccount:yourGitPassword@yourRepoServer.com/yourRepo/yourProject.git. If you only want to attach the username not the password in the address, you can add this line into your .gitconfig to support cache your password in memory for 1 hour.
[credential] helper = cache --timeout=3600
However, it doesn’t support git@ protocol to clone a project. One way to solve it is to let git automatically replace “git@” with https:// For example, replace github.com git address could be done with this configuration in the .gitconfig file.
[url "https://github.com/"] insteadOf = firstname.lastname@example.org:
If you think this is still not the way you want, let’s switch to the powerful tool corkscrew.
SSH over Http Proxy through corkscrew
You can Google corkscrew and ssh over http to learn more about the mechanism. Here let’s only focus on the usage. Install corkscrew, e.g. use Ubuntu’s “apt-get install” or search it in your Cygwin’s package list. And suppose you want to ssh to yourServer.com and you have a git address git@yourRepoServer.com , you can create a file ~/.ssh/config with the content
Host yourServer.com yourRepoServer.com ProxyCommand /usr/bin/corkscrew proxy.example.com 8080 %h %p ~/.ssh/authfile
And you create the ~/.ssh/authfile
Now, you can try these commands, like “ssh yourRepoServer.com” or “git clone git@yourRepoServer.com”.
Enable Ubuntu apt-get to use proxy
Ubuntu apt-get can use http_proxy and https_proxy to download package and updates. However, if you run these commands with sudo, the root’s environment has no such environment variables. Add this line into /etc/sudoers will solve this problem.
Defaults env_keep = "http_proxy https_proxy ftp_proxy"
Last word, please change the mode to 600 of all the files that contains your username and password if you are working in a shared server.