How to enable Proxy Auto Configuration file on windows 10? - https

I have tried to Proxy Auto Configuration that like follows on Windows10.
But it does not seems like be enabled.
I would like to decrypt HTTPS from specific IP address with mitmproxy but it does not pass through the proxy.
Why?
This Proxy Auto Configuration (PAC) file hosted by a HTTP server on LAN.
As a probability, some of applications does not follow this configuration if the applications adopt there own HTTPS library instead of windows builtin one?
My pac file:
function FindProxyForURL(url, host) {
if (host.indexOf("125.29.56.129") >= 0 || url.indexOf("125.29.56.129")) {
return "HTTPS 192.168.1.16:11161; DIRECT";
} else {
return "DIRECT";
}
}

Related

how can i set was: SpringBoot(tomcat) + web: nginx(bring the thymeleaf resource files from was) on docker in linux

It was a project with a base of springboot + thymeleaf.
I want to use the web server by using nginx to place the resource files of thymeleaf on the web server.
Running nginx and spring boot project (WAS) with docker container.
nginx uses a port number of 8003:80 and WAS 8002:8080.
At this time, I want to know the settings of nginx.conf and the settings of the application.yml file of WAS.
In the linux environment, there is a situation where mapping is not working properly depending on whether or not thymeleaf is "/", so I want to solve this.
The settings for nginx.conf are as follows.
server {
listen 80;
location / {
proxy_pass http://ipaddr:8002;
...
}
location /templates {
root /usr/resources/templates;
}
location /css/ {
alias /usr/resources/static;
}
}
The application.yml setting for WAS is as follows.
thymeleaf:
prefix: /usr/resources/templates/
suffix: .html
Some are omitted, but by default, they refer to the directory in the same way as above.
When you run each server, the was server and nginx seem to be calling normally, but they don't seem to map the screen that will eventually be displayed properly.
[TemplatesInputException: Error resolving template [common/pagename], template might not exist or might not be accessible by any of the configured Template Resolves]
An error is occurring. Please Help me.
I tried to modify the nginx.conf file in nginx and the application.yml file in was server in many ways.

Cause of "Browser needs to be launched with the global proxy" Playwright error

I'm running a Playwright test that makes a request to http://localhost:3000/somePage and wanted to run the request through a proxy (the Fiddler proxy, so I can inspect the traffic, but that's beside the point).
In my playwright.config.ts I have:
projects: [
{
name: 'chromium',
use: {
...devices['Desktop Chrome'],
proxy: {
server: 'http://127.0.0.1:8888'
}
},
},
]
The proxy key is what I added to what was already in the config file generated by Playwright when I set up the project.
When I run my test, I get the following error and the test fails to run:
browser.newContext: Browser needs to be launched with the global proxy. If all contexts override the proxy, global proxy will be never used and can be any string, for example "launch({ proxy: { server: 'http://per-context' } })"
A search online turns up little other than a couple github issues that were closed a long time ago. It seems like it's complaining that it should use the proxy, but only... when I tell it to use the proxy.
When I remove the proxy from the config, the test runs just fine. What am I missing?

Dovecot pigeonhole sieve proxy with ldap

for an upcoming IMAP migration, I need to proxy my users.
I plan to use Nginx for proxying IMAP and POPS traffic and directing them according to a LDAP attribute (mailHost)
But Nginx can't proxy SIEVE.
Dovecot PigeonHole seems to be able to proxy SIEVE protocol.
I try to configure it to avoid LDAP authentication because there's already an authentication on IMAP stores.
That doesn't work for now.
Here's my conf following this doc:
Pasword DB extra fields
Dovecot proxies
/etc/dovecot/dovecot.conf:
protocols sieve
!include conf.d/*.conf
/etc/dovecot/conf.d/90-sieve.conf
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
/etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login
!include auth-ldap.conf.ext
/etc/dovecot/conf.d/auth-ldap.conf
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
/etc/dovecot/dovecot-ldap.conf.ext
hosts = xxx.xxx.xxx.xxx
ldap_version = 3
base = ou=myOU, dc=domain, dc=example
pass_attrs = \
=user=%{ldap:user}, \
=password=, \
=proxy=y, \
=host=%{ldap:mailHost}
And here's the error in the log when I try to modify a sieve script using Horde Webmail:
dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=
I surely missed a setting somewhere.
For now, I haven't found yet.
Any help will be greatly appreciated
Thanks
OK, I've found the problem
To proxy password to IMAP backends:
/etc/dovecot/dovecot-ldap.conf.ext:
hosts = xxx.xxx.xxx.xxx
ldap_version = 3
base = ou=myOU, dc=domain, dc=example
pass_attrs = \
=user=%{ldap:user}, \
=password=, \
=proxy=y, \
=nopassword=y, \
=host=%{ldap:mailHost}
=port=2000
The doc says:
If you don’t want proxy itself to do authentication, you can configure it to succeed with any given password. You can do this by returning an empty password and nopassword field.
And port 2000 is needed because the IMAP backend still in production is running an old version of timsieved (cyrus sieve implementation)
Then, the backends are waiting for PLAIN authentication.
That's disabled by default in Dovecot, so activate it with:
/etc/dovecot/conf.d/10-auth.conf:
disable_plaintext_auth = no
auth_mechanisms = plain login
!include auth-ldap.conf.ext
This degrades the security, so I will limit access to port 2000 to the dovecot pigeon-hole proxy.

Where should the passwords file be located for nginx

I am following the elasticsearch nginx integration tutorial for windows. I have generated the password using openssl.
The question is what should be the extension for the passwords file and where should it be placed.
I keep getting this error message but it is very unclear to me what exactly the issue is
C:\Program Files\nginx-1.12.1\nginx-1.12.1>nginx -s reload nginx:
[error] OpenEvent("Global\ngx_reload_4428") failed (2: The system
cannot find the file specified)
Currently, the file is present inside the configs directory
events {
worker_connections 1024;
}
http {
upstream elasticsearch {
server 127.0.0.1:9200;
}
server {
listen 8080;
auth_basic "Protected Elasticsearch";
auth_basic_user_file passwords;
location / {
proxy_pass http://elasticsearch;
proxy_redirect off;
}
}
}
You have to specify full path for the password file location:
location / {
auth_basic "Secure Area (or whatever description you want)";
auth_basic_user_file /etc/nginx/auth/nginx.passwd;
... (other settings)
}
The example above works on Unix/Linux servers running nginx. Since you're running Windows I suppose you have to specify full path like C:\Program Files\nginx-1.12.1\nginx-1.12.1\nginx.passwd
Depending what exactly you want to restrict you might need to place the rule inside or outside of the location / {} block. Supposing you need to allow full access to your server/site and only restrict let's say /private then you will add the basic auth in:
location /private {
...
}

Bower calls blocked by corporate proxy

I'm trying to use Bower for a web app, but find myself hitting some sort of proxy issues:
D:\>bower search jquery
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 1.2s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 2.5s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 6.8s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 15.1s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 20.3s
bower ECONNRESET Request to https://bower.herokuapp.com/packages/search/jquery failed: tunneling socket could not be established, cause=Parse Error
Relevant points:
I can browse to https://bower.herokuapp.com/packages/search/jquery and it returns a full json response.
I can use git to clone, both using the git:// protocol and http(s).
I can use NPM directly without these issues
I've tried using Fiddler to determine what's being blocked, but it doesn't detect any calls from the Bower command. I can see calls from NPM commands in Fiddler.
I've searched the Bower issues list, seen similar issues, but they either have no solution or it doesn't seem quite the same as mine.
Any ideas?
Thanks #user3259967
This did the job.
I would like to add that if you are behind a proxy that needs to be authenticated, you can add the username/password to your .bowerrc file.
{
"directory": "library",
"registry": "http://bower.herokuapp.com",
"proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/",
"https-proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/"
}
NOTICE the use of http:// in https-proxy
The solution for me is this config .bowerrc
{
"directory": "vendor",
"registry": "http://bower.herokuapp.com",
"proxy": "http://<user>:<pwd>#proxy.host.br:8080",
"https-proxy": "http://<user>:<pwd>#proxy.host.br:8080",
"strict-ssl": false
}
Using the http protocol in https-proxy plus registry entry with http protocol.
Remember to change 8080 port number to whatever is yours proxy server port.
Are you behind a proxy?
Have you set up environment variables HTTP_PROXY and HTTPS_PROXY?
SET HTTP_PROXY=http://yourproxyserver:yourproxyport
SET HTTPS_PROXY=http://yourproxyserver:yourproxyport
Try changing the registry value in your .bowerrc:
{
"registry": "http://bower.herokuapp.com"
}
I did not have a .bowerrc file to configure my bower settings. I found the settings living in a file called defaults.js. found under "C:\...\bower\node_modules\bower-config\lib\util\defaults.js"
I hope this helps others:
var defaults = {
'cwd': process.cwd(),
'directory': 'bower_components',
'registry': 'http://bower.herokuapp.com',
'shorthand-resolver': 'git://github.com/{{owner}}/{{package}}.git',
'tmp': paths.tmp,
'proxy': '<<http://user:pass#proxy:port>>', // change proxy here or at the top
'https-proxy': '<<http://user:pass#proxy:port>>', // change proxy here or at the top
'timeout': 30000,
'ca': { search: [] },
'strict-ssl': false,
'user-agent': userAgent,
'color': true,
'interactive': null,
'storage': {
packages: path.join(paths.cache, 'packages'),
links: path.join(paths.data, 'links'),
completion: path.join(paths.data, 'completion'),
registry: path.join(paths.cache, 'registry'),
empty: path.join(paths.data, 'empty') // Empty dir, used in GIT_TEMPLATE_DIR among others
}
};
module.exports = defaults;
you can try suggest #thebignet into same issue on GitHub
Set proxy, https-proxy and strict-ssl configuration into .bowerrc File :
{
"proxy" : "http://<host>:<port>",
"https-proxy" : "http://<host>:<port>",
"strict-ssl" : false
}
But you must run Command from terminal:
git config --global url."https://".insteadOf git://
"strict-ssl": false
in .bowerrc did for me
For Win 7.
What worked for me , are below steps as suggested at this link - read #nanowizard answer.
In .bowerrc file, remove any http_proxy / https_proxy settings that
you might have done earlier. This is important.
So final content of this file should look like :-
{
"directory": "app/bower_components"
}
Set environment variables in your pc - http_proxy and https_proxy to your corporate firewall proxy. In case, your corporate proxy requires authentication and if your password contains special characters, convert it to hex form as suggested by this link. As in my case escaping of characters with '\' did not help. Also I had to restart my system.
Note :
http_proxy and https_proxy should contain same proxy address as shown below
http_proxy = http://<user>:<password>#<your company proxy>:<port>
https_proxy= http://<user>:<password>#<your company proxy>:<port> ->Note no 's' in http://...
I am behind corporate firewall and I have to specify domain name too.
None of these answers worked for me. Here is what I did -
Downloaded CNTLM from http://cntlm.sourceforge.net/
Obviously installed it.
Open up cntml.ini and change the following
Domain your_domain_name
Username your_domain_username
Password your_domain_passowrd
PassLM 1AD35398BE6565DDB5C4EF70C0593492 (uncomment this)
PassNT 77B9081511704EE852F94227CF48A793 (uncomment this too)
Proxy http://localhost:8888
Go to services.msc and start the CNTLM Authentication service.
Download Fiddler 4/2 (whatever they call it).
Install this too. This will run in http://localhost:8888
Now whatever program you’re running forward(proxy) it to http://locahost:3128 ( that’s what CNTLM is running.)
In this case specify http.proxy and https.proxy as http://localhost:8888
This will work for other client programs. Just specify proxy as http://localhost:8888
its work for me to change in .bowerrc file
{
"directory": "client/lib",
"registry": "http://bower.herokuapp.com",
"proxy":"http://192.168.1.205:3228",
"https-proxy":"http://192.168.1.205:3228"
}
where client/lib is installation directory where do you want to install
and http://192.168.1.205:3228 is your proxy ip with port. corporate proxy can be different according to oraganization.
In addition to setting the below proxy in .bowerrc:
{
"directory": "app/bower_components",
"proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"https-proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"http-proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"strict-ssl": false,
"registry": "http://bower.herokuapp.com"
}
I am required to run the following commands to fix the issue:
npm cache clean
bower cache clean
bower install
The registry used in the the other answers is now deprecated. Please update it!
{
"proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"https-proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"registry": "https://registry.bower.io"
}
{
"directory": "library",
"registry": "http://bower.herokuapp.com",
"proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/",
"https-proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/"
}
This code worked for me. I am using Win 7 and chrome and also git bash. Here few things need to be cleared. This takes me huge time to find the actual data regarding the user name, password, proxy IP and Port. I will describe it step by step so that every learners can easily grasp the message:
Create a file in the notepad named .bowerrc in the login folder; You can go there by typing at Start>Run>%UserProfile% and press OK.
Type above code in the .bowerrc file with the following changes:
Replace <USERNAME> with your internet connection user ID or login ID
Replace <PASSWORD> with your internet connection password or login password.
Replace <PROXY_IP> and <PROXY_PORT> with the working proxy IP address and its port number.
**Note: There should be no angle brackets.**
Proxy IP should be different than your own IP.
Before using any proxy IP and port you should check it is working by changing your proxy IP and port.
You can go through this link to know the details of proxy settings at description here
From this proxy settings you will get Proxy IP and Port.
Recheck all the input so that all are correct and save and close the file.
Open git bash and change directory to the project file and type command and hit enter, in my case, git bash command:
a#a-PC MINGW32 /d/conFusion
$ bower install
It worked like magic.
In case it helps someone, I had a 'bower blocked by group policy' error.
Solution was to make an exception in CryptoPrevent, a application installed on our company computers to prevent crypto lockers.
For info, in your .bowerrc file you can add a no-proxy attribute. I don't know since when it is supported but it works on bower 1.7.4 and it solve the issue of bower behind a corporate proxy with an internal repository
.bowerrc :
{
"directory": "bower_components",
"proxy": "http://yourProxy:yourPort",
"https-proxy":"http://yourProxy:yourPort",
"no-proxy":"myserver.mydomain.com"
}
Regards
Please make sure there are no special characters in your proxy password. Convert it to hex. It works for me.

Resources