I am trying to setup proxy in /etc/yum.conf with https and ssl cert
Normally, i would have proxy=http://x.x.x.x:80 provided that is the proxy address and since my proxy does not require username and password, that would work. But now i have a requirement, to setup /etc/yum/conf with
proxy=https://x.x.x.x:433
and the yum hosting centos can only talk to internet via a proxy which accepts ssl cert based Authentication.
So how would i install the ssl Cert on the centos host for yum to work with the proxy host on port 443 and one that requires an SSL Cert
It looks like you should be able to use the following config directives taken from the yum.conf manual page.
sslclientcert
Path to the SSL client certificate yum should use to connect to
repos/remote sites Defaults to none. Note that if you are using curl
compiled against NSS (default in Fedora/RHEL), curl treats
sslclientcert values with the same basename as identical. This
version of yum will check that this isn't true and output an error
when the repositories "foo" and "bar" violate this, like so:
sslclientcert basename shared between foo and bar
sslclientkey
Path to the SSL client key yum should use to connect to repos/remote
sites Defaults to none.
Related
I am looking for a simple solution to start a squid-like proxy server that supports username/password authentication.
It should be able to tunnel HTTPS requests using CONNECT.
A docker-based solution is
docker run --rm -it -p 3128:8080 mitmproxy/mitmproxy mitmdump --set proxyauth=user:pass
The --ignore-hosts option also enables TLS pass-through for stuff like mTLS and certificates not signed by a trusted root (i.e. via. mkcert or self-signed).
I'm using net-sftp which relies on the net-ssh gem.
I'm trying to connect to a remote log service via SFTP, and it requires IP whitelisting. All my current servers have dynamic IPs.
I'm trying to set up a static, secure, proxy server in Google Cloud. I don't really understand all the differences between all the types of proxying, but net-ssh appears to support...
socks4
socks5
'jump' proxy
I looked into setting up a socks5 proxy with Dante but it appears a bit overkill just to relay the SFTP connection through it, not to mention I think it sends passwords in plain text.
How would I go about proxying net-sftp through some server in the easiest way?
The easiest way would be to setup a Jump-host server that can reach the target servers and then connecting to the target server by letting the Jump-host server proxy your connection through.
SSH makes it trivially easy:
ssh -J user#jump-host myuser#target-host
In your .ssh/config you can do the following:
### First jump-host. Directly reachable
Host jump-host
HostName jum-phost.example.org
### Host to jump to via jump-host.example.org
Host target-host
HostName target-host.example.org
ProxyJump jump-host
This will allow you to use net-ssh as usual. If you dont want to change the config file then you will have to use 'net/ssh/proxy/jump':
require 'net/ssh/proxy/jump'
proxy = Net::SSH::Proxy::Jump.new('user#proxy')
Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
...
end
See this article for more info on Jump Hosts.
After reading this installing plugin using proxy I created command bin/elasticsearch-plugin -Dhttps.proxyPort=xxxx -Dhttps.proxyHost=xxxx install --batch com.floragunn:search-guard-6:6.1.0-20.1
but it is not working. How do I install plugin using proxy in Elasticsearch 6.1.0?
On FreeBSD 13 and Elasticsearch7 Tor proxy is an option.
To configure it install Tor and run it, then
setenv ES_JAVA_OPTS "-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9050"
/usr/local/lib/elasticsearch/bin/elasticsearch-plugin install plugin-name-here
Alternatively if you're using an HTTP proxy, change the first line to
setenv ES_JAVA_OPTS "-Dhttp.proxyHost=host_addr -Dhttp.proxyPort=proxy_port -Dhttps.proxyHost=host_addr -Dhttps.proxyPort=proxy_port"
where host_addr and proxy_port are addresses and ports for http and https proxies respectively.
I'm trying to upload a bosh release into the director. I use a Virtualbox environment and I'm behind a corporate proxy.
Even when I've tried to set the proxy with
export https_proxy=http://myproxy:3128
or with
export BOSH_ALL_PROXY=http://myproxy:3128
I never manage to do any download
Does someone know how to do ?
MBP-de-Olivier:bosh-deployment olivier$ bosh -e vbox upload-release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=283
Using environment '192.168.50.6' as client 'admin'
Task 13
Task 13 | 15:28:45 | Downloading remote release: Downloading remote release (00:00:05)
L Error: Failed to open TCP connection to bosh.io:443 (Address family not supported by protocol - socket(2) for "bosh.io" port 443)
Task 13 | 15:28:50 | Error: Failed to open TCP connection to bosh.io:443 (Address family not supported by protocol - socket(2) for "bosh.io" port 443)
Have you tried to download the release locally and upload to your bosh director from local host.
I think you should add the following lines:
export http_proxy=http://yourproxy:3128
export https_proxy=http://yourproxy:3128
Are you sure that 3128 is the correct port? This seems as if you are using cntlm (or another similar local proxy). If it is a local proxy: Is the service running? Can the service connect to the corporate proxy?
My guess is that the BOSH director does not know it must use a proxy. I'm under the impression you tried to configure the proxy at the bosh-cli level, but the download is performed by the director itself.
You could try to re-deploy the director with your proxy configuration. You can use this ops file in order to do so.
I am using cntlm proxy on a CentOs 7 server behind a corporate proxy which needs an authentication.
Here is my cntlm.conf file :
Username user
Domain dom
Auth NTLMv2
PassNTLMv2 **********
Proxy corporateproxy:8080
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*, 172.*, *.local
Listen 0.0.0.0:3128
Everything works ok, except for a yum repo who needs a basic auth :
[datastax-cassandra]
name=datastax-cassandra
humanname=DataStax Repo for DataStax Enterprise
baseurl= http://auser#mail.com:s6pZ4cjORRAqDhG#rpm.datastax.com/entreprise
gpgcheck=0
enabled=1
When running
repoquery --plugins --queryformat '%{NAME}_|-%{VERSION}_|-%{RELEASE}_|-%{ARCH}_|-%{REPOID}' --pkgnarrow=available selinux-policy-devel policycoreutils-python
I get :
Could not match packages: failure: repodata/repomd.xml from datastax-cassandra: [Errno 256] No more mirrors to try.
http://auser#email.com:s6pZ4cjORRAqDhG#rpm.datastax.com/enterprise/repodata/repomd.xml: [Errno 14] curl#52 - "Empty reply from server"
For any other mirror server which do not need basic auth, everything is ok.
Any idea (cntlm configuration, yum repo configuration, ...) ?
There is a patch for cntlm with support for Basic HTTP Auth; see
cntlm-0.35.1 modified to support Basic HTTP Auth with HTTPAUTH parameter