On a new Server in my network i try to setup a composer project and having trouble with my internal proxy. The proxy settings are set in /etc/environment for http and https (upper and lowercase). The output i'm getting is as follows:
$ composer.phar diag
Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking HTTP proxy: OK
Checking HTTP proxy support for request_fulluri: OK
Checking HTTPS proxy support for request_fulluri: FAIL
Unable to assess the situation, maybe github is down (The "https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0" file could not be downloaded: Peer certificate CN=`codeload.github.com' did not match expected CN=`api.github.com'
failed to open stream: Cannot connect to HTTPS server through proxy)
Checking github.com rate limit: OK
Checking disk free space: OK
Checking composer version: OK
The proxy CA certificate is properly installed and working on curl, wget and git. But it looks like composer has problems to evaluate the certificates against each other, because of my own CA. The https proxy is changing the certificates (like a man in the middle and i can't change the proxy [company security]) and this probably kills it.
Before you ask: i already tried setting the HTTP(S)_PROXY_REQUEST_FULLURI export value.
Does someone know this behavior and has a workaround?
Related
Note: this is not a duplicate of openssl s_client using a proxy, as I am specifically interested in proxy authentication, not the ability to use proxy.
I'm using openssl s_client to inspect certificates of the target server to understand how/where the connection works or not. As I'm behind a corporate proxy, I can specify the proxy server with -proxy flag, however I need to pass authentication details (username/password) to this proxy - and I haven't figured out how to do that.
openssl s_client -proxy my.proxy.server:8080 -connect my.target.host
successfully connect to the proxy server, however, understandably, results in error s_client: HTTP CONNECT failed: 407 Unauthorized.
Passing proxy server in the form of user:pass#my.proxy.server or http://user:pass#my.proxy.server both result in error s_client: -proxy argument malformed or ambiguous.
How can I pass proxy authentication to s_client? I would find it hard to believe that it supports proxy but not authenticated proxy.
I'm using openssl version 1.1.1a.
Just to follow up on #Arnaud Grandville's answer: OpenSSL v3 beta 1 has now been released, and it includes proxy authentication options. You have to compile it yourself, however.
Unfortunately in v3 beta 1 the HTTP code had some issues so you can't use the code from their website as-is. Anyone looking to compile from source can use the commands below to get an OpenSSL installation with working proxy authentication:
git clone --branch openssl-3.0.0-beta1 https://github.com/openssl/openssl.git
cd openssl
git fetch
git checkout 6a1f9cd -- crypto/http/http_client.c
./Configure
make
make install
Edit: For later versions this is no longer necessary as the bug was fixed. For example for version 3.0.5 you can simply run:
git clone --branch openssl-3.0.5 https://github.com/openssl/openssl.git
cd openssl
./Configure
make
make install
You can use escape-from-intranet https://github.com/quaddy-services/escape-from-intranet#introduction
and specify
host=my.proxy.server
port=8080
in the app and use
openssl s_client -proxy localhost:3128 -connect my.target.host
and your local running application will enrich the real proxy call with your credentials.
(In case you have a transparent proxy you need to switch the default proxy decision to "PROXY" in the "Decision" Menu)
openssl v3.0 will supports proxy_user and proxy_pass options.
no solution for now, the syntax after proxy is
host + ':' + service
host + ':' + '*'
host + ':'
':' + service
'*' + ':' + service
host
service
cf. BIO_parse_hostserv
I want to install a package for a Laravel chat app I'm making. When running "composer require foo/bar" I got the following error in the terminal:
In RemoteFilesystem.php line 515:
The "https://packagist.org/packages.json" file could not be downloaded: failed to open stream: Unable to find the socket transport "proxy_user_name" - did you forget to enable it when you configured PHP?
I'm using a VPN but it's still referring to my proxy credentials which is supposed to not see because of the VPN.
When running "composer diagnose" I get this:
Lolo#lolo:/media/lolo/project_path/project_name$
composer diagnose
Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "http://packagist.org/packages.json" file could not be downloaded: failed to open stream: Unable to find the socket transport "foobar" - did you forget to enable it when you configured PHP?
Checking https connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: failed to open stream: Unable to find the socket transport "foobar" - did you forget to enable it when you configured PHP?
Checking HTTP proxy: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: failed to open stream: Unable to find the socket transport "foobar" - did you forget to enable it when you configured PHP?
Checking HTTP proxy support for request_fulluri: WARNING
Unable to assess the situation, maybe packagist.org is down (The "http://packagist.org/packages.json" file could not be downloaded: failed to open stream: Unable to find the socket transport "foobar" - did you forget to enable it when you configured PHP?)
Checking HTTPS proxy support for request_fulluri: WARNING
Unable to assess the situation, maybe github is down (The "https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0" file could not be downloaded: failed to open stream: Unable to find the socket transport "foobar" - did you forget to enable it when you configured PHP?)
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: failed to open stream: Unable to find the socket transport "foobar" - did you forget to enable it when you configured PHP?
Checking disk free space: OK
Composer version: 1.6.3
PHP version: 7.2.7-0ubuntu0.18.04.2
PHP binary path: /usr/bin/php7.2
What could be causing the error?
It is due to a bad proxy configuration. Try correcting your proxy or disable it (temporarily) with
unset http_proxy;
unset https_proxy;
You could use redsocks when needing to go through a proxy.
I want to use composer, but the connection fails.
I am using Windows 7 64bit with a company proxy. I already tested to set the environment variable HTTP_PROXY but that did not solve the problem.
If Iy type composer diag with HTTP_PROXY set as environment variable I will get:
checking http connectivity: FAIL
...
failed to open stream: Cannot connect to HTTPS server through proxy
Checking HTTP proxy: FAIL
Without HTTP_PROXY environment variable:
Checking git settings: OK
Checking http connectivity: OK
Checking disk free space: OK
Checking composer version: FAIL
You are not running the latest version
What can I do to fix the problem?
I have to use the composer with a proxy-server!
I've just successfully built SparkleShare for windows according to guide:
https://github.com/wimh/SparkleShare/wiki
and exported my ssh public key to a server.
The problem is that I can't connect from a client behind a http_proxy to a public server with ssh running on a custom port. I had also problem with cloning any git server. I need to switch git:// protocol to http:// one. Any suggestion? Does anyone have similar experience?
This is a log file:
15:25:13 [SSH] ssh-agent started, PID=4380 Identity added:
C:\Users\MYUSER\AppData\Roaming\sparkleshare\sparkleshare.MYEMAIL.key
(C:\Users\sg0922706\AppData\Roaming\sparkleshare\sparkleshare.MYEMAIL.key)
15:25:34 [Fetcher][C:\Users\MYUSER\Documents\SparkleShare.tmp\share]
Fetchin g folder: ssh://MYGITUSER#MYHOST/MYPATH 15:25:34 [Fetcher]
Disabled host key checking MYHOST 15:25:34 [Cmd] git clone --progress
"ssh://MYGITUSER#MYHOST/MYPATH" "C:\Us
ers\MYUSER\Documents\SparkleShare.tmp\share" 15:25:37 [Git] Exit code
128 15:25:37 [Fetcher] Failed 15:25:37 [Fetcher] Enabled host key
checking for MYHOST
To get SparkleShare to use your proxy you will need to modify the config of the msysgit that is installed as part of SparkleShare. Navigate to C:\Program Files (x86)\SparkleShare\msysgit\etc and edit the gitconfig file in notepad and add the following line under the [http] tag
proxy = http://user:pass#proxyurl:port
modifying the url as required to match your settings. You can then use the "On my own server" option to add the http url of your repository.
I have a work around on this particular problem. I guess that you already successfully connected to your server via a simple SSH client (i.e. PuTTY)? With PuTTY you can easily configure an ssh connection via any kind of proxy (such as HTTP, SOCKS, Telnet, ..)
What you can do now is to specify a local "tunnel" (an SSH port forwarding rule) like this: L22 127.0.01:22 (see attachment). If you are using a ssh command line add the following option: -L 22:127.0.01:22.
So now as soon as your terminal is open and running you'll be able to reach your git server via the server url: ssh://git#127.0.0.1.
If your local port 22 is busy you can define the tunnet on a other port. i.e. if the 44 is not occupied: L44 127.0.0.1:22. The url to use in SparkleShare become ssh://git#127.0.0.1:44.
But it's a work around. I'm looking for a better solution.
when i made https enabled in secure url and front end secure url usage to yes in magento the checkout page becomes not found. Should i need to do anything more? where i have to place my ssl certificates.
please help me in this
You need to configure your web server (presumably apache?) and point it to your ssl certificate. You also need to make sure that mod_ssl is enabled. The config files will be in /etc/apache2 or /etc/httpd depending on the OS. You should find the ssl.conf file and set the location of the certificate there. To enable mod_ssl you can issue the following command in the command line:
a2enmod ssl