LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   How do I ... achieve system-wide proxy settings (http://www.linuxquestions.org/questions/slackware-14/how-do-i-achieve-system-wide-proxy-settings-887977/)

hgriggs 06-23-2011 01:59 PM

How do I ... achieve system-wide proxy settings
 
I want to set the HTTP_PROXY and HTTPS_PROXY and http_proxy and FTP_PROXY environment variables "somewhere", so all programs that recognise these can find them. I need root to find them for slackpkg and sbopkg, I need users to find them for Dropbox, I need them for cronjobs and scripts and wget.

So I want to set these environment variables up somewhere, preferably something in /etc and have them set and accessible for everyone and everything. I am not using KDE or XFCE or any desktop. I need a command line solution.

Where is the best place to put this? I see that some other distros have a /etc/environment and these variables go in there. In Slackware, should I add them as a new file in /etc/profile.d and have them added every time /etc/profile is accessed? Is there a Slackware approved method that I don't know about?

hgriggs 06-23-2011 02:42 PM

So I did some experimentation. I created two files /etc/profile.d/proxy.sh and /etc/profile.d/proxy.csh. I made them executable like the others in /etc/profile.d. I added these contents (specific to my work proxy):

NO_PROXY="localhost,127.0.0.1"
no_proxy="localhost,127.0.0.1"
HTTP_PROXY="allagash.internal:3128"
http_proxy="allagash.internal:3128"
HTTPS_PROXY="allagash.internal:3128"
https_proxy="allagash.internal:3128"
FTP_PROXY="allagash.internal:3128"
ftp_proxy="allagash.internal:3128"
ALL_PROXY="allagash.internal:3128"
all_proxy="allagash.internal:3128"

Now anything that starts a shell will hit /etc/profile and that works through all the executable files in /etc/profile.d. My root user gets the proxy, my other users get the proxy, and so far it looks like shell scripts and cronjobs and anything that works through a shell gets the proxy. Only the programs that have been designed to use any of these environment variables will be affected, and so far that means slackpkg and sbopkg and wget. Probably all the standard tools will use it. Firefox won't use it, and I tried all the proxy settings. That's a bummer, but not as important.

mrclisdue 06-23-2011 03:06 PM

You can alias the firefox command, in /etc/bashrc, so that it always starts with the proxy environment that you wish....

cheers,

hgriggs 06-23-2011 03:26 PM

Good point. I'll try that. Thanks.

Do I tell Firefox to use the system proxy, or no proxy, or auto-detect proxy?

gezley 06-23-2011 05:35 PM

How about using iptables to redirect outgoing traffic bound for ports 80, 443, and 21 to port 3128 on the proxy? I use NetBSD for firewalling because iptables confuses the hell out of me but this is how I would go about it. Googling gives me this example for port 80:

Code:

iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.168.0/24 -d 0/0 –dport 80 –to-ports 3128

mrclisdue 06-23-2011 05:45 PM

Quote:

Originally Posted by hgriggs (Post 4394024)
Good point. I'll try that. Thanks.

Do I tell Firefox to use the system proxy, or no proxy, or auto-detect proxy?

Actually, I misled you for firefox; it's more *difficult* than simply creating an alias to enforce proxies, since you can't specify one on the cli. You can specify a particular profile with the -P switch, but that may limit the users' ability to create their own profiles.

You can change the network settings in preferences, or in about:config, or by using add-ons.

However, if you wish to enforce the proxies, you can lock the preferences you choose to lock.

See this:

https://support.mozilla.com/en-US/questions/826921

which ultimately leads to this:

http://kb.mozillazine.org/Locking_preferences

cheers,

mRgOBLIN 06-23-2011 06:44 PM

Quote:

Originally Posted by gezley (Post 4394086)
How about using iptables to redirect outgoing traffic bound for ports 80, 443, and 21 to port 3128 on the proxy? I use NetBSD for firewalling because iptables confuses the hell out of me but this is how I would go about it. Googling gives me this example for port 80:

Code:

iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.168.0/24 -d 0/0 –dport 80 –to-ports 3128

You can't transparently proxy https, the browser has to know it's going through a proxy.

If you have a webserver (and optionally a DHCP server) on your network you can have browsers "Auto configure" their proxy settings with WPAD.

Have a google about for WPAD and proxy.pac

http://findproxyforurl.com/

3r0s 09-12-2012 07:39 PM

dconf-tools
 
I tried the "dconf-tools" Gnome package in Xfce and it works.

Martinus2u 09-13-2012 02:24 PM

Quote:

Originally Posted by gezley (Post 4394086)
Code:

iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.168.0/24 -d 0/0 –dport 80 –to-ports 3128

This may often work in practice (I think I've done it in the past), but according to the HTTP specification a request to a proxy requires an absolute URI whereas a non-proxy request does not. For reasons I could explain a HTTP 1.0 compliant request must fail, whereas a HTTP 1.1 compliant request can be recovered, if the proxy is coded to deal with this situation.

nass 09-13-2012 05:41 PM

Quote:

Originally Posted by Martinus2u (Post 4779663)
This may often work in practice (I think I've done it in the past), but according to the HTTP specification a request to a proxy requires an absolute URI whereas a non-proxy request does not. For reasons I could explain a HTTP 1.0 compliant request must fail, whereas a HTTP 1.1 compliant request can be recovered, if the proxy is coded to deal with this situation.

I am sorry for hijacking this thread, but i'd like to subscribe it and ask a relevant question.

i'm not entirely sure what you're saying , but it sounds relevant to my case.
i do have a transparent proxy in my intranet but can't redirect https traffic - as the sites won't load.
You are telling me this is because of HTTP 1.0 ? (whatever that is)
Could you point me in some google search term about HTTP 1.0 and 1.1 and what it all means and how they all bind together?
Thank you.

Martinus2u 09-13-2012 05:59 PM

Quote:

Originally Posted by nass (Post 4779766)
I am sorry for hijacking this thread, but i'd like to subscribe it and ask a relevant question.

i'm not entirely sure what you're saying , but it sounds relevant to my case.
i do have a transparent proxy in my intranet but can't redirect https traffic - as the sites won't load.
You are telling me this is because of HTTP 1.0 ? (whatever that is)
Could you point me in some google search term about HTTP 1.0 and 1.1 and what it all means and how they all bind together?
Thank you.

as mRgOBLIN pointed out earlier, HTTPS is yet another issue. Since it offers point-to-point encryption you cannot transparently proxy it.

The specifications of the HTTP protocol are found in RFC 1945 and RFC 2616, for HTTP 1.0 and HTTP 1.1 respectively. Those would be the search terms. Amongst the hits (pointing to the IETF itself):

http://www.ietf.org/rfc/rfc1945.txt
http://www.ietf.org/rfc/rfc2616.txt

rouvas 09-13-2012 07:05 PM

Quote:

Originally Posted by nass (Post 4779766)
I am sorry for hijacking this thread, but i'd like to subscribe it and ask a relevant question.

i'm not entirely sure what you're saying , but it sounds relevant to my case.
i do have a transparent proxy in my intranet but can't redirect https traffic - as the sites won't load.
You are telling me this is because of HTTP 1.0 ? (whatever that is)
Could you point me in some google search term about HTTP 1.0 and 1.1 and what it all means and how they all bind together?
Thank you.

I think you will find the following useful:

Transparent Proxy with contentfilter
http://alien.slackbook.org/dokuwiki/...lackware:proxy

and

Tinyproxy : https://banu.com/tinyproxy/


All times are GMT -5. The time now is 06:00 AM.