KentS's picture

We need to proxy Gitea's outbound through a 'Shared Services' squid proxy. What are the appropriate steps to take to add http and https proxy settings in these AMIs we pull from the marketplace?

Forum: 
Tags: 
Jeremy Davis's picture

To configure an outgoing proxy on a TurnKey server, you'll need to set the relevant environment variables. They are:

# http_proxy: Proxy server for HTTP Traffic
# https_proxy: Proxy server for HTTPS traffic
# no_proxy: Patterns for IP addresses or domain names that shouldn’t use the proxy

Generally it should be enough to set those values, however, I have also seen some apps use those same environment variables, but in capitals. I.e.:

# HTTP_PROXY: Proxy server for HTTP Traffic
# HTTPS_PROXY: Proxy server for HTTPS traffic

I recommend trying the lower case variant first, but if you have issues with a particular application, then try setting the capitalised version too.

The proxy host should be set in the format protocol://server:port. E.g. to use a http proxy located at proxy.example.com using port 8080:

http_proxy=http://proxy.example.com:8080/

If a username/password is required, then the format is protocol://username:password@server:port/. E.g. above example but for user "admin" with password "Passw0rd":

http_proxy=http://admin:Passw0rd@proxy.example.com:8080/

If your password contains special characters, you'll need to encode them. E.g. the password "Passw0rd!" would be "Passw0rd%21".

To set it for the current terminal session, export it:

export http_proxy=http://proxy.example.com:8080/

If you wish all users to use the proxy, then set the environment vars in /etc/environment. E.g. something like this:

echo "http_proxy=http://proxy.example.com:8080/" >> /etc/environment

Note that if you are not logged in as root, either prefix commands with sudo, or run as root by running "sudo su -" first.

It's also worth setting localhost and 127.0.0.1 (the loopback/localhost IP address) to not use the proxy. I.e.:

no_proxy="localhost, 127.0.0.1" >>  /etc/environment

You may find that some particular applications may not pick these up, so may need to explicitly add them. Apparently gitea should though. If the above doesn't work, then you may need to add it to the git users .profile file. I.e.:

echo "export http_proxy=http://proxy.example.com:8080/" >> /home/git/.profile
chown git:git /home/git/.profile

Then restart gitea:

systemctl restart gitea

Please also note that the apt package manager won't pick that up if used with sudo (it should when running as root). It's probably best manually configure apt to use the proxy regardless. Do that like this:

cat > /etc/apt/apt.conf.d/95proxies >>EOF
Acquire::http::proxy "http://proxy.example.com:8080/";
Acquire::ftp::proxy "ftp://proxy.example.com:8080/";
Acquire::https::proxy "https://proxy.example.com:8080/";
EOF

I hope that helps. If not, please explain the exact scenario that isn't working and I'll have another stab at it... :)

Add new comment