Proxy

From DikapediaV2
Jump to: navigation, search

What is Proxy Server?

A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service. The proxy server may exist in the same machine as a firewall server or it may be on a separate server, which forwards requests through the firewall.


How to configure proxy environment variable in Linux using http_proxy & https_proxy


To use a proxy, the following environment variables need to be configured on the Source machines: For https_proxy – use - https://server-ip:port/

Check current proxy configuration status (https_proxy/https_proxy)/ This variable will show if there is a proxy server configured on the system:

# echo $http_proxy
# echo $https_proxy

Set up proxy without username and password

# export http_proxy=http://SERVER:PORT/
# export https_proxy=https://SERVER:PORT/
# export no_proxy=localhost,127.0.0.1,169.254.169.254,.amazonaws.com


Set up proxy with username and password

# export http_proxy=http://USERNAME:PASSWORD@SERVER:PORT/

Set up proxy permanently using /etc/environment. Persistent across all reboots and users:

# echo "https_proxy=https://proxy.example.com:3111/" >> /etc/environment
# echo "http_proxy=http://proxy.example.com:3222/" >> /etc/environment

References https://www.golinuxcloud.com/set-up-proxy-http-proxy-environment-variable/
https://www.thegeekdiary.com/how-to-configure-proxy-server-in-centos-rhel-fedora/


About /etc/environment and /etc/profile


Basically /etc/profile and works little bit differently, please check out below documents. /etc/environment is not a shell script unlike /etc/profile, it applies to all processes without shell.

Note that unlike a shell script in /etc/profile.d described in the next section, the /etc/environment file is NOT a shell script and applies to all processes without a shell.

  • In other words, you need "export" in /etc/profile, but NOT in /etc/environment.

https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
https://www.golinuxcloud.com/set-up-proxy-http-proxy-environment-variable/
https://www.thegeekdiary.com/how-to-configure-proxy-server-in-centos-rhel-fedora/


How to Set Up a Squid Proxy


Spin up another EC2 in public subnet to act as the Squid Proxy (bastion) and another EC2 in a Private Subnet (Upgrade tool). You know the routine - configure ssh keys, set hostnames, etc. NO NAT GATEWAY.

   Squid proxy set up: 
   A) Run: 
       $ sudo yum -y install squid
       $ sudo systemctl enable squid; sudo systemctl start squid; sudo systemctl status squid
   B) Add inbound port 3128 to the instance security group of the Squid Proxy (Bastion) instance. 
   C) SSH to the private instance (via the bastion instance), and configure the proxy environment variable using the private IP of the Squid/Bastion instance: 
       $ export http_proxy=http://172.31.44.117:3128/; export https_proxy=http://172.31.44.117:3128/; export no_proxy=localhost,127.0.0.1,169.254.169.254,.amazon.com
       $ env | grep _proxy
       http_proxy=http://172.31.44.117:3128/
       https_proxy=http://172.31.44.117:3128/
       no_proxy=localhost,127.0.0.1,169.254.169.254

D) Confirm that the connection to cloudendure.com or amazonaws.com goes through proxy:

       $ curl -IvkL cloudendure.com
       * Uses proxy env variable http_proxy == 'http://172.31.44.117:3128/'
       *   Trying 172.31.44.117:3128...
       * Connected to 172.31.44.117 (172.31.44.117) port 3128 (#0)
       > HEAD http://cloudendure.com/ HTTP/1.1
       > Host: cloudendure.com
       > User-Agent: curl/7.88.1
       > Accept: */*
       > Proxy-Connection: Keep-Alive
       > 
       < HTTP/1.1 301 Moved Permanently
       HTTP/1.1 301 Moved Permanently
       < Content-Length: 0
       Content-Length: 0
       < Server: CloudFront
       Server: CloudFront
       < Date: Fri, 26 May 2023 14:57:41 GMT
       Date: Fri, 26 May 2023 14:57:41 GMT
       < Location: https://www.cloudendure.com/
       Location: https://www.cloudendure.com/
       < X-Cache: LambdaGeneratedResponse from cloudfront
       X-Cache: LambdaGeneratedResponse from cloudfront
       < X-Amz-Cf-Pop: SYD1-C1
       X-Amz-Cf-Pop: SYD1-C1
       < X-Amz-Cf-Id: jOZDvUDxVB0Ma0JwPVNAEItc6Egz9-lRvky8RidEdyul0kPINBcoYQ==
       X-Amz-Cf-Id: jOZDvUDxVB0Ma0JwPVNAEItc6Egz9-lRvky8RidEdyul0kPINBcoYQ==
       < X-Cache: MISS from squidproxybastion
       X-Cache: MISS from squidproxybastion
       < X-Cache-Lookup: MISS from squidproxybastion:3128
       X-Cache-Lookup: MISS from squidproxybastion:3128
       < Via: 1.1 0b26d7ef0f265884570bdb3e6c3750b0.cloudfront.net (CloudFront), 1.1 squidproxybastion (squid/3.5.20)
       Via: 1.1 0b26d7ef0f265884570bdb3e6c3750b0.cloudfront.net (CloudFront), 1.1 squidproxybastion (squid/3.5.20)
       < Connection: keep-alive
       Connection: keep-alive
       < 
       * Connection #0 to host 172.31.44.117 left intact
       * Clear auth, redirects to port from 80 to 443
       * Issue another request to this URL: 'https://www.cloudendure.com/'
       * Uses proxy env variable https_proxy == 'https://172.31.44.117:3128/'
       * Hostname 172.31.44.117 was found in DNS cache
       *   Trying 172.31.44.117:3128...
       * Connected to 172.31.44.117 (172.31.44.117) port 3128 (#1)
       * ALPN: offers http/1.1
       * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
       * TLSv1.2 (OUT), TLS handshake, Client hello (1):
       *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
       *  CApath: none
       * OpenSSL/1.0.2k-fips: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
       * Closing connection 1
       curl: (35) OpenSSL/1.0.2k-fips: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
       # Each time you run the above curl command, you will see in `netstat -tulpna` as well: 
       $ sudo netstat -tulpna | grep 3128
       tcp        0      0 172.31.28.98:49564      172.31.44.117:3128      TIME_WAIT   -                   
       tcp        0      0 172.31.28.98:49550      172.31.44.117:3128      TIME_WAIT   -                   
       tcp        0      0 172.31.28.98:52262      172.31.44.117:3128      TIME_WAIT   -                   
       tcp        0      0 172.31.28.98:57204      172.31.44.117:3128      TIME_WAIT   -  
       ( TIME_WAIT indicates that local endpoint (this side) has closed the connection. Which makes sense because the `curl` command closes after it connects.)
       # You can also confirm by running `wget` to the console.cloudendure.com on the private instance:
       $ wget console.cloudendure.com
       --2023-05-26 15:09:19--  http://console.cloudendure.com/
       Connecting to 172.31.44.117:3128... connected.
       Proxy request sent, awaiting response... 301 Moved Permanently
       Location: https://console.cloudendure.com/ [following]
       --2023-05-26 15:09:20--  https://console.cloudendure.com/
       Connecting to 172.31.44.117:3128... connected.
       Proxy request sent, awaiting response... 200 OK

E) For DRS Agent installation do:

$ chmod +x aws-replication-installer-init; sudo ./aws-replication-installer-init --proxy-address http://172.31.44.117:3128/

=How to Configure Yum to use Proxy

Simply edit the /etc/yum.conf file and add the line proxy=http://[YOUR_PROXY_HOST]:[YOUR_PROXY_PORT]/

$ sudo vi /etc/yum.conf
.
.
.
proxy=http://172.31.16.26:3128/