Stuff I'm Up To

Technical Ramblings

Proxy Fun and Games — October 11, 2018

Proxy Fun and Games

I seem to spend most of may day trying to sort out issues regarding getting different applications through the corporate proxy server. I’m really hoping one day we can setup a transparent proxy if for no other reason than to make our development lives easier.

At present we need use a browser proxy script (http://wpad/wpad.dat) to determine which of the corporate proxy servers to use. We have an internet proxy and a Gov’t gateway proxy. Depending where the user is trying to go determines which proxy they must use.

The script works just fine for 99% of our user base.

However, when it comes to the other 1% there’s need to tell not just the browser what proxy to use, but in the development world we need to inform the various development tools how to use a proxy too. This is where the pain is.

We need to setup a proxy in several places eg. for the operating system, for the browser, for Git, for NPM/Yarn, for Composer, for Java…

Operating System


Open a CMD/PowerShell window with Administrative permissions

C:> netsh winhttp set proxy http://username:password@ "<local>"

You may not need the username and password here as the OS will send your Windows credentials.

The <local> means bypass the proxy for any local address. You may add into that for other specific servers eg. "<local>,server.domain.tld"

Also set the Environment variables for the proxy

Windows Key + R

control sysdm.cpl,,3

Click the environment settings and add in the following settings to your user variables.



$ sudo vi /etc/envronment


Git proxy settings

$ git config --global http.proxy http://username:password@

You’ll probably need to ensure this is set for the sudo environment too if you ever have the need to install global requirements with npm.

$ sudo git config --global http.proxy http://username:password@

NPM proxy settings

$ npm config set proxy http://username:password@

Again you’ll probably need to ensure it’s replicated into sudo.

$ sudo npm config set proxy http://username:password@

This actually writes to a file in your home folder called .npmrc which you can edit if you need to put in some backslashes to escape and special characters in your password. eg. c:\Users\myuser\.npmrc or ~/.npmrc and the sudo version will write it into the root users home folder.

Yarn proxy settings

As Yarn is essentially npm on steroids it works the same way but writes to ~/.yarnrc

$ yarn config set proxy http://username:password@
$ sudo yarn config set proxy http://username:password@

Composer proxy settings

Thankfully this is capable of using the Operating System proxy environment variables. So if you set them as above for Windows and/or Linux you should be good to go.

Java proxy settings

This has it’s own rules just like all the others. But you may also run into Java applications having their own proxy settings too. Such as gradle which has it’s own properties file to setup the proxy. They all seem to be a similar pattern though, edit a properties file and add in:


Typically this is done in the JRE’s lib/ file so it applies to Java globally. eg. My file is located under c:\Program Files\Java\jdk1.80_151\lib and has plenty of helpful commented examples on how to set things.

Under Debian my is located under /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib

They can also be passed to the Java command line as -D parameters eg.

$ java -Dhttp.proxyHost= -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|domain.local"


JIRA, Confluence and Nginx — September 15, 2018

JIRA, Confluence and Nginx

With Atlassian Jira Software and Confluence installed onto the same server I thought I’d investigate setting things up so we don’t have to use the default TCP port type of access over HTTP. instead let’s setup a reverse proxy using HTTPS over TCP 443 that forwards to the TCP 8080 and 8090 ports.

The aim is to get Jira accessible as https://jira.domain.local and Confluence as https://jira.domain.local/confluence.

Continue reading

Sudo and Proxy / Environment Settings — August 15, 2018

Sudo and Proxy / Environment Settings

When you run a program using sudo what tends to happen is the sudo/root account fails to do anything useful on the internet. It times out trying to connect to systems to download updates that are required by elevated permissions.

We discovered using sudo composer self-update failed to update the core instance of composer, not because of permissions, but because it could not get to the internet to download it.

Set the environment variables that get persisted within your /etc/sudoers file by running:

$ sudo visudo

Seach for the line

Defaults    env_reset

and change it to

Defaults    env_keep += "ftp_proxy http_proxy https_proxy no_proxy"

Now your proxy will be set within your sudo environment too.



Nginx and Keepalived — May 15, 2018

Nginx and Keepalived

I have a need to deploy a High Availability Load Balanced reverse proxy solution. We have a back end web service that requires resilience. To achieve this I’ve been looking at Nginx and Keepalived. The Nginx Plus product appears to contain high availability support – but we’re in the realms of zero budget and open source/community supported products.

The front end reverse proxy I’ll use is Nginx, but it could be anything. The clever part is going to be using keepalived to pass a single IP address between two servers.

Continue reading

NPM Behind a Proxy — April 13, 2018

NPM Behind a Proxy

Whilst trying to deploy a Node.js script to one of our windows servers I realised that NPM wasn’t downloading the necessary components because it wasn’t even trying to use the corporate proxy server.

It’s a Windows server so I checked the proxy settings

c:> netsh winhttp show proxy

Current WinHTTP proxy settings:

    Proxy Server(s) :
    Bypass List : <local>

That seemed to be telling the OS to use the corporate proxy. But the NPM progress bar just remained frozen and no modules were downloaded.

NPM has it’s own proxy settings in your user profile .npmrc file. You can edit the file and add them in yourself:


or at the command prompt:

c:> npm config set proxy http://<username>:<password>@<proxy-server-url>:<port>
c:> npm config set https-proxy http://<username>:<password>@<proxy-server-url>:<port>
Android Trusted CA Certificate — September 20, 2017

Android Trusted CA Certificate

We have been tested by some of our Android Lollipop tablets. Adding a trusted CA certificate used to be as easy as visiting the proxy portal and clicking the install certificate button.

Now these devices come up with an error complaining that there is “no certificate in file”.

Reading a lot of Android nightmare posts about converting the PEM certificate to pfx/p12 using openssl and then rooting the device and delivering the certificate into the folder for the cacerts using the command line it turned out to be far simpler.

Continue reading

Squid Kerberos Nightmare — July 25, 2017

Squid Kerberos Nightmare

What a terrible sequence of events we suffered today. Took quite a bit of head scratching, log reading and plenty of Google fu to resolve.

We use Squid with an LDAP and authenticated lookup to establish if a user is a member of an AD group to allow them through the proxy. For some very strange reason the authentication and lookup began failing today.

Continue reading

Squid3 changes for Debian Jessie — July 21, 2017
Windows Proxy Fun & Games — January 20, 2017
Nginx, Not Just a Web Server — October 26, 2016

Nginx, Not Just a Web Server

Nginx is capable of more than serving web pages. It can load balance, cache and act as a reverse proxy.

We recently had need to access two web services on the same server through a single interface. This is where the reverse proxy came in.

  • Service A runs on port 9010
  • Service B runs on port 9020
  • Access to both services needs to be via a single front end using traditional http over port 80

Not ideal, but it’s not my system design, just a challenge we need to face. The way we tackled it was using an Nginx reverse proxy and split the calls to specific URL paths on each web service to the relevant underlying back end service.

Continue reading

Windows Proxy Settings — October 5, 2016

Windows Proxy Settings

Set the Server to use the proxy at the command line using:

C:\> netsh winhttp set proxy "http://myproxy:3128" "<local>"

Where the <local> parameter means skip using a proxy for local addresses.

View your setting using:

C:\> netsh winhttp show proxy


set proxy [proxy-server=] ProxyServerName [bypass-list=] <HostsList>