Coding Mantis

Setting up proxies in Linux

Thu 07 September 2017

At times setting up proxy on your linux distribution can be a bit tricky if you are using distros like Arch, Gentoo which don’t do it for you.

This post covers all the different settings that I had to follow to configure proxy settings on my Arch system with i3 as its window manager.

1. NM-Applet Configuration

There is a direct option to configure proxy for a network connection in nm-applet network manager, its pretty straightforward but in my case it didn’t work at all.

2. Setting up manual proxy in chrome

If you are using chrome in non-standard distro then chances are that chrome will not allow you to define the proxy settings instead it will default to the system wide proxy settings, but what if your system wide proxy isn’t working ?

The work around that I found was to use command line arguments to chrome. Required command line argument here was the one which allows us to specify a location to a PAC file which allows for auto config of all the proxy setting

A PAC(Proxy Autoconfiguration) file is just a normal file which contains rules about the proxy that you want to enable. The PAC file used by me is

function FindProxyForURL(url, host) 
{ 
    if (shExpMatch( host, "192.168.*" )
    ||  shExpMatch( host, "127.*" )
    ||  shExpMatch( host, "localhost" )
    ||  shExpMatch( host, "*.iiit.ac.in" )
    ||  shExpMatch( host, "10.*" )
    ||  isPlainHostName( host )
    ||  dnsDomainIs( host, ".iiit.ac.in" )) {
        return "DIRECT"; 
    }

// You shouldn't need this, but in some cases it might be handy:
    if (isInNet(host, "10.0.0.0", "255.0.0.0")) {
        return "DIRECT"; 
    }

// This uses the Dan's Guardian port by default, squid if that isn't
// working, and direct if that isn't working.  On my network, i don't
// use DIRECT, because i block outgoing access in the firewall.
    return "PROXY proxy.iiit.ac.in:8080; DIRECT"; 
}

So I needed to launch chrome by using the command-

google-chrome-stable --proxy-pac-url=http://proxy.iiit.ac.in/proxy.pac

Way too verbose. I wanted to find a way via which I could launch chrome with this flag normally.

The fix was to copy the bash script which actually executes chrome, by default you can find it using which command. After that you will find a line containing exec command, you need to modify it so that it looks like-

exec /opt/google/chrome/google-chrome $CHROME_USER_FLAGS "--proxy-pac-url=http://proxy.iiit.ac.in/proxy.pac"

So I just copied the default google-chrome-stable executable bash script to a new file named chrome-iiit and that was it.

3. Setting up proxy inside the terminal

If you are not using a system wide proxy then you also need to setup proxy for all the connections that you might make from inside of your terminal. This was easy I only needed to add a couple of environment variables into my .bashrc to make it work. The changes were as follows-

## CONTENT FOR IIIT H PROXY
export http_proxy=http://proxy.iiit.ac.in:8080/
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export rsync_proxy=$http_proxy
export ssh_proxy=$http_proxy
export no_proxy="localhost, 127.0.0.1, *iiit.ac.in, *iiit.net, 172.16.*.*, 172.17.*.*, 192.168.*.*, 10.*.*.*"

You might need to replace the value of variables by your own proxy URL.

Setting up proxy for sudo

The above changes will allow you to define proxy for all commands that you execute with user-level priveleges. But, if you try to execute any program which requires you to use root access or sudo(substitute user do) then you won’t be able to. For this you need to add an additional line to your sudoers file.

Please edit the sudoers file using sudo visudo command only!

Inside the sudoers file I only had to add an additional line to modify the defualt env_variables so that it also includes $http_proxy

### changes for IIIT H proxy
Defaults env_keep += "https_proxy http_proxy"

4. Setting up proxy for pacman

This was something that I didn’t expect that I would need to do. But as it turns out, arch also expects you to manually configure proxy settings for Pacman(arch package manager) as well. This was also not hard.

After a bit of googling the solution was to modify the pacman config file at /etc/pacman.conf

Near lines 20-ish you will find an entry name XferCommand you need to modify it so that it looks like - XferCommand = /usr/bin/wget --passive-ftp --proxy=on -c -O %o %u

You might notice that we are making a call to wget, so its natural that we modify the config file for wget and set proxy values there too. The default wget config file is at /etc/wgetrc

Find the lines containing https_proxy http_proxy use_proxy variables, uncomment them and add the correct values

# You can set the default proxies for Wget to use for http, https, and ftp.
# They will override the value in the environment.
https_proxy = http://proxy.iiit.ac.in:8080
http_proxy = http://proxy.iiit.ac.in:8080
ftp_proxy = http://proxy.iiit.ac.in:8080

# If you do not want to use proxy at all, set this to off.
use_proxy = on

In case you want to setup proxy iniside Firefox webbrowser, you just go to Advanced Settings -> Network and then set the manual proxy values

Phew, and that’s it folks! This is all the different stuff that happens when you use system wide proxy configuration.

Comments