Ubuntu 20.04 プロキシ設定
目次
ネットワークの問題で、コマンドラインからプロキシを設定する必要がある場合があります。Ubuntuでは、ネットワークを必要とする一般的なコマンドは以下の通りです。
curl
,
git
,
apt-get
,
wget
などがあります。これらのコマンドはすべて、環境変数にあるプロキシ設定にアクセスするものです。
関連する環境変数
通常、Linux の環境変数はすべて大文字ですが、プロキシのオプションは少し特殊で、一般に大文字と小文字が区別されます。ただし、コマンドによっては大文字のプロキシ環境変数、たとえば
curl
は小文字の
http_proxy
.
ここでは、関連する環境変数を小文字で列挙します。
<テーブル 環境変数 備考 カール ギット apt-get ウィジェットhttp_proxy
Y
Y
Y
Y
https_proxy
Y
Y
?
Y
ftp_proxy
Y
Y
Y
N
all_proxy
Y
Y
N
Y
no_proxy
Y
Y
N
Y
に加えて
no_proxy
という形式で、これらの環境変数が設定されます。
[protocol://][user[:password]@]proxyhost[:port]
no_proxy
ssh
は、ホスト名(ドメイン)のカンマ区切りリストです。
また
http_proxy
はこれらの環境変数を使用せず、独自の方法でプロキシを設定します。
カール
に加えて、以下の環境変数が必要です。
proxy
はどのような場合でも許可されますが、小文字が好ましいとされています。環境変数を使って-x
の効果やオプションは--proxy
,http_proxy [protocol://]<host>[:port]
も同じ効果を持ちます。
HTTP
を設定します。proxy
のプロトコルを指定します。HTTPS_PROXY [protocol://]<host>[:port]
.HTTPS
セットproxy
のプロトコルを使用します。[url-protocol]_PROXY [protocol://]<host>[:port]
.[url-protocal]
についてproxy
を設定します。url-protocol
というようにcurl
はFTP
などのサポートされたプロトコルがあります。FTPS
,POP3
,IMAP
,SMTP
,LDAP
,ALL_PROXY [protocol://]<host>[:port]
などです。proxy
を明示的に設定しないためproxy
のプロトコル設定NO_PROXY <comma-separated list of hosts>
.`*`
プロキシを行わないホストのリスト(カンマ区切りで指定)。にのみ設定されている場合はhttp.proxy
の場合、すべてのホストにマッチします。- を翻訳したものです。 Curlマニュアル、バージョン7.58.0 .
ギット
git-config のマニュアルを見ればわかるように、git は curl と同じように環境変数で定義されたプロキシを使うこともできますし、またそのプロキシを使うために
https.proxy
で設定することもできます。
http.proxy
オプションで指定します。
[protocol://][user[:password]@]proxyhost[:port]
は、以下のような形式で設定されます。
https
この設定は、環境変数の設定より優先されます。
上記の設定は
url
プロトコルの
ssh
を介して渡される場合は有効です。
ssh
対応するライブラリにアクセスするために
~/.ssh/config
を使用してプロキシを設定します。例えば、プロキシを設定するために、ファイル
Host github.com
User git
ProxyCommand nc -X connect -x 127.0.0.1:10809 %h %p
(このファイルの読み取り/書き込み権限は644である必要があります)
-X connect
こちら
http
は、プロキシが
git
プロキシを使用します。
もし
ssh
は
github
とプロキシ経由のアクセス
http
は、次のように設定することができます。
socks5
プロキシです。もし、それが
-X connect
プロキシを削除してください。
nc
を、他のプロトコルについては
core.gitProxy
A "proxy command" to execute (as command host port) instead of establishing direct connection to
If the variable value is in the
"COMMAND for DOMAIN" format, the command is applied only on hostnames ending with the specified
This variable may be set multiple times and is matched in the given order; the
This variable may be set multiple times and is matched in the given order; the first match wins.
Can be overridden by the GIT_PROXY_COMMAND environment variable (which always applies universally,
can be overridden by the GIT_PROXY_COMMAND environment variable (which always applies universally, without the special "for" handling).
The special string none can be used as the proxy command to specify that no proxy be used for a
This is useful for excluding servers inside a firewall from proxy use, while
This is useful for excluding servers inside a firewall from proxy use, while defaulting to a common proxy for external domains.
http.proxy
Override the HTTP proxy, normally configured using the http_proxy, https_proxy, and all_proxy
environment variables (see curl(1)). In addition to the syntax understood by curl, it is possible to
specify a proxy string with a user name but no password, in which case git will attempt to acquire
See gitcredentials(7) for more information.
The syntax thus is [protocol://][user[:password]@]proxyhost[:port]. This can be overridden on a
per-remote basis; see remote.<name>.proxy
http.<url>. *<url>.
Any of the http.* options above can be applied selectively to some URLs.
For a config key to match a URL, each element of the config key is compared to that of the URL, in the following order:
1. Scheme (e.g., https in https://
のマニュアルページにあります。
git-config マニュアルからの抜粋
http_proxy
ウィジェット
wget は環境変数を識別します。
https_proxy
,
ftp_proxy
,
no_proxy
と
Wget supports proxies for both HTTP and FTP retrievals. The standard way to specify proxy location,
which Wget recognizes, is using the following environment variables:
http_proxy
https_proxy
If set, the http_proxy and https_proxy variables should contain the URLs of the proxies for HTTP
and HTTPS connections respectively.
ftp_proxy
This variable should contain the URL of the proxy for FTP connections.
http_proxy and ftp_proxy are set to the same URL.
no_proxy
This variable should contain a comma-separated list of domain extensions proxy should not be used for.
For instance, if the value of no_proxy is .mit.edu, proxy will not be used to retrieve documents from MIT.
.
wgetマニュアル抜粋
wgetが認識する環境変数
--proxy-user=user
--proxy-password=password
Specify the username user and password password for authentication on a proxy server.
Wget will encode them using the "basic" authentication scheme.
--no-proxy
Don't use proxies, even if the appropriate *_proxy environment variable is defined.
wgetコマンドとプロキシに関連するオプション
http_proxy
apt-get
以下のドキュメントからの抜粋にあるように、apt-getは以下のものを認識します。
ftp_proxy
と
https_proxy
については言及されていませんが
THE ACQUIRE GROUP
The Acquire group of options controls the download of packages as well as the various "acquire methods"
responsible for the download itself (see also sources.list(5)).
http https
The options in these scopes configure APTs acquire transports for the protocols HTTP and HTTPS and
are documented in the apt-transport-http(1) and apt-transport-https(1) manpages respectively.
ftp
ftp::Proxy sets the default proxy to use for FTP URIs. It is in the standard form of
ftp://[[user][:pass]@]host[:port]/. Per host proxies can also be specified by using the form
ftp::Proxy::<host> with the special keyword DIRECT meaning to use no proxies. If no one of the
If no one of the above settings is specified, ftp_proxy environment variable will be used.
To use an FTP proxy you will have to set the ftp::ProxyLogin script in the configuration file.
This entry specifies the commands to send to tell the proxy server what to connect to.
/usr/share/doc/apt/examples/configure-index.gz for an example of how to do this.
variables representing the corresponding URI component are $(PROXY_USER), $(PROXY_PASS),
The substitution variables representing the corresponding URI component are $(PROXY_USER), $(PROXY_PASS), $(SITE_USER), $(SITE_PASS), $(SITE) and $(SITE_PORT).
The option timeout sets the timeout timer used by the method; this value applies to the connection
The option timeout sets the timeout timer used by the method; this value applies to the connection as well as the data timeout.
Several settings are provided to control passive mode.
However, some situations require that passive mode be disabled and port mode FTP used instead.
This can be done globally or for connections that go through a proxy or for a specific host.
This can be done globally or for connections that go through a proxy or for a specific host (see the sample config file for examples).
It is possible to proxy FTP over HTTP by setting the ftp_proxy environment variable to an HTTP URL
- See the discussion of the http method above for syntax.
You cannot set this in the configuration file and it is not recommended to use FTP over HTTP due to its low efficiency.
The setting ForceExtended controls the use of RFC2428 EPSV and EPRT commands,
The default is false, which means these commands are only used if the control connection is IPv6.
Note that most FTP servers do not support RFC2428.
.
抜粋
APT.CONF(5)抜粋
URI SPECIFICATION
The currently recognized URI types are:
http (apt-transport-http(1))
The http scheme specifies an HTTP server for an archive and is the most commonly used method.
URI can directly include login information if the archive requires it, but the use of
The method also supports SOCKS5 and HTTP(S) proxies either
configured via apt-specific configuration or specified by the environment variable http_proxy in
the format (assuming an HTTP proxy requiring authentication) http://user:pass@server:port/. The
authentication details for proxies can also be supplied via apt_auth.conf(5).
Note that these forms of authentication are insecure as the whole communication with the remote
server (or proxy) is not encrypted so a sufficiently capable attacker can observe and record login
The attacker can not modify the communication through as APTs
data security mod
SOURCES.LIST(5) 抜粋
~/.ssh/config
シュッ
sshは上記の環境変数を使用しないので、ssh接続でプロキシが必要な場合は、別途設定する必要があります。
-
コマンドラインによる選択
-
ユーザープロファイル経由
ProxyCommand /usr/bin/nc -X connect -x 127.0.0.1:8080 %h %p Host github.com User git ProxyCommand nc -X connect -x 127.0.0.1:10809 %h %p
の場合、ファイルの読み取りと書き込みのパーミッションは644である必要があります。/etc/ssh/ssh_config
-J [user@]host[:port] Connect to the target host by first making a ssh connection to the jump host and then establish- ing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified This is a shortcut to specify a ProxyJump configuration direc- tive. tive. -L [bind_address:]port:host:hostport -L [bind_address:]port:remote_socket -L local_socket:host:hostport -L local_socket:remote_socket Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be This works by allo- cating a socket to listen to either the local (client) host or the Unix socket on the remote side. cating a socket to listen to either a TCP port on the local side, optionally bound to the speci- This works by allo- cating a socket to listen to either a TCP port on the local side, optionally bound to the speci- fied bind_address, or to a Unix socket. Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either the host port hostport, or the Unix socket remote_socket, from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of "localhost" indicates that the listening port be bound for local use only, while an empty address or '*' indicates that the port should be available from all interfaces. -R [bind_address:]port:host:hostport -R [bind_address:]port:local_socket -R remote_socket:host:hostport -R remote_socket:local_socket -R [bind_address:]port Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side. This works by allocating a socket to listen to either a TCP port or to a Unix socket on the Whenever a connection is made to this port or Unix socket, the connection is for- Whenever a connection is made to this port or Unix socket, the connection is for- warded over the secure channel, and a connection is made from the local machine to either an explicit destination specified by host port hostport, or local_socket, or, if no explicit desti- nation was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destina- tions requested by the remote SOCKS client. Port forwardings can also be specified in the configuration file. Privileged ports can be for- warded only when logging in. Privileged ports can be for- warded only when logging in as root on the remote machine. IPv6 addresses can be specified by IPv6 addresses can be specified by enclosing the address in square brackets. By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address '*', An empty bind_address, or the address '*', indicates that the remote socket should listen on all interfaces. bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)). If the port argument is '0', the listen port will be dynamically allocated on the server and When used together with -O forward the allocated port will When used together with -O forward the allocated port will be printed to the standard output.
-
システム構成ファイルを通して
ssh(1) obtains configuration data from the following sources in the following order: 1. command-line options 2. user's configuration file (~/.ssh/config) 3. system-wide configuration file (/etc/ssh/ssh_config) For each parameter, the first obtained value will be used. The configuration files contain sections sep- arated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions). Since the first obtained value for each parameter is used, more host-specific declarations should be Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. The file contains keyword-argument pairs, one per line. Lines starting with '#' and empty lines are Arguments may optionally be enclosed in double quotes (") in order to represent Configuration options may be separated by whitespace or optional whitespace and exactly one '='; the latter format is useful to avoid the need to quote whitespace when specifying configuration options using the ssh, scp, and sftp -o option. The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): ProxyCommand Specifies the command to use to connect to the server. The command string extends to the end of The command string extends to the end of the line, and is executed using the user's shell 'exec' directive to avoid a lingering shell process. Arguments to ProxyCommand accept the tokens described in the TOKENS section. The command can be basically anything, and should read from its standard input and write to its standard output. It should eventually connect an sshd(8) server running on some machine, or execute sshd -i some-where. Host key management will be done using the HostName of the host being connected (default- ing to the name typed by the ing to the name typed by the user). Setting the command to none disables this option entirely. Note that CheckHostIP is not available for connects with a proxy command. This directive is useful in conjunction with nc(1) and its proxy support. For example, the fol-
.
マニュアルからの抜粋
SSH_CONFIG(5) の抜粋です。
-J [user@]host[:port]
Connect to the target host by first making a ssh connection to the jump host and then establish- ing a TCP forwarding to the ultimate destination from there.
Multiple jump hops may be specified
This is a shortcut to specify a ProxyJump configuration direc- tive.
tive.
-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be
This works by allo- cating a socket to listen to either the local (client) host or the Unix socket on the remote side.
cating a socket to listen to either a TCP port on the local side, optionally bound to the speci-
This works by allo- cating a socket to listen to either a TCP port on the local side, optionally bound to the speci- fied bind_address, or to a Unix socket.
Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either
Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either the host port hostport, or the Unix socket remote_socket, from the remote machine.
Port forwardings can also be specified in the configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets.
By default, the local port is bound in accordance with the GatewayPorts setting.
However, an explicit bind_address may be used to bind the connection to a specific address.
The bind_address of "localhost" indicates that the listening port be bound for local use only, while an empty
address or '*' indicates that the port should be available from all interfaces.
-R [bind_address:]port:host:hostport
-R [bind_address:]port:local_socket
-R remote_socket:host:hostport
-R remote_socket:local_socket
-R [bind_address:]port
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are
to be forwarded to the local side.
This works by allocating a socket to listen to either a TCP port or to a Unix socket on the
Whenever a connection is made to this port or Unix socket, the connection is for-
Whenever a connection is made to this port or Unix socket, the connection is for- warded over the secure channel, and a connection is made from the local machine to either an
explicit destination specified by host port hostport, or local_socket, or, if no explicit desti-
nation was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destina-
tions requested by the remote SOCKS client.
Port forwardings can also be specified in the configuration file. Privileged ports can be for- warded only when logging in.
Privileged ports can be for- warded only when logging in as root on the remote machine. IPv6 addresses can be specified by
IPv6 addresses can be specified by enclosing the address in square brackets.
By default, TCP listening sockets on the server will be bound to the loopback interface only.
This may be overridden by specifying a bind_address. An empty bind_address, or the address '*',
An empty bind_address, or the address '*', indicates that the remote socket should listen on all interfaces.
bind_address will only succeed if the server's GatewayPorts option is enabled (see
sshd_config(5)).
If the port argument is '0', the listen port will be dynamically allocated on the server and
When used together with -O forward the allocated port will
When used together with -O forward the allocated port will be printed to the standard output.
SSH_CONFIG(5) の抜粋です。
ssh(1) obtains configuration data from the following sources in the following order:
1. command-line options
2. user's configuration file (~/.ssh/config)
3. system-wide configuration file (/etc/ssh/ssh_config)
For each parameter, the first obtained value will be used.
The configuration files contain sections sep- arated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification.
The matched host name is usually the one given on the command line (see the
The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions).
Since the first obtained value for each parameter is used, more host-specific declarations should be
Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end.
The file contains keyword-argument pairs, one per line. Lines starting with '#' and empty lines are
Arguments may optionally be enclosed in double quotes (") in order to represent
Configuration options may be separated by whitespace or optional whitespace
and exactly one '='; the latter format is useful to avoid the need to quote whitespace when specifying
configuration options using the ssh, scp, and sftp -o option.
The possible keywords and their meanings are as follows (note that keywords are case-insensitive and
arguments are case-sensitive):
ProxyCommand
Specifies the command to use to connect to the server. The command string extends to the end of
The command string extends to the end of the line, and is executed using the user's shell 'exec' directive to avoid a lingering shell
process.
Arguments to ProxyCommand accept the tokens described in the TOKENS section.
The command can be basically anything, and should read from its standard input and write to its standard output.
It should eventually connect an sshd(8) server running on some machine, or execute sshd -i some-where.
Host key management will be done using the HostName of the host being connected (default- ing to the name typed by the
ing to the name typed by the user). Setting the command to none disables this option entirely.
Note that CheckHostIP is not available for connects with a proxy command.
This directive is useful in conjunction with nc(1) and its proxy support. For example, the fol-
関連
最新
-
nginxです。[emerg] 0.0.0.0:80 への bind() に失敗しました (98: アドレスは既に使用中です)
-
htmlページでギリシャ文字を使うには
-
ピュアhtml+cssでの要素読み込み効果
-
純粋なhtml + cssで五輪を実現するサンプルコード
-
ナビゲーションバー・ドロップダウンメニューのHTML+CSSサンプルコード
-
タイピング効果を実現するピュアhtml+css
-
htmlの選択ボックスのプレースホルダー作成に関する質問
-
html css3 伸縮しない 画像表示効果
-
トップナビゲーションバーメニュー作成用HTML+CSS
-
html+css 実装 サイバーパンク風ボタン
おすすめ
-
エラー解決:bash: nvm: コマンドが見つかりません。
-
Linuxワイヤレスドライバインストール履歴(rtl8192euドライバインストール、ブートからの立ち上げ)
-
linux 24, バックグラウンド処理 nohup コマンド
-
OpenSSL の Linux インストール: AttributeError: 'module' オブジェクトには 'SSL_ST_INIT' という属性がありません。
-
makeの問題解決。*** ターゲットが指定されておらず、makefileも見つかりません。
-
linuxのセグメンテーション障害
-
テキストファイルのビジー状態
-
ansibleのitemsとwith_itemsを理解する
-
中国標準のKirin OSのyumソースの構成
-
elasticsearchを解決する。例外 BindTransportException [9300-9400]へのバインドに失敗しました]。