ホーム
Qt

Ubuntu 20.04 プロキシ設定

2022-02-20 18:51:39

ネットワークの問題で、コマンドラインからプロキシを設定する必要がある場合があります。Ubuntuでは、ネットワークを必要とする一般的なコマンドは以下の通りです。 curl , git , apt-get , wget などがあります。これらのコマンドはすべて、環境変数にあるプロキシ設定にアクセスするものです。

カール

に加えて、以下の環境変数が必要です。 proxy はどのような場合でも許可されますが、小文字が好ましいとされています。環境変数を使って -x の効果やオプションは --proxy , http_proxy [protocol://]<host>[:port] も同じ効果を持ちます。

HTTP を設定します。 proxy のプロトコルを指定します。 HTTPS_PROXY [protocol://]<host>[:port] .

HTTPS セット proxy のプロトコルを使用します。 [url-protocol]_PROXY [protocol://]<host>[:port] .

[url-protocal] について proxy を設定します。 url-protocol というように curl は FTP などのサポートされたプロトコルがあります。 FTPS , POP3 , IMAP , SMTP , LDAP , ALL_PROXY [protocol://]<host>[:port] などです。

proxy を明示的に設定しないため proxy のプロトコル設定 NO_PROXY <comma-separated list of hosts> .

`*` プロキシを行わないホストのリスト(カンマ区切りで指定)。にのみ設定されている場合は http.proxy の場合、すべてのホストにマッチします。

- を翻訳したものです。 Curlマニュアル、バージョン7.58.0 .

ギット

git-config のマニュアルを見ればわかるように、git は curl と同じように環境変数で定義されたプロキシを使うこともできますし、またそのプロキシを使うために https.proxy で設定することもできます。 http.proxy オプションで指定します。 [protocol://][user[:password]@]proxyhost[:port] は、以下のような形式で設定されます。

https

この設定は、環境変数の設定より優先されます。

上記の設定は url プロトコルの ssh を介して渡される場合は有効です。 ssh 対応するライブラリにアクセスするために ~/.ssh/config を使用してプロキシを設定します。例えば、プロキシを設定するために、ファイル Host github.com User git ProxyCommand nc -X connect -x 127.0.0.1:10809 %h %p (このファイルの読み取り/書き込み権限は644である必要があります)

-X connect

こちら http は、プロキシが git プロキシを使用します。

もし ssh は github とプロキシ経由のアクセス http は、次のように設定することができます。 socks5 プロキシです。もし、それが -X connect プロキシを削除してください。 nc を、他のプロトコルについては core.gitProxy A "proxy command" to execute (as command host port) instead of establishing direct connection to If the variable value is in the "COMMAND for DOMAIN" format, the command is applied only on hostnames ending with the specified This variable may be set multiple times and is matched in the given order; the This variable may be set multiple times and is matched in the given order; the first match wins. Can be overridden by the GIT_PROXY_COMMAND environment variable (which always applies universally, can be overridden by the GIT_PROXY_COMMAND environment variable (which always applies universally, without the special "for" handling). The special string none can be used as the proxy command to specify that no proxy be used for a This is useful for excluding servers inside a firewall from proxy use, while This is useful for excluding servers inside a firewall from proxy use, while defaulting to a common proxy for external domains. http.proxy Override the HTTP proxy, normally configured using the http_proxy, https_proxy, and all_proxy environment variables (see curl(1)). In addition to the syntax understood by curl, it is possible to specify a proxy string with a user name but no password, in which case git will attempt to acquire See gitcredentials(7) for more information. The syntax thus is [protocol://][user[:password]@]proxyhost[:port]. This can be overridden on a per-remote basis; see remote.<name>.proxy http.<url>. *<url>. Any of the http.* options above can be applied selectively to some URLs. For a config key to match a URL, each element of the config key is compared to that of the URL, in the following order: 1. Scheme (e.g., https in https:// のマニュアルページにあります。

git-config マニュアルからの抜粋

http_proxy

ウィジェット

wget は環境変数を識別します。 https_proxy , ftp_proxy , no_proxy と Wget supports proxies for both HTTP and FTP retrievals. The standard way to specify proxy location, which Wget recognizes, is using the following environment variables: http_proxy https_proxy If set, the http_proxy and https_proxy variables should contain the URLs of the proxies for HTTP and HTTPS connections respectively. ftp_proxy This variable should contain the URL of the proxy for FTP connections. http_proxy and ftp_proxy are set to the same URL. no_proxy This variable should contain a comma-separated list of domain extensions proxy should not be used for. For instance, if the value of no_proxy is .mit.edu, proxy will not be used to retrieve documents from MIT. .

wgetマニュアル抜粋

wgetが認識する環境変数

--proxy-user=user
--proxy-password=password
    Specify the username user and password password for authentication on a proxy server.  
    Wget will encode them using the "basic" authentication scheme.
--no-proxy
    Don't use proxies, even if the appropriate *_proxy environment variable is defined.

wgetコマンドとプロキシに関連するオプション

http_proxy

apt-get

以下のドキュメントからの抜粋にあるように、apt-getは以下のものを認識します。 ftp_proxy と https_proxy については言及されていませんが THE ACQUIRE GROUP The Acquire group of options controls the download of packages as well as the various "acquire methods" responsible for the download itself (see also sources.list(5)). http https The options in these scopes configure APTs acquire transports for the protocols HTTP and HTTPS and are documented in the apt-transport-http(1) and apt-transport-https(1) manpages respectively. ftp ftp::Proxy sets the default proxy to use for FTP URIs. It is in the standard form of ftp://[[user][:pass]@]host[:port]/. Per host proxies can also be specified by using the form ftp::Proxy::<host> with the special keyword DIRECT meaning to use no proxies. If no one of the If no one of the above settings is specified, ftp_proxy environment variable will be used. To use an FTP proxy you will have to set the ftp::ProxyLogin script in the configuration file. This entry specifies the commands to send to tell the proxy server what to connect to. /usr/share/doc/apt/examples/configure-index.gz for an example of how to do this. variables representing the corresponding URI component are $(PROXY_USER), $(PROXY_PASS), The substitution variables representing the corresponding URI component are $(PROXY_USER), $(PROXY_PASS), $(SITE_USER), $(SITE_PASS), $(SITE) and $(SITE_PORT). The option timeout sets the timeout timer used by the method; this value applies to the connection The option timeout sets the timeout timer used by the method; this value applies to the connection as well as the data timeout. Several settings are provided to control passive mode. However, some situations require that passive mode be disabled and port mode FTP used instead. This can be done globally or for connections that go through a proxy or for a specific host. This can be done globally or for connections that go through a proxy or for a specific host (see the sample config file for examples). It is possible to proxy FTP over HTTP by setting the ftp_proxy environment variable to an HTTP URL - See the discussion of the http method above for syntax. You cannot set this in the configuration file and it is not recommended to use FTP over HTTP due to its low efficiency. The setting ForceExtended controls the use of RFC2428 EPSV and EPRT commands, The default is false, which means these commands are only used if the control connection is IPv6. Note that most FTP servers do not support RFC2428. .

抜粋

APT.CONF(5)抜粋

URI SPECIFICATION
   The currently recognized URI types are:

   http (apt-transport-http(1))
       The http scheme specifies an HTTP server for an archive and is the most commonly used method.
       URI can directly include login information if the archive requires it, but the use of
       The method also supports SOCKS5 and HTTP(S) proxies either
       configured via apt-specific configuration or specified by the environment variable http_proxy in
       the format (assuming an HTTP proxy requiring authentication) http://user:pass@server:port/. The
       authentication details for proxies can also be supplied via apt_auth.conf(5).

       Note that these forms of authentication are insecure as the whole communication with the remote
       server (or proxy) is not encrypted so a sufficiently capable attacker can observe and record login
       The attacker can not modify the communication through as APTs
       data security mod

SOURCES.LIST(5) 抜粋

~/.ssh/config

シュッ

sshは上記の環境変数を使用しないので、ssh接続でプロキシが必要な場合は、別途設定する必要があります。

コマンドラインによる選択

ユーザープロファイル経由 ProxyCommand /usr/bin/nc -X connect -x 127.0.0.1:8080 %h %p Host github.com User git ProxyCommand nc -X connect -x 127.0.0.1:10809 %h %p の場合、ファイルの読み取りと書き込みのパーミッションは644である必要があります。

/etc/ssh/ssh_config

-J [user@]host[:port]
        Connect to the target host by first making a ssh connection to the jump host and then establish- ing a TCP forwarding to the ultimate destination from there.
        Multiple jump hops may be specified
        This is a shortcut to specify a ProxyJump configuration direc- tive.
        tive.

-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
        Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be
        This works by allo- cating a socket to listen to either the local (client) host or the Unix socket on the remote side.
        cating a socket to listen to either a TCP port on the local side, optionally bound to the speci-
        This works by allo- cating a socket to listen to either a TCP port on the local side, optionally bound to the speci- fied bind_address, or to a Unix socket.
        Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either
        Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either the host port hostport, or the Unix socket remote_socket, from the remote machine.

        Port forwardings can also be specified in the configuration file.
        IPv6 addresses can be specified by enclosing the address in square brackets.

        By default, the local port is bound in accordance with the GatewayPorts setting.
        However, an explicit bind_address may be used to bind the connection to a specific address.
        The bind_address of "localhost" indicates that the listening port be bound for local use only, while an empty
        address or '*' indicates that the port should be available from all interfaces.

 -R [bind_address:]port:host:hostport
 -R [bind_address:]port:local_socket
 -R remote_socket:host:hostport
 -R remote_socket:local_socket
 -R [bind_address:]port
         Specifies that connections to the given TCP port or Unix socket on the remote (server) host are
         to be forwarded to the local side.

         This works by allocating a socket to listen to either a TCP port or to a Unix socket on the
         Whenever a connection is made to this port or Unix socket, the connection is for-
         Whenever a connection is made to this port or Unix socket, the connection is for- warded over the secure channel, and a connection is made from the local machine to either an
         explicit destination specified by host port hostport, or local_socket, or, if no explicit desti-
         nation was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destina-
         tions requested by the remote SOCKS client.

         Port forwardings can also be specified in the configuration file. Privileged ports can be for- warded only when logging in.
         Privileged ports can be for- warded only when logging in as root on the remote machine. IPv6 addresses can be specified by
         IPv6 addresses can be specified by enclosing the address in square brackets.

         By default, TCP listening sockets on the server will be bound to the loopback interface only.
         This may be overridden by specifying a bind_address. An empty bind_address, or the address '*',
         An empty bind_address, or the address '*', indicates that the remote socket should listen on all interfaces.
         bind_address will only succeed if the server's GatewayPorts option is enabled (see
         sshd_config(5)).

         If the port argument is '0', the listen port will be dynamically allocated on the server and
         When used together with -O forward the allocated port will
         When used together with -O forward the allocated port will be printed to the standard output.

システム構成ファイルを通して ssh(1) obtains configuration data from the following sources in the following order: 1. command-line options 2. user's configuration file (~/.ssh/config) 3. system-wide configuration file (/etc/ssh/ssh_config) For each parameter, the first obtained value will be used. The configuration files contain sections sep- arated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions). Since the first obtained value for each parameter is used, more host-specific declarations should be Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. The file contains keyword-argument pairs, one per line. Lines starting with '#' and empty lines are Arguments may optionally be enclosed in double quotes (") in order to represent Configuration options may be separated by whitespace or optional whitespace and exactly one '='; the latter format is useful to avoid the need to quote whitespace when specifying configuration options using the ssh, scp, and sftp -o option. The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): ProxyCommand Specifies the command to use to connect to the server. The command string extends to the end of The command string extends to the end of the line, and is executed using the user's shell 'exec' directive to avoid a lingering shell process. Arguments to ProxyCommand accept the tokens described in the TOKENS section. The command can be basically anything, and should read from its standard input and write to its standard output. It should eventually connect an sshd(8) server running on some machine, or execute sshd -i some-where. Host key management will be done using the HostName of the host being connected (default- ing to the name typed by the ing to the name typed by the user). Setting the command to none disables this option entirely. Note that CheckHostIP is not available for connects with a proxy command. This directive is useful in conjunction with nc(1) and its proxy support. For example, the fol- .

マニュアルからの抜粋

SSH_CONFIG(5) の抜粋です。

-J [user@]host[:port]
        Connect to the target host by first making a ssh connection to the jump host and then establish- ing a TCP forwarding to the ultimate destination from there.
        Multiple jump hops may be specified
        This is a shortcut to specify a ProxyJump configuration direc- tive.
        tive.

-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
        Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be
        This works by allo- cating a socket to listen to either the local (client) host or the Unix socket on the remote side.
        cating a socket to listen to either a TCP port on the local side, optionally bound to the speci-
        This works by allo- cating a socket to listen to either a TCP port on the local side, optionally bound to the speci- fied bind_address, or to a Unix socket.
        Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either
        Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either the host port hostport, or the Unix socket remote_socket, from the remote machine.

        Port forwardings can also be specified in the configuration file.
        IPv6 addresses can be specified by enclosing the address in square brackets.

        By default, the local port is bound in accordance with the GatewayPorts setting.
        However, an explicit bind_address may be used to bind the connection to a specific address.
        The bind_address of "localhost" indicates that the listening port be bound for local use only, while an empty
        address or '*' indicates that the port should be available from all interfaces.

 -R [bind_address:]port:host:hostport
 -R [bind_address:]port:local_socket
 -R remote_socket:host:hostport
 -R remote_socket:local_socket
 -R [bind_address:]port
         Specifies that connections to the given TCP port or Unix socket on the remote (server) host are
         to be forwarded to the local side.

         This works by allocating a socket to listen to either a TCP port or to a Unix socket on the
         Whenever a connection is made to this port or Unix socket, the connection is for-
         Whenever a connection is made to this port or Unix socket, the connection is for- warded over the secure channel, and a connection is made from the local machine to either an
         explicit destination specified by host port hostport, or local_socket, or, if no explicit desti-
         nation was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destina-
         tions requested by the remote SOCKS client.

         Port forwardings can also be specified in the configuration file. Privileged ports can be for- warded only when logging in.
         Privileged ports can be for- warded only when logging in as root on the remote machine. IPv6 addresses can be specified by
         IPv6 addresses can be specified by enclosing the address in square brackets.

         By default, TCP listening sockets on the server will be bound to the loopback interface only.
         This may be overridden by specifying a bind_address. An empty bind_address, or the address '*',
         An empty bind_address, or the address '*', indicates that the remote socket should listen on all interfaces.
         bind_address will only succeed if the server's GatewayPorts option is enabled (see
         sshd_config(5)).

         If the port argument is '0', the listen port will be dynamically allocated on the server and
         When used together with -O forward the allocated port will
         When used together with -O forward the allocated port will be printed to the standard output.