User Tools

Site Tools


nix:proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
nix:proxy [2016/06/03 11:00]
kauffman created
nix:proxy [2021/01/19 09:52] (current)
kauffman [SOCKS]
Line 1: Line 1:
 ====== Proxy ====== ====== Proxy ======
 Sometimes you will be on a machine without access to the internet and you need to get a file downloaded. You could first download the file somewhere else and then transfer it to the machine on the private network. This get tedious... hence the reason for this article. Sometimes you will be on a machine without access to the internet and you need to get a file downloaded. You could first download the file somewhere else and then transfer it to the machine on the private network. This get tedious... hence the reason for this article.
 +
 +Some notes before we begin:
 +  - Anywhere CS infrastructure is specified it may be possible to substitute any similar UNIX host.
 +  - I assume you use the '​bash'​ shell.
 +
 +===== Initial setup =====
 +If you have not done so already you will need to setup [[techstaff:​remote_access#​passwordless_authentication | passwordless authentication]] to the server you wish to connect to.
  
  
 ====== SOCKS ===== ====== SOCKS =====
-Read up on SOCKS proxies ​here: https://en.wikipedia.org/wiki/SOCKS+[[https://​en.wikipedia.org/​wiki/​SOCKS|Read up on SOCKS proxies]] 
 + 
 +Where the port number is set to '​20000',​ you can set this to any number between 1025-65535. You may find you will actually need to change this number if some other process is already using that port. 
 + 
 +Now we can create a SOCKS proxy without a password: 
 +<​code>​ 
 +user@computer:​~$ ssh -f -C -q -N -D20000 user@linux.cs.uchicago.edu 
 +</​code>​ 
 + 
 +Notice how the ssh session is now running in the background:​ 
 +<​code>​ 
 +user@computer:​~$ ps aux | grep linux1 
 +user 11995  0.0  0.0  58240  1016 ?        Ss   ​11:​04 ​  0:00 ssh -f -C -q -N -D20000 user@linux 
 +user 11997  0.0  0.0  11740   916 pts/2    S+   ​11:​04 ​  0:00 grep linux 
 +</​code>​ 
 + 
 +Set the ''​%%ALL_PROXY%%''​ environment variable: 
 +<​code>​ 
 +user@computer:​~$ export ALL_PROXY='​socks5://​127.0.0.1:​20000'​ 
 +</​code>​ 
 + 
 +Any tool that respects this environment variable will tunnel its traffic through the proxy we just setup. 
 +<​code>​ 
 +user@computer:~$ git clone https://github.com/foo/bar.git 
 +Cloning into '​bar'​... 
 +remote: Counting objects: 120662, done. 
 +remote: Compressing objects: 100% (48/48), done. 
 +remote: Total 120662 (delta 23), reused 0 (delta 0), pack-reused 120608 
 +Receiving objects: 100% (120662/120662), 36.26 MiB | 5.24 MiB/s, done. 
 +Resolving deltas: 100% (74544/​74544),​ done. 
 +Checking connectivity... done. 
 +Checking out files: 100% (1456/​1456),​ done. 
 +</​code>​ 
 +==== Automatically setup a SOCKS proxy ==== 
 +Now to make it automatic on login. 
 +Add the following to ~/.profile or ~/​.bash_profile 
 +Remove the '​echo'​ commands if you wish. 
 + 
 +<​code>​ 
 +if [[ $(nc -z 127.0.0.1 20000; echo $?) -eq 0 ]]; then 
 +  echo 'proxy already running'​ 
 +else 
 +  echo '​setting up proxy'​ 
 +  ssh -f -C -q -N -D20000 user@linux.cs.uchicago.edu 
 +  export ALL_PROXY='​socks5://​127.0.0.1:​20000'​ 
 +fi 
 +</​code>​ 
 + 
 +===== Git ===== 
 +First you will need to setup [[techstaff:​remote_access#​passwordless_authentication | passwordless authentication]]. ​  
 + 
 +Add the following to your ''​%%~/​.ssh/​config%%''​ file: 
 +  * Replace ''​%%CNETID%%''​ with your actual CnetID. 
 +  * Replace ''​%%id_rsa%%''​ with the private key you use to ssh to '​linux.cs.uchicago.edu'​ without a password. 
 + 
 +<​code>​ 
 +Host github.com 
 +  User CNETID 
 +  ProxyCommand ssh -i ~/​.ssh/​id_rsa CNETID@linux.cs.uchicago.edu nc %h %p 
 +  IdentityFile ~/​.ssh/​id_rsa 
 +</​code>​ 
 + 
 + 
 +===== HTTP(S)===== 
 +You can also use our HTTP proxy server. 
 + 
 +==== Setup ==== 
 +In the shell type the following:​ 
 +<​code>​ 
 +export http_proxy=http://​webproxy.cs.uchicago.edu:​3128 
 +export https_proxy=https://​webproxy.cs.uchicago.edu:​3128 
 +</​code>​ 
 + 
 + 
 +===== SSH Port Forwarding ===== 
 +This has many uses, but one use case we see a lot is to proxy a database connection. 
 + 
 +You can also do some port forwarding magic with ssh. This is known to work on macOS and Linux based OS'​s. 
 + 
 +The following command will open an ssh session to one of the linux machines. Once you've signed in, you can minimize this terminal window. Port 5432 on your local machine has been forwarded through the SSH connection to port 5432 on $dbserver. 
 + 
 +<​code>​ 
 +user@mymachine:​~$ ssh -L 5432:​$dbserver:​5432 <​cnetid>​@linux.cs.uchicago.edu 
 +</​code>​ 
 + 
 +Now by connecting to localhost:​5432 we are actually connecting to the remote server. We can omit '-p 5432' because it is the default. e.g. ''​%%user@mymachine:​~$ psql -p 5432 -h localhost -U <​username>​ <​database-name>​%%''​ 
 + 
 +<​code>​ 
 +user@mymachine:​~$ psql -h localhost -U $username $dbname 
 +</​code>​ 
 + 
 +====== SSHFS ====== 
 + 
 +  * [[https://​www.digitalocean.com/​community/​tutorials/​how-to-use-sshfs-to-mount-remote-file-systems-over-ssh| Community tutorial]]
  
-==== Initial setup ==== +This tutorial assumes mac or linux. See the community tutorial if you wish to use windows.
-If you have not done so already you will need to setup [[techstaff:​remote_access#​passwordless_authentication | passwordless authentication]] to the server ​you wish to connect to. For this example I will be using CS infrastructure,​ but you can use any UNIX server that has internet access and runs SSH.+
  
 +==== Install SSHFS ====
 +Debian/​Ubuntu
 +<​code>​
 +apt-get install sshfs
 +</​code>​
  
 +MacOS:
 +Download and install both packages from this site: https://​osxfuse.github.io/​
  
 +==== Create Local directory ====
 +Create a directory on your local machine to which you wish to mount your CS home directory to.
 +<​code>​
 +mkdir $HOME/​cshome
 +</​code>​
  
 +==== Mount ====
 +<​code>​
 +sshfs -o idmap=user,​reconnect,​allow_other,​default_permissions cnet@linux?​.cs.uchicago.edu:/​home/​cnet/​ $HOME/​cshome/​
 +</​code>​
  
  
/var/lib/dokuwiki/data/attic/nix/proxy.1464969621.txt.gz · Last modified: 2016/06/03 11:00 by kauffman