It is troublesome to change the settings between the intranet and business trip / at home, so I was a little happy when I set up a forward proxy locally with Apache2.

Since the proxy settings are different between the company firewall and the direct connection to the Internet when traveling or at home, set up a forward proxy locally with Apache2 and change it in one shot with the forward proxy settings. All proxy settings for each program set a local proxy. The environment I'm using is Ubuntu 20.10.

Apache2 settings

It is assumed that Apache2 is installed and running.

Enable module

Enable the module for proxy.

sudo a2enmod proxy proxy_http proxy_ftp proxy_ssl proxy_connect

Prepare your own config

Based on /etc/apache2/mods-available/proxy.conf, it was prepared in/ etc / apache2 / sites-available /.

Customize the port number, intranet proxy address (ProxyRemote setting), and direct access address (NoProxy setting) according to each environment. This time I set the port number to 8888.

/etc/apache2/sites-available/proxy.conf


<IfModule mod_proxy.c>
#Appropriate free port number
Listen 8888

#Match the Listen setting with the port number
<VirtualHost *:8888>
	# If you want to use apache2 as a forward proxy, uncomment the
	# 'ProxyRequests On' line and the <Proxy *> block below.
	# WARNING: Be careful to restrict access inside the <Proxy *> block.
	# Open proxy servers are dangerous both to your network and to the
	# Internet at large.
	#
	# If you only want to use apache2 as a reverse proxy/gateway in
	# front of some web application server, you DON'T need
	# 'ProxyRequests On'.

	ProxyRequests On
	SSLProxyEngine On
	#AllowCONNECT 443
	#CustomLog ${APACHE_LOG_DIR}/proxy.log combined

	<Proxy *>
	   AddDefaultCharset off
	   Require all denied
	   Require local
	</Proxy>

	# Enable/disable the handling of HTTP/1.1 "Via:" headers.
	# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
	# Set to one of: Off | On | Full | Block
	#ProxyVia Off

	# Comment out ProxyRemote if conecting to the Internet directly.
	#ProxyRemote * http://proxy.mycompany.com:8888
	#NoProxy 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 .mygroup.mycompany.com
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Only the ProxyRemote setting is independent as intranet.conf so that it can be easily switched. Set ProxyRemote as a proxy from within the company that throws all requests.

/etc/apache2/sites-available/intranet.conf


<IfModule mod_proxy.c>

	# Comment out ProxyRemote if conecting to the Internet directly.
	ProxyRemote * http://proxy.mycompany.com:8888
	NoProxy 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 .mygroup.mycompany.com

</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Restart apache

sudo a2ensite proxy intranet
sudo systemctrl restart apache2

Review of each setting

browser

From GNOME's "Settings"-> "Network"-> "Network Proxy", set the proxy to "Manual" and specify localhost and 8888 for HTTP / HTTPS / FTP, respectively.

Environment variable

Setting system-wide environment variables.

bash:/etc/profile.d/proxy.sh


#!/bin/bash

export HTTP_PROXY="http://localhost:8888"
export HTTPS_PROXY="http://localhost:8888"
export FTP_PROXY="http://localhost:8888"

apt

apt settings. 90 was decided appropriately.

config:/etc/apt/apt.conf.d/90proxy


// Configuration for Proxy
Acquire {
    ftp::proxy "http://localhost:8888/";
    http::proxy "http://localhost:8888/";
    https::proxy "http://localhost:8888/";
}

snapd

snapd settings.

sudo systemctl edit snapd

The editor will open, so save it with the following contents.

[Service]
Environment=http_proxy=http://localhost:8888
Environment=https_proxy=http://localhost:8888

Restart the snapd daemon.

sudo systemctl restart snapd

SSH (GitHub) settings

~/.ssh/config


#
# Configuration for SSH
# ~/.ssh/config
#
Host github.com
     User MyUserName
     HostName ssh.github.com
     Port 443
     ProxyCommand nc -X connect -x localhost:8888 %h %p

Other

If you need to set it, set it to <http: // localhost: 8888>. It may be Legacy, but it is troublesome to have a proxy setting for each program.

Switching between intranet and direct proxy

It's okay to write a simple script, but I don't switch very often and it's not a lot of work, so I decided to hit two commands.

Used on intranet

sudo a2ensite intranet
sudo systemctl reload apache2

Used with direct connection

sudo a2dissite intranet
sudo systemctrl reload apache2

Added on November 10, 2020

I made a simple script.

~/bin/proxy.sh


#!/bin/bash

# Enable/Disable ProxyPass

if [ $# -eq 0 ]; then
    a2query -s intranet
    exit
fi

case "${1}" in
    on)
        echo "intranet"
        a2ensite intranet > /dev/null
        ;;

    off)
        echo "the Internet"
        a2dissite intranet > /dev/null
        ;;

    *)
        echo "$0 [on|off]"
        exit
esac

systemctl reload apache2

How to use

Proxy enabled

sudo ~/bin/proxy.sh on

Proxy disabled

sudo ~/bin/proxy.sh off

Confirmation (sudo is not required for confirmation only)

~/bin/proxy.sh

Recommended Posts

It is troublesome to change the settings between the intranet and business trip / at home, so I was a little happy when I set up a forward proxy locally with Apache2.
I set up TensowFlow and was addicted to it, so make a note
In IPython, when I tried to see the value, it was a generator, so I came up with it when I was frustrated.
When it is troublesome to set up an SMTP server locally when sending mail with Python.
GCP's Cloud Shell Editor was clogged up with the Python development environment, so I managed to rebuild it in a vacant lot.
I managed to do it because the custom of attaching a zip with a password to an email and saying "I will send you the password separately" is troublesome.
When I tried to change the root password with ansible, I couldn't access it.