Skip to content

Instantly share code, notes, and snippets.

@naderman
Last active December 5, 2022 23:52
Show Gist options
  • Save naderman/377e40c1c76e0fe8b905c1a333c4112a to your computer and use it in GitHub Desktop.
Save naderman/377e40c1c76e0fe8b905c1a333c4112a to your computer and use it in GitHub Desktop.
Composer HTTP Proxy Test
<?php
error_reporting(E_ERROR);
@ini_set('display_errors', 'Off');
echo "Unencrypted HTTP ";
check('http://packagist.org/packages.json', false);
echo "\nEncrypted HTTPS ";
check('https://packagist.org/packages.json', true);
echo "\n";
function check($url, $ssl) {
foreach (array(false, true) as $fulluri) {
$httpRes = file_get_contents($url, false, createContext($url, $ssl, $fulluri));
echo $fulluri ? 'FULL-' : 'PATH-';
echo strpos($httpRes, 'provider-includes') !== false ? 'OK ' : 'FAIL ';
}
}
function createContext($url, $ssl, $fulluri)
{
$options = array('http' => array(
));
if (PHP_SAPI === 'cli' && (!empty($_SERVER['HTTP_PROXY']) || !empty($_SERVER['http_proxy']))) {
$proxy = parse_url(!empty($_SERVER['http_proxy']) ? $_SERVER['http_proxy'] : $_SERVER['HTTP_PROXY']);
echo 'HTTP_PROXY ';
}
if (!empty($_SERVER['CGI_HTTP_PROXY'])) {
$proxy = parse_url($_SERVER['CGI_HTTP_PROXY']);
echo 'CGI_HTTP_PROXY ';
}
if (preg_match('{^https://}i', $url) && (!empty($_SERVER['HTTPS_PROXY']) || !empty($_SERVER['https_proxy']))) {
$proxy = parse_url(!empty($_SERVER['https_proxy']) ? $_SERVER['https_proxy'] : $_SERVER['HTTPS_PROXY']);
echo 'HTTPS_PROXY ';
}
if (!empty($_SERVER['NO_PROXY']) || !empty($_SERVER['no_proxy']) && parse_url($url, PHP_URL_HOST)) {
echo 'NO_PROXY ';
}
if (!empty($proxy)) {
$proxyURL = isset($proxy['scheme']) ? $proxy['scheme'] . '://' : '';
$proxyURL .= isset($proxy['host']) ? $proxy['host'] : '';
if (isset($proxy['port'])) {
$proxyURL .= ":" . $proxy['port'];
} elseif ('http://' == substr($proxyURL, 0, 7)) {
$proxyURL .= ":80";
} elseif ('https://' == substr($proxyURL, 0, 8)) {
$proxyURL .= ":443";
}
$proxyURL = str_replace(array('http://', 'https://'), array('tcp://', 'ssl://'), $proxyURL);
if (0 === strpos($proxyURL, 'ssl:') && !extension_loaded('openssl')) {
throw new \RuntimeException('You must enable the openssl extension to use a proxy over https');
}
$options['http']['proxy'] = $proxyURL;
$options['http']['request_fulluri'] = $fulluri;
if ('https' === parse_url($url, PHP_URL_SCHEME)) {
$options['ssl']['SNI_enabled'] = true;
if (PHP_VERSION_ID < 50600) {
$options['ssl']['SNI_server_name'] = parse_url($url, PHP_URL_HOST);
}
}
if (isset($proxy['user'])) {
$auth = urldecode($proxy['user']);
if (isset($proxy['pass'])) {
$auth .= ':' . urldecode($proxy['pass']);
}
$auth = base64_encode($auth);
$options['http']['header'] = array("Proxy-Authorization: Basic {$auth}");
}
}
$options['http']['header'][] = 'User-Agent: Proxy-Test';
uasort($options['http']['header'], function ($el) {
return preg_match('{^content-type}i', $el) ? 1 : -1;
});
return stream_context_create($options);
}
@delassiter
Copy link

delassiter commented Dec 12, 2018

at my customer, when using cntlm:

Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-FAIL HTTP_PROXY NO_PROXY FULL-OK 
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-FAIL HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-FAIL 

If I add a tinyproxy in front, and always configure it to add the Connection: keep-alive header, I get this result:

Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-OK HTTP_PROXY NO_PROXY FULL-OK 
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-OK

@tlay
Copy link

tlay commented Jun 14, 2019

On centos7.6.1810

I am trying to build a tool as a non-interactive user via sudo without success and it led me to this test. Most other build tools and components seem to grab my proxy settings or allow me to specify them via the direct command line as an option. I haven't cracked Composer though.

variables

$SUDO_WWW = sudo -H -u apache
$RUN_PHP = /usr/bin/scl enable rh-php72

With proxy set for normaluser in .bash_profile, .gitconfig, .curlrc

[normaluser@mybox somedir]$ $RUN_PHP "php proxy-test.php"
Unencrypted HTTP HTTP_PROXY PATH-OK HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-FAIL HTTP_PROXY HTTPS_PROXY FULL-FAIL

With proxy set for builduser in .gitconfig, .curlrc

[builduser@mybox somedir]$ $SUDO_WWW $RUN_PHP "php proxy-test.php"
[sudo] password for builduser:
Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-FAIL FULL-FAIL

@juank537
Copy link

Unencrypted HTTP PATH-FAIL FULL-FAIL Encrypted HTTPS PATH-FAIL FULL-FAIL

@juliocapuano
Copy link

Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-FAIL FULL-FAIL

@naderman
Copy link
Author

naderman commented Dec 5, 2019

@tlay never saw this, but if still relevant, as per your output the HTTP_PROXY/HTTPS_PROXY env vars are not actually set for builduser at all, so no way for Composer to use them.

@naderman
Copy link
Author

naderman commented Dec 5, 2019

@juank537 @juliocapuano you do not seem to have any HTTP_PROXY/HTTPS_PROXY environment variables set up, so no proxy can be used.

@AbhinavBajpai
Copy link

Unencrypted HTTP HTTP_PROXY PATH-FAIL HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY FULL-OK

@tlay
Copy link

tlay commented Jan 28, 2020 via email

@Hassancxpm
Copy link

Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-OK FULL-OK

@jegrandet
Copy link

For me only :
Unencrypted HTTP PATH-FAIL

@Ibrahim-krimi
Copy link

Unencrypted HTTP PATH-OK FULL-OK
Encrypted HTTPS PATH-FAIL FULL-FAIL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment