Skip to content

Instantly share code, notes, and snippets.

@smoser

smoser/README.md

Last active Jul 23, 2020
Embed
What would you like to do?
proxy setup using tiny proxy

proxy setup using tiny proxy and proxy command

set up tinyproxy and /etc/environment for system wide proxy.

By default, this only reports how you can set this up. No changes to the system will be made unless the first argument is 'update' or UPDATE=1 is found in the environment.

No root access is required for dry-run.

The values configured at the top of the script are for an internal cloud I have access to. They should be easily modifyable to your liking. Once set up, all new shells should receive 'http_proxy' and 'https_proxy' in their environment, and then "just work" to send all requests through the local proxy.

If you need to add or remove 'no_upstream' entries to tinyproxy config you can do so later, and then just restart tinyproxy. There is then no need to re-set environment variables for existing programs, the changes will just be immediate.

This script can generally be executed via curl | bash to set a system to configure tiny proxy.

proxy command

The proxy command is included here just to give it a place to live.

It's usage is not really needed with tinyproxy configuration as described.

But if you do not use tinyproxy as above, then you can just enable / disable use of a proxy with:

  • proxy <command> run command with http_proxy and friends configured
  • proxy -n <command> unset proxy environment variables and run command

If is not given, then a shell is invoked.

#!/bin/sh
# change these to your liking.
p=http://your.proxy:8080
np=".your.internal,localhost,127.0.0.1"
if [ "$1" = "-h" -o "$1" = "--help" ]; then
cat <<EOF
${0##*/} [-n] [command [args ...]]
Set proxy environment variables and execute command.
If command is not provided, it will be set to SHELL or /bin/bash.
If command is 'show', then settings are shown.
If the command name is 'noproxy', then you -n behavior is used.
options:
-n unset rather than set proxy environment variables.
EOF
exit 0
fi
if [ "$1" = "show" ]; then
echo "http_proxy=\"$p"\" https_proxy="\"$p\"" ftp_proxy="\"$p\"" no_proxy="\"$np\""
exit
fi
if [ "$1" = "-n" -o "${0##*/}" = "noproxy" ]; then
[ "$1" = "-n" ] && shift
unset http_proxy https_proxy ftp_proxy no_proxy
[ $# -eq 0 ] &&
echo "unsetting proxy vars executing shell" 1>&2
else
[ $# -eq 0 ] &&
echo "setting proxy to $p. noproxy to \"$np\". executing shell" 1>&2
export http_proxy="$p" https_proxy="$p" ftp_proxy="$p" no_proxy="$np"
fi
[ $# -eq 0 ] && set -- "${SHELL:-/bin/bash}"
exec "$@"
#!/bin/bash
# curl https://gist.githubusercontent.com/smoser/de5ce0d3eecdfa742184081f51788c30/raw/sstack-proxy -O - | sudo UPDATE=1 bash
#
upstream="squid.internal:3128"
no_upstreams=( .ubuntu.com .launchpad.net 127.0.0.0/8 )
# no_proxies go into default 'no_proxy' environment variable
no_proxies="localhost,127.0.0.1,127.0.1.1"
no_proxies="${no_proxies:+${no_proxies},}ubuntu.com,launchpad.net,maas.io"
myaddr=$(ifconfig eth0 | awk '$1 == "inet" { sub(/addr:/, "", $2); print $2; }')
# turn W.X.Y.Z into W.X.0.0/16
myrange="${myaddr%.*}"
myrange="${myrange%.*}.0.0/16"
TINYPROXY_CONF=${TINYPROXY_CONF:-/etc/tinyproxy.conf}
ETC_ENVIRONMENT=${ETC_ENVIRONMENT:-/etc/environment}
TINYPROXY_URL="http://127.0.0.1:8888/"
MYNAME="sstack_local"
no_upstreams=( "${no_upstreams[@]}" $myrange )
no_proxies="${no_proxies:+${no_proxies},}${myaddr}"
[ "$1" = "update" -o "${UPDATE:-0}" != "0" ] && update=true || update=false
Usage() {
cat <<EOF
${0##*/} [update]
set up tinyproxy and /etc/environment for system wide proxy.
By default, this only reports how you can set this up. No changes
to the system will be made unless the first argument is 'update'
or UPDATE=1 is found in the environment.
No root access is required for dry-run.
The values configured at the top of the script are for an internal
cloud I have access to. They should be easily modifyable to your liking.
Once set up, all new shells should receive 'http_proxy' and 'https_proxy'
in their environment, and then "just work" to send all requests
through the local proxy.
If you need to add or remove 'no_upstream' entries to tinyproxy config
you can do so later, and then just restart tinyproxy. There is then no need
to re-set environment variables for existing programs, the changes
will just be immediate.
EOF
}
error() { echo "$@" 1>&2; }
write_tinyproxy_conf() {
local upstream="$1"
shift
echo "# begin $MYNAME"
echo "upstream $upstream"
for i in "$@"; do echo "no upstream \"$i\""; done
echo "no upstream \"169.254.169.254\""
[ -n "$myaddr" ] && echo "no upstream \"$myaddr\""
echo "# end $MYNAME"
}
write_environment() {
local no_proxy="$1"
echo "# begin $MYNAME"
echo "http_proxy=http://127.0.0.1:8888/"
echo "https_proxy=http://127.0.0.1:8888/"
[ -n "$no_proxy" ] && echo "no_proxy=$no_proxy"
echo "# end $MYNAME"
}
set_output() {
local targ="$2" bk=""
bk="$targ.dist"
if ! "$1"; then
echo "### append to $2"
exec 3>&1; return
fi
if [ -f "$targ" ]; then
cp "$targ" "$bk" || { error "failed backup of $targ"; return 1; }
error "backed up $targ to $bk"
fi
[ ! -f "$targ" ] || sed -i "/# begin $MYNAME/,/# end $MYNAME/d" "$targ" ||
{ error "failed removing entries from $targ"; return 1; }
exec 3>>"$targ" || { error "failed opening $targ for append"; return 1; }
}
[ "$1" = "--help" -o "$1" = "-h" ] && { Usage; exit 0; }
if $update && [ ! "$(id -u)" = "0" ]; then
error "must be root for update"
exit 1
fi
if ! which tinyproxy >/dev/null 2>&1; then
if $update; then
which eatmydata >/dev/null 2>&1 && emd="eatmydata" || emd=""
DEBIAN_FRONTEND=noninteractive $emd apt-get install \
--assume-yes --quiet tinyproxy </dev/null || exit
else
echo "## apt-get install --assume-yes --quiet tinyproxy"
fi
fi
set_output "$update" "${TINYPROXY_CONF}" || exit
write_tinyproxy_conf "$upstream" "${no_upstreams[@]}" 1>&3 || exit
if $update; then
service tinyproxy restart
else
echo "## service restart tinyproxy"
fi
set_output "$update" "${ETC_ENVIRONMENT}"
write_environment "$no_proxies" 1>&3 || exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment