FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS Development

 
 
LinkBack Thread Tools
 
Old 05-25-2011, 09:51 AM
 
Default Using https repository through proxy

Hi,
*
for various reasons I am trying to install a private repository for Centos 5, and I would like to use HTTPS only connections. The servers must access to this repository through a proxy.
*
In the .repo file I have configured :
baseurl=https://my.repository/pkg/stable/$basearch
*
The proxy is defined correctly.
*
yum fails with:
*
https://my.repository/pkg/stable/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 501: Not Implemented
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: Please verify its path and try again.
*
Using a fake proxy shows me that the request sent by yum is not correct (ie GET https://... Instead of a classical CONNECT request).
*
I have found (thanks google) that this bug is known, seems related to urllib2.py and httplib.py from python 2.4, but I can’t find a way to make it works.* The patches and the solution are quite old, and does not seems to apply (or I am doing something wrong).
*
Futhermore the bug is known from Redhat https://bugzilla.redhat.com/show_bug.cgi?id=208852 since a long time, and according bugzilla has been corrected in 2006 !
*
Well, I don’t know where to look at now, so help appreciated !
*
--
Julien Gilles.
*
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-25-2011, 12:33 PM
 
Default Using https repository through proxy

> for various reasons I am trying to install a private repository for
Centos 5,
> and I would like to use HTTPS only connections. The servers must
access to this
> repository through a proxy.

Well, I found the solution, but I am a little puzzled...

The proxy has to be defined using https:// instead of http://

Yum could suppose himself that proxy is HTTPS aware and could try to
connect the proxy using the CONNECT command instead of trying this
insane "GET https://..."

Hope this will help someone else facing the same problem a day !

--
Julien Gilles.


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-25-2011, 03:01 PM
Les Mikesell
 
Default Using https repository through proxy

On 5/25/2011 7:33 AM, Julien.GILLES@sungard.com wrote:
>> for various reasons I am trying to install a private repository for
> Centos 5,
>> and I would like to use HTTPS only connections. The servers must
> access to this
>> repository through a proxy.
>
> Well, I found the solution, but I am a little puzzled...
>
> The proxy has to be defined using https:// instead of http://
>
> Yum could suppose himself that proxy is HTTPS aware and could try to
> connect the proxy using the CONNECT command instead of trying this
> insane "GET https://..."
>
> Hope this will help someone else facing the same problem a day !

In a local setup you might be able to manage with ssh port-forwarding
over ssh to a squid running on the server holding your repo. That way
you can 'export http_proxy=http://localhost:local_port' and establish
the ssh connection before running yum and the network traffic to the
repository will be encrypted and only need port 22 open.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-25-2011, 06:05 PM
Ljubomir Ljubojevic
 
Default Using https repository through proxy

Les Mikesell wrote:
> On 5/25/2011 7:33 AM, Julien.GILLES@sungard.com wrote:
>>> for various reasons I am trying to install a private repository for
>> Centos 5,
>>> and I would like to use HTTPS only connections. The servers must
>> access to this
>>> repository through a proxy.
>> Well, I found the solution, but I am a little puzzled...
>>
>> The proxy has to be defined using https:// instead of http://
>>
>> Yum could suppose himself that proxy is HTTPS aware and could try to
>> connect the proxy using the CONNECT command instead of trying this
>> insane "GET https://..."
>>
>> Hope this will help someone else facing the same problem a day !
>
> In a local setup you might be able to manage with ssh port-forwarding
> over ssh to a squid running on the server holding your repo. That way
> you can 'export http_proxy=http://localhost:local_port' and establish
> the ssh connection before running yum and the network traffic to the
> repository will be encrypted and only need port 22 open.
>
Vary nice solution Les.
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-25-2011, 06:33 PM
Les Mikesell
 
Default Using https repository through proxy

On 5/25/2011 1:05 PM, Ljubomir Ljubojevic wrote:
>
>> In a local setup you might be able to manage with ssh port-forwarding
>> over ssh to a squid running on the server holding your repo. That way
>> you can 'export http_proxy=http://localhost:local_port' and establish
>> the ssh connection before running yum and the network traffic to the
>> repository will be encrypted and only need port 22 open.
>>
> Vary nice solution Les.

I use it regularly myself without a local repo for machines that
(intentionally) don't have direct access to the internet or our caching
proxies where I point yum anytime there are enough machines to overcome
its tendency to pull a copy from every mirror. You also need to 'export
ftp_proxy=http://...' for the generic case where the mirrors will
include ftp urls (squid handles them equally well).

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-25-2011, 06:46 PM
Ljubomir Ljubojevic
 
Default Using https repository through proxy

Les Mikesell wrote:
> On 5/25/2011 1:05 PM, Ljubomir Ljubojevic wrote:
>>> In a local setup you might be able to manage with ssh port-forwarding
>>> over ssh to a squid running on the server holding your repo. That way
>>> you can 'export http_proxy=http://localhost:local_port' and establish
>>> the ssh connection before running yum and the network traffic to the
>>> repository will be encrypted and only need port 22 open.
>>>
>> Vary nice solution Les.
>
> I use it regularly myself without a local repo for machines that
> (intentionally) don't have direct access to the internet or our caching
> proxies where I point yum anytime there are enough machines to overcome
> its tendency to pull a copy from every mirror. You also need to 'export
> ftp_proxy=http://...' for the generic case where the mirrors will
> include ftp urls (squid handles them equally well).
>

I have my own repo with all mayor repositories stored, and repo for some
of packages recompiled by me. Both are visible from internet, but I am
thinking of hiding that part with mirrored repos, so my server and
bandwidth are not pound upon, but at the same time can access those
repositories from arround the internet for systems i maintain.

But I just thought of having ssh account would allow people to run
commands on my server. Hmm.

Ljubomir


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-25-2011, 06:58 PM
Alan Bartlett
 
Default Using https repository through proxy

Just a reminder to anyone thinking of adding to this thread -- this is
the CentOS-devel mailing list, for issues with the development of the
CentOS Project.

The general, main, CentOS m/l should have been used by this thread's
OP. If this thread needs to continue, please continue it there.

Thanks.

Alan.
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 05-26-2011, 07:45 AM
 
Default Using https repository through proxy

> -----Message d'origine-----
> De*: centos-devel-bounces@centos.org [mailto:centos-devel-
> bounces@centos.org] De la part de Alan Bartlett
> Envoy*: mercredi 25 mai 2011 20:58
> *: The CentOS developers mailing list.
> Objet*: Re: [CentOS-devel] Using https repository through proxy
>
> Just a reminder to anyone thinking of adding to this thread -- this is
> the CentOS-devel mailing list, for issues with the development of the
> CentOS Project.
>
> The general, main, CentOS m/l should have been used by this thread's
> OP. If this thread needs to continue, please continue it there.

Yes, my first question was about the management of https proxy by yum, and
the fact that the bug seems to be known and to be resolved on Redhat, but it
still does not work on CentOS ; of course workarounds (mirroring, tunnels,...)
are always possible, but I wonder if the developers are aware of it and if I
need to open a new bug for that. It is still present in CentOS 6 ?

--
Julien Gilles.

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 

Thread Tools




All times are GMT. The time now is 11:26 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org