I'm having trouble installing Chocolatey packages from behind a corporate proxy. Internet Explorer is correctly configured but I'm having issues getting it to work through PowerShell.
I can use the Web-Client to download pages e.g. Microsoft.com, but ultimately Chocolatey fails to download packages with the prompt
"Please provide proxy credentials:"
which will not accept my domain login as being valid. Sometimes I just get the error
"Exception calling "DownloadFile" with "2" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
I have two machines - one of them can download the packages fine, and the other gives the errors above, but they both show Direct access (as below):
PS C:\Windows\system32> netsh winhttp import proxy source=ie
Current WinHTTP proxy settings:
Direct access (no proxy server).
PS C:\Windows\system32> netsh winhttp show proxy
Current WinHTTP proxy settings:
Direct access (no proxy server).
I'm not too sure what is happening here. Any suggestions?
Chocolatey has proxy instructions at https://github.com/chocolatey/choco/wiki/Proxy-Settings-for-Chocolatey and specifically the section on explicit proxy. Ensure you have the proper version of choco installed for that to work. If that is incorrect, we should fix the documentation/choco to make it correct.
For posterity:
Explicit Proxy Settings
Chocolatey has explicit proxy support starting with 0.9.9.9.
You can simply configure 1 or 3 settings and Chocolatey will use a
proxy server. proxy is required and is the location and port of the
proxy server. proxyUser and proxyPassword are optional. The values for
user/password are only used for credentials when both are present.
choco config set proxy <locationandport>
choco config set proxyUser <username>
choco config set proxyPassword <passwordThatGetsEncryptedInFile>
Example
Running the following commands in 0.9.9.9:
choco config set proxy http://localhost:8888
choco config set proxyUser bob
choco config set proxyPassword 123Sup#rSecur3
I had a similar issue except that Chocolately wouldn't install in the first place due to the corporate proxy.
Was able to resolve this based on this blog post...
2016-01-22, Duane Newman, Installing Chocolatey behind a corporate proxy (archived here)
...as follows:
Open an elevated command prompt (Windows key -> Type cmd -> right-click on "Command Prompt" and select "Run as Administrator").
Run the following command: #powershell -NoProfile -ExecutionPolicy Unrestricted -Command "[Net.WebRequest]::DefaultWebProxy.Credentials = [Net.CredentialCache]::DefaultCredentials; iex ((New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%systemdrive%\chocolatey\bin
This should install Chocolatey without any errors. To verify it has worked, close the command prompt and open another (so the path environment variable change is picked up) and then run the choco command - if all is OK it should now output the Chocolatey version and help text.
Further note for node.js: I did the above after installing Node.js with the option ticked to install the extra tools/requirements including Chocolatey. Was then able to continue the failed installation via Apps & features -> Node.js -> Modify. I then followed the instructions here to configure npm for the corporate proxy.
Related
Using the newman nodeJS CLI to run a collection of postman test I get the following error:
error: unable to get local issuer certificate
It is run as part of a Teamcity CI build using the following command:
newman run https://www.getpostman.com/collections/<COLLECTION-ID-HERE>
It is run on windows and we have a corporate proxy server (ZScaler).
How to I get newman to work?
Just add --insecure in front of collectionID i.e :
newman run https://www.getpostman.com/collections/?apiKey="your-Postman-Api-Key" --insecure
Also When triggering the execution using a json file, Just add --insecure So your command shall be :
newman run .postman_collection.json --insecure
The issue is that newman cannot find (or does not know about) the self signed SSL certificate used by the proxy server that is configured in the windows certificate store. The easiest way to make newman (and actually any recent nodeJS app) aware of the certificate is to use an environment variable:
on windows:
SET NODE_EXTRA_CA_CERTS=c:\some-folder\certificate.cer
on linux:
export NODE_EXTRA_CA_CERTS=/c/some-folder/certificate.cer
You may also need to set the proxy server url itself with the HTTP_PROXY=http://example.com:1234 env varirable as well.
Alternatively the environment variables can be added to that teamcity builds runtime environment using the build parameters feature of Teamcity
Note this is for Node.js 7.3.0 and above (and the LTS versions 6.10.0 and 4.8.0)
I am having an issue with calling the following command from cmd for installing PhoneGap:
npm install -g phonegap
The following error is returned:
Failed to connect to github.com port 443: Timed out
There are a fair amount of questions regarding this topic and they all seem to provide the same answer - make sure the proxy settings for git and nodejs are configured. I set up the node proxy settings like so:
npm config set proxy http://proxyname:8080
npm config set https-proxy http://proxyname:8080
And for git:
git config --global http.proxy http://proxyname:8080
git config --global https.proxy http://proxyname:8080
Both git config --list and npm config list confirm that these proxy settings are in place.
I have also allowed the programs through the fire wall by going to Windows Firewall -> Allow a program or feature through windows firewall. Then I selected the node.exe for Node.js and for git I selected git.exe.
I still however have the issue whereby it is failing to connect to Github. Is there anything else I am missing or forgetting to setup? Both Node.js and Git were installed for the first time for this task.
In addition to the above settings, it's possible that you're getting this error if some of the downloaded libraries declare their dependencies using the git:// protocol instead of https://. These dependencies then usually fail with the above error.
To fix this, you can run the following:
git config --global url."https://".insteadOf git://
This will add a configuration option to Git, asking Git to use https whenever a URL uses the git:// protocol.
This setting fixed many proxy issues for me.
You need to add proxy authentication to your command application. I assume you are working in windows, the following works for me (I don't need to add the proxy to either npm or git unless running git commands).
In your active command window you need either or both of these for each session including initial instalation adding devices or plugins and on first application build:
set https_proxy=http://username:password#proxy:port
set http_proxy=http://username:password#proxy:port
So mine looks like this:
set https_proxy=http://john.doe:1234#proxy.det.nsw.edu.au:8080
Ben
With git 2.8 (March 2016), you don't have to embed in clear text your password in the url.
See commit 372370f, commit ef97639 (26 Jan 2016) by Knut Franke (``).
Helped-by: Junio C Hamano (gitster), Eric Sunshine (sunshinebell28), and Elia Pinto (devzero2000).
(Merged by Junio C Hamano -- gitster -- in commit 30f302f, 03 Feb 2016)
http: use credential API to handle proxy authentication
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history).
Since proxy authentication often uses a domain user, credentials can be security sensitive; therefore, a safer way of passing credentials is desirable.
If the configured proxy contains a username but not a password, query the
credential API for one. Also, make sure we approve/reject proxy credentials
properly.
So:
In addition to the syntax understood by curl, it is possible to specify a proxy string with a user name but no password, in which case git will attempt to acquire one in the same way it does for other credentials.
See gitcredentials for more information.
The syntax thus is:
[protocol://][user[:password]#]proxyhost[:port]
This can be overridden on a per-remote basis; see remote.<name>.proxy.
http: allow selection of proxy authentication method
CURLAUTH_ANY does not work with proxies which answer unauthenticated requests with a 307 redirect to an error page instead of a 407 listing supported authentication methods.
Therefore, allow the authentication method to be set using the environment variable GIT_HTTP_PROXY_AUTHMETHOD or configuration variables http.proxyAuthmethod and remote.<name>.proxyAuthmethod (in analogy
to http.proxy and remote.<name>.proxy).
The following values are supported:
anyauth (default)
basic
digest
negotiate
ntlm
My Linux(redhat6) server has to use http proxy to connect to outside world. While it works for other things like wget, it doesn't work for cabal.
cabal update -v3
shows errors like this:
407 - proxy authentication required cabal: Failed to download
http://hackage.haskell.org/packages/archive/00-index.tar.gz :
ErrorMisc "Unsucessful HTTP code: 407"
I tried to change http_proxy environment variable to format like http:// user: passwd at proxy:port, but it doesn't work either.
The same problem has been asked here
But I'm not allowed use a proxy server like polipo, is there any other way to make cabal work behind a proxy?
You can use cntlm to talk to proxy. It will handle authentication issues. After configuring and installing cntlm, set up the new environmental variable by modifying http_proxy, https_proxy etc.
Your cabal command should work after that.
some detailed procedure here:
Download cntlm from here
It's a c program with no other dependencies so very easy to make, just follow the instructions in the downloaded package.
After installing cntlm, follow this answer from Colonel Panic. Obviously on linux you need to change cntlm.exe to ./cntlm, I named the configure file cntlm.conf
The default listen port for cntlm is 3124, if you can't use that port, change it to something else like 53124, then add this to your cntlm.conf or cntlm.ini file:
Listen 127.0.0.1:53124
Start cntlm in the background:
./cntlm -c cntlm.conf
Change your http_proxy environment variable to talk to the cntlm process rather than the real proxy.
export http_proxy=http:// 127.0.0.1:53124
That's it, cabal will work as good as ever.
You can also setup the http_proxy directly in the system setting:
http_proxy=http://username:password#hostname:port
I am trying to install bower
npm install -g bower
but am getting an authentication error from our proxy
...
npm http 407 http://registry.npmjs.org/bower
...
Error Code: 407 Proxy Authentication Required.
...
I am trying to get npm working behind a corprate proxy. I think our proxy is a little weird because the only way I was able to get maven downloading packages was to add wagon-http-lightweight.jar as a maven extension.
http://maven.apache.org/wagon/wagon-providers/wagon-http-lightweight/
I have tried all the regular things as described here:
Is there a way to make npm install (the command) to work behind proxy?
(I don't need to supply authentication details in my maven proxy settings).
npm config set registry http://registry.npmjs.org/
npm config set proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set https-proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set strict-ssl false
What else can I try?
Can try this....working for me.
Open IE (Chrome did not work for me).
Hit the URL http://registry.npmjs.org
it will download json output if successful.
Now go back to command prompt and try npm install.
I was able to get this working by installing a local proxy:
NPM behind NTLM proxy
Use fiddler http://www.telerik.com/fiddler
Install and run and that's it, everything will run as it is supposed to. I spent half a day cracking my head on this
Edit: I honestly have no idea if it was fiddler or something else I tried that fixed it (it is mostly the latter) but you should try setting registry, http-proxy, proxy and strict-ssl
When authentication is required for the HTTP proxy:
Fiddler can be configured to authenticate with the corporate HTTP proxy using NTLM or other protocols. Leave the existing auto authenticate options/rules defaults in place. Instead, go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.
I have the same issue.
The root cause is my password contains a special character '#', when I npm set config proxy, the character become '#' in .npmrc file, so I change my password to remove the special character and it's working fine.
If your password does not contains special characters, just use syntax command below, it will work.
npm config set strict-ssl=false
npm config set proxy http://<username>:<password>#<proxy-server-url>:<port>
npm config set https-proxy http://<username>:<password>#<proxy-server-url>:<port>
Thanks,
Is it possible to run npm install behind an HTTP proxy, which uses NTLM authentication? If yes, how can I set the server's address and port, the username, and the password?
I solved it this way (OS: Windows XP SP3):
1. Download CNTLM installer and run it.
2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it's never a good idea to store unencrypted passwords in text files.
Username YOUR_USERNAME
Domain YOUR_DOMAIN
Proxy YOUR_PROXY_IP:PORT
Listen 53128
3. Open console, and type these commands to generate password hashes.
> cd c:\the_install_directory_of_cntlm
> cntlm -H
Password: ...type proxy password here...
PassLM D6888AC8AE0EEE294D954420463215AE
PassNT 0E1FAED265D32EBBFB15F410D27994B2
PassNTLMv2 91E810C86B3FD1BD14342F945ED42CD6
4. Copy the above three lines into cntlm.ini, under the Domain field's line. Once more, do not fill in the Password field. Save cntlm.ini.
5. Open the Service Manager (from command line: services.msc), and start the service called "CNTLM Authentication Proxy".
6. In the console, type these lines:
> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry https://registry.npmjs.org
7. Now npm view, npm install etc. should work. Example:
> npm view qunit
...nice answer, no errors :)
CNTLM answer was working for me, but with connection errors make npm unusable. I've fixed them by adding this header in CNTML.
Header Connection: close
Another alternative is to use Px for Windows which talks NTLM on your behalf like Cntlm and NTLMAps without having to provide your credentials. It uses the logged in user's credentials via SSPI.
Rather than running CNTLM, you could instead try running Fiddler when you need to use npm. I've found this works in fairly locked down environments (e.g. investment banks). It's also a tool that is fairly easy to make a business case for (if you need to) since it's invaluable for checking/creating/altering HTTP traffic.
I've had to go this route before due to usage of smartpass authentication - i.e. we didn't actually have passwords. At those locations setting up CNTLM would have been impossible.
You can pass the settings as parameters:
npm --proxy=http://username:password#proxyserver:port --proxy-https=http://username:password#proxyserver:port --registry=http://registry.npmjs.org/ install whateveryouwanttoinstall
CNTLM didn't work for me. I tried all possible combinations. NPM was giving Authentication error. Fiddler came for rescue and saved my time. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these
registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false
It worked for me :)
Another Fiddler Option:
A second way to make Fiddler act as an HTTP proxy for NTLM and other protocols is to leave the auto authenticate options/rules defaults in place and go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.
Open your .npmrc file in C:\users\username\ folder using notepad
Add the below lines..
Replace domain, username, pwd, servername with your correct values
Try to install or get packages now
If trying from Vs2017, close and reopen VS IDE, then only it works
proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
https-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
http-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
strict-ssl=false
CNTLM worked for me as suggested by KOL. Thanks KOL for that. Just wanted to add that there are some oddities in individual proxies because of which the password may not be acceptable when using simple cntlm -H.
Use cntlm -I -M http://test.com and copy the below config after erasing older configs and you should be through.
The output is like
---------------------------------------------------
Auth NTLM
PassNT 8EE9B595A89F7D8774C2146FB302CBCF
PassLM 78901DA9889727EDE28EF9F2769485B9
----------------------------------------------------