Accessing Github behind corporate proxy Node.js - node.js

I am having an issue with calling the following command from cmd for installing PhoneGap:
npm install -g phonegap
The following error is returned:
Failed to connect to github.com port 443: Timed out
There are a fair amount of questions regarding this topic and they all seem to provide the same answer - make sure the proxy settings for git and nodejs are configured. I set up the node proxy settings like so:
npm config set proxy http://proxyname:8080
npm config set https-proxy http://proxyname:8080
And for git:
git config --global http.proxy http://proxyname:8080
git config --global https.proxy http://proxyname:8080
Both git config --list and npm config list confirm that these proxy settings are in place.
I have also allowed the programs through the fire wall by going to Windows Firewall -> Allow a program or feature through windows firewall. Then I selected the node.exe for Node.js and for git I selected git.exe.
I still however have the issue whereby it is failing to connect to Github. Is there anything else I am missing or forgetting to setup? Both Node.js and Git were installed for the first time for this task.

In addition to the above settings, it's possible that you're getting this error if some of the downloaded libraries declare their dependencies using the git:// protocol instead of https://. These dependencies then usually fail with the above error.
To fix this, you can run the following:
git config --global url."https://".insteadOf git://
This will add a configuration option to Git, asking Git to use https whenever a URL uses the git:// protocol.
This setting fixed many proxy issues for me.

You need to add proxy authentication to your command application. I assume you are working in windows, the following works for me (I don't need to add the proxy to either npm or git unless running git commands).
In your active command window you need either or both of these for each session including initial instalation adding devices or plugins and on first application build:
set https_proxy=http://username:password#proxy:port
set http_proxy=http://username:password#proxy:port
So mine looks like this:
set https_proxy=http://john.doe:1234#proxy.det.nsw.edu.au:8080
Ben

With git 2.8 (March 2016), you don't have to embed in clear text your password in the url.
See commit 372370f, commit ef97639 (26 Jan 2016) by Knut Franke (``).
Helped-by: Junio C Hamano (gitster), Eric Sunshine (sunshinebell28), and Elia Pinto (devzero2000).
(Merged by Junio C Hamano -- gitster -- in commit 30f302f, 03 Feb 2016)
http: use credential API to handle proxy authentication
Currently, the only way to pass proxy credentials to curl is by including them in the proxy URL. Usually, this means they will end up on disk unencrypted, one way or another (by inclusion in ~/.gitconfig, shell profile or history).
Since proxy authentication often uses a domain user, credentials can be security sensitive; therefore, a safer way of passing credentials is desirable.
If the configured proxy contains a username but not a password, query the
credential API for one. Also, make sure we approve/reject proxy credentials
properly.
So:
In addition to the syntax understood by curl, it is possible to specify a proxy string with a user name but no password, in which case git will attempt to acquire one in the same way it does for other credentials.
See gitcredentials for more information.
The syntax thus is:
[protocol://][user[:password]#]proxyhost[:port]
This can be overridden on a per-remote basis; see remote.<name>.proxy.
http: allow selection of proxy authentication method
CURLAUTH_ANY does not work with proxies which answer unauthenticated requests with a 307 redirect to an error page instead of a 407 listing supported authentication methods.
Therefore, allow the authentication method to be set using the environment variable GIT_HTTP_PROXY_AUTHMETHOD or configuration variables http.proxyAuthmethod and remote.<name>.proxyAuthmethod (in analogy
to http.proxy and remote.<name>.proxy).
The following values are supported:
anyauth (default)
basic
digest
negotiate
ntlm

Related

Log4j-Audit Getting Started fails for Catalog Editor

Was doing the Log4J-Audit getting started at https://logging.apache.org/log4j-audit/latest/gettingStarted.html
In the Catalog Editor section found some problems:
Download jar url was incorrect, missing "log4j-audit" folder
wget url was incorrect, had an extra 1.0.1 folder
git remote -v was set to ${remoteRepoUrl} instead of actual http://github.com/etc address. And the repo was not pulled. The .git folder was found but the git pull never happened. I think this might be related to proxy server but not sure if git supports a Variable.
Am I doing it wrong or are the instructions incorrect?
Where can I report such a problem?
In the end, I manually changed the
git remote set-url origin http://github.com/etc
did a manual git pull, and then the UI finally came up.
So, #1 and #2 are still a problem.
Because I have a corporate proxy server which also requires a user/password
3 was solved with adding system env vars like this
java -Dhttps.proxyHost=myProxyServer -Dhttps.proxyPort=8080 -jar log4j-catalog-editor-1.0.1.jar
It does seem that the sun.net.HTTPSClient class which is called, does not mention using Basic Auth so not convinced why it works.
A new thing I found in the Getting Started tutorial is that it's important to change the branch=master in the application.properties.

what is the different git :// and git+https://?

I want to add a git repository to my package.json.
{
"dependencies": {
"dep1": "git+https://url1",
"dep2": "git://url1"
}
When I run dep1 it worked for and dep2 failed.
What is the diffrerent between git+https and git://?
Does it is the same result ?
Do I need to add something to .git?
There are several protocols you can use to reference your dependencies in package.json:
git,
git+ssh,
git+http,
git+https and
git+file
As always, there are pros and cons of all of the protocols.
The difference is that with git: you're using the native git protocol and with git+https: you're accessing a git repo over HTTPS (you could also use SSH instead of HTTPS, for example, but the server needs to support it).
The git protocol is very fast but it lacks authentication or encryption.
The git+https is nice for public repos and it works well with proxies and firewalls but if you need authentication then you need to provide username and password.
The git+ssh is good for private repos because it uses your ssh public keys for authentication and no passwords need to be entered.
The git+file is for referencing repos on your own filesystem, usually local files but it can also be used with remote files with SMB or NFS.
Now, if you want to change git+http to git then it will work only if you have a git server installed and listening on the same host and serving the same repos.
It's like changing http: to ftp: in a URL - it will work only if you have an FTP server installed on the same host and serving the same files.
The bottom line is that you can use only those protocols that the server supports.
See the docs:
https://docs.npmjs.com/cli/install
https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols
Reference question https://askubuntu.com/questions/858711/what-is-the-meaning-of-githttps-github-com.
"It means the connection can use both the http and git protocols. The protocols are explained here."
Essentially you are just adding the ability for git to use HTTPS for transferring data. More detail is contained in the link.
It indicates to the NPM package manager that you wish to use git, with a repository URL of https://url1.
<protocol> is one of git, git+ssh, git+http, git+https, or git+file.
https://docs.npmjs.com/files/package.json#git-urls-as-dependencies
If you were talking directly to git, you would just say git clone https://url1, but NPM can use other protocols like file:, or https: to download a tarball over plain HTTPS. Other package managers like pip support this pattern as well.
your dep1 is the https protocol and the git protocol
dep1": "git+https://url1"
your dep 2 is just the git protocol
dep2": "git://url1:
The reason you were able to succesfully use dep1 and not dep2 is because you are operating with a web server that authenticates over https. You appear to not be dealing with a git server, thus dep2 is redundant and can be removed.
As to not reinvent the wheel or semi-plagiarize others. Here are some good reads for those interested.
This is a length read on git protocols if interested.
https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols
This provides a good tl;dr understanding of the protocols.
https://gist.github.com/grawity/4392747

NPM behind NTLM proxy

Is it possible to run npm install behind an HTTP proxy, which uses NTLM authentication? If yes, how can I set the server's address and port, the username, and the password?
I solved it this way (OS: Windows XP SP3):
1. Download CNTLM installer and run it.
2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it's never a good idea to store unencrypted passwords in text files.
Username YOUR_USERNAME
Domain YOUR_DOMAIN
Proxy YOUR_PROXY_IP:PORT
Listen 53128
3. Open console, and type these commands to generate password hashes.
> cd c:\the_install_directory_of_cntlm
> cntlm -H
Password: ...type proxy password here...
PassLM D6888AC8AE0EEE294D954420463215AE
PassNT 0E1FAED265D32EBBFB15F410D27994B2
PassNTLMv2 91E810C86B3FD1BD14342F945ED42CD6
4. Copy the above three lines into cntlm.ini, under the Domain field's line. Once more, do not fill in the Password field. Save cntlm.ini.
5. Open the Service Manager (from command line: services.msc), and start the service called "CNTLM Authentication Proxy".
6. In the console, type these lines:
> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry https://registry.npmjs.org
7. Now npm view, npm install etc. should work. Example:
> npm view qunit
...nice answer, no errors :)
CNTLM answer was working for me, but with connection errors make npm unusable. I've fixed them by adding this header in CNTML.
Header Connection: close
Another alternative is to use Px for Windows which talks NTLM on your behalf like Cntlm and NTLMAps without having to provide your credentials. It uses the logged in user's credentials via SSPI.
Rather than running CNTLM, you could instead try running Fiddler when you need to use npm. I've found this works in fairly locked down environments (e.g. investment banks). It's also a tool that is fairly easy to make a business case for (if you need to) since it's invaluable for checking/creating/altering HTTP traffic.
I've had to go this route before due to usage of smartpass authentication - i.e. we didn't actually have passwords. At those locations setting up CNTLM would have been impossible.
You can pass the settings as parameters:
npm --proxy=http://username:password#proxyserver:port --proxy-https=http://username:password#proxyserver:port --registry=http://registry.npmjs.org/ install whateveryouwanttoinstall
CNTLM didn't work for me. I tried all possible combinations. NPM was giving Authentication error. Fiddler came for rescue and saved my time. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these
registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false
It worked for me :)
Another Fiddler Option:
A second way to make Fiddler act as an HTTP proxy for NTLM and other protocols is to leave the auto authenticate options/rules defaults in place and go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.
Open your .npmrc file in C:\users\username\ folder using notepad
Add the below lines..
Replace domain, username, pwd, servername with your correct values
Try to install or get packages now
If trying from Vs2017, close and reopen VS IDE, then only it works
proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
https-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
http-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
strict-ssl=false
CNTLM worked for me as suggested by KOL. Thanks KOL for that. Just wanted to add that there are some oddities in individual proxies because of which the password may not be acceptable when using simple cntlm -H.
Use cntlm -I -M http://test.com and copy the below config after erasing older configs and you should be through.
The output is like
---------------------------------------------------
Auth NTLM
PassNT 8EE9B595A89F7D8774C2146FB302CBCF
PassLM 78901DA9889727EDE28EF9F2769485B9
----------------------------------------------------

git-svn ignores http proxy (debian)

Searching how to use git with a proxy I found two solutions:
the http_proxy environment variable
the git config http.proxy
Since export http_proxy=http://proxy.fqdn:8080 made wget work, but not git-svn, I tried the second option additionally: git config --global http.proxy http://proxy.fqdn:8080. But to no success. Wireshark still tells me that git-svn contacts the remote repository directly. Alas:
git svn clone -s http://svn.wp-plugins.org/yak-for-wordpress
ZM-Schicht Anforderung gescheitert: OPTIONS von »http://svn.wp-plugins.org/yak-for-wordpress«: Konnte keine Verbindung zum Server herstellen (http://svn.wp-plugins.org) at /usr/lib/git-core/git-svn line 1916
Am I missing something, or is this a bug in git-svn? Did anyone try successfuly to clone a svn repo through a proxy?
Make sure you don't have to specify your username and password as well (in addition to the proxy address).
But also consider adding that same information (http.proxy) to SVN itself (as in this thread):
Adding proxy information in the [global] section in $HOME/.subversion/servers fixed the issue.

How can I get git to work with a remote server?

I am the CM person for a small company that just started using Git. We have two Git repositories currently hosted on a Windows box that is our all-purpose Windows server. But, we just set up a dedicated server for our CM software on an Ubuntu Linux server named "Callisto".
So I created a test Git repository on Callisto. I gave its directory all of the proper permissions recursively. I had the sysadmin create a login for me on Callisto, and I created a key to use for logging in via SSH. I set up my key to use a passphrase; I don't know if that could be contributing to my problems? Anyway, I know my SSH login works because I tested it through puTTY.
But, even after hours of trials and head scratching, I can't get my Windows Git bash (mSysGit) to talk to Callisto for the purposes of pushing or pulling Callisto's git repository files.
I keep getting "Fatal error. The remote end hung up unexpectedly." And I've even gotten the error that Git doesn't recognize the test repository on Callisto as a git repository. I read online that the "Fatal error...hung up unexpectedly" is usually a problem with the server connection or permissions. So what am I missing or overlooking here? And why doesn't a pull using the git:// protocol work, since that only uses read-only access? Group and public permissions for the git repository's directory on Callisto are set to read and execute, but not write.
If anyone could help, I would be so grateful. Thank you.
If you use putty/pageant, check if your host is in the know_hosts file in
docssettings/userdir/.ssh
If not, try putty first and accept the key your server provides.
Do you have similar lines in .git/config?
[remote "origin"]
url = ssh://user#server/.../repo.git
I have only passing familiarity with mSysGit, but I don't think it installs an ssh client. Without the ssh client, git cannot connect to the server. (This functionality isn't baked into git as per the Unix philosophy.) As for the git protocol, unless the server has that enabled, it won't work. Since it seems you have the server setup for ssh access, I doubt you'll get anywhere with the git protocol.
Anyway, I know my SSH login works
because I tested it through puTTY.
Have you confirmed that you can SSH to the server from your msysgit client?
i.e. what happens when you ssh user#callisto.com from the msysgit command line?
For further details about setting up your git server, you may want to review Pro Git: Chapter 4 "Git on the Server".
And why doesn't a pull using the
git:// protocol work, since that only
uses read-only access?
For the git protocol to work, you must setup the git daemon on your server as described in Chapter 4.9 of Pro Git.
You may also want to take a look at this answer to a related SO question. It has a more detailed checklist of things to consider.

Resources