Automating proxy configuration across multiple applications without plaintext password

Question

More generally than the post described here: Using bash functionality in rc files

I would like to set an appropriate proxy configuration for all/multiple applications including but not limited to: snap/apt/cpan/pip/wget/curl. Moreover, I would like to avoid having my proxy password displayed anywhere in plaintext. How/is it possible to achieve this?

This post implies that every system process will be configured for proxy via /etc/environment. I have not had such success (see EDIT), so I am currently under the assumption that all proxy configurations must be made per application. Regarding the linked post, and the use of secret-tool, it seems to me that this assumes the file defining the proxy configuration(s) can evaluate bash expressions (which hasn't been my experience with the .curlrc/.wgetrc files).

EDIT:

With the contents of etc/environment equal to:

http_proxy=http://user:[email protected]:80
https_proxy=http://user:[email protected]:80

and the contents of my .curlrc file equal to:

proxy=http://user:[email protected]:80

I can run:

curl https://unix.stackexchange.com/posts/752654/edit --output test.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 70115    0 70115    0     0    99k      0 --:--:-- --:--:-- --:--:--   99k

which generates test.html as expected.

Without changing the contents of /etc/environment and removing the .curlrc file, the download hangs indefinitely:

curl https://unix.stackexchange.com/posts/752654/edit --output test.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:25 --:--:--     0

I'm using RHEL on WSL.

"I am currently under the assumption that all proxy configurations must be made per application." While every process *can* decide for itself, proxy configuration is pretty consistent these days, through the means you mention. So, please describe what actually goes wrong. Let's fix the actual problems you have, not hypothetical ones. — Marcus Müller, Jul 28 '23 at 14:38
@MarcusMüller Maybe I should start with: is there a *system-wide* proxy configuration that will work for all applications? Follow-up question: am I correct in understanding that the system-wide configuration resides in `/etc/environment`? If yes, why do the parameters (in `/etc/environment` above not work [in the absence of .curlrc/.wgetrc having the same parameters]) to e.g. successfully download a file with wget or curl? — Sterling Butters, Jul 28 '23 at 15:25
yes, the one you mentioned. **What does not work**? Please give a concrete example. — Marcus Müller, Jul 28 '23 at 15:37
Thanks! But the thing here is, when it does *not* work, you had removed the edit in the /etc/environment. OK, that's expected. But if it's in /etc/environment (and *not* in curlrc), it's working, right? — Marcus Müller, Jul 28 '23 at 15:59
@MarcusMüller No ("Without changing the contents of /etc/environment..."). In both scenarios, the proxy configuration is set in `/etc/environment`. Only when the proxy config is set in `.curlrc` can I successfully curl. — Sterling Butters, Jul 28 '23 at 16:08
That's the interesting part! With the environment variables still set (I assume they are, check with `echo Proxy for HTTP: $http_proxy, for HTTPS: $https_proxy`), run a `curl -vv https://unix.stackexchange.com/posts/752654/edit`. The first line should be `* Uses proxy env variable https_proxy`. Is it? — Marcus Müller, Jul 28 '23 at 16:23
@MarcusMüller The variables are unset: "Proxy for HTTP: , for HTTPS: ". First line in curl execution is `Trying 151.101.193.69:443...` — Sterling Butters, Jul 28 '23 at 16:33
ah, so that means that your changes /etc/environment never had effect. You did reboot after you put your `http_proxy=..` and `https_proxy=...` in there? — Marcus Müller, Jul 28 '23 at 16:59
@MarcusMüller Just to be sure, I rebooted again. The variables still are not set — Sterling Butters, Jul 28 '23 at 17:13
Since the current issue appears to be `/etc/environment` not behaving as expected, how are you logging into the machine to run `curl`? I believe `/etc/environment` is processed with PAM through `pam_env.so`. Also, what operating system are you attempting this on? — GracefulRestart, Jul 28 '23 at 18:43
So here's the deal: I don't have a windows machine, so I can't test it. However, multiple sources say that /etc/profile isn't sourced by bash launched in WSL, so that's probably the underlying issue. Can you try to open a WSL shell, run `export https_proxy=yourproxy...`, then `curl -vv https://unix.stackexchange.com/posts/752654/edit` from the same? If that works, we just need to figure out how to permanently set environment variables in WSL. My guess is, you can set an environment variable in your host Windows to set environment variables inside. — Marcus Müller, Jul 28 '23 at 19:00
yup that works! can I not just export the variables in my `.bashrc` (which is sourced on launch in WSL [and what implications would this have])? — Sterling Butters, Jul 28 '23 at 19:07
got it i think `wsl -d RedHat -u root -- /bin/login -f `. So just to clarify, this environment variable should work for all of snap/apt/cpan/pip/wget/curl, etc? — Sterling Butters, Jul 28 '23 at 19:22
they usually do :) I mean, I really can't look into every program and guarantee it (it's really the choice every program that does a HTTP request makes), but in my experience that works. (Snap might be a bit special; I think it reads /etc/environment on its own? Can't remember.) — Marcus Müller, Jul 28 '23 at 21:03

Automating proxy configuration across multiple applications without plaintext password

0 Answers0

Linked