Like many companies, mine uses an HTTP proxy to protect us from various security risks, such as malware, unintended data leaks, and the like. In general this is a great thing. I heard from one of our risk engineers that malware incidents went down substantially when they implemented this proxy.
However, as a developer trying to code behind this proxy, it’s a constant battle. I recently found develop-behind-proxy, which is a very good resource for this. In particular, knowing how to configure the tools you’re using is super important. There doesn’t seem to be very much agreement out there in how to configure tools to route http/https traffic through the proxy, especially when any kind of proxy authentication is involved.
The things I’ve tried have included:
- setting HTTP_PROXY, HTTPS_PROXY, and similar environment variables
- setting the lower case version of these vars (are some tools case-sensitive? I think so…)
- putting my username and password in the proxy URL (e.g. http://user:firstname.lastname@example.org:8080)
- URL encoding my username and password
- since this is a windows environment, adding the domain and a backslash before my username
- setting these in various places, like the windows user environment variables, Cmder‘s user-profile.cmd file, the .bash_profile inside the little Ubuntu VM I set up since some apps are either not available or break in weird ways in the windows shell
Of course I haven’t taken detailed notes so I’m not sure which config works for each tool! That’s on me though.
Oh, I’ve also tried Cntlm, and it has a nice little way to encrypt your username and password so that you can feel a little better about putting your credentials in a config file. But so far it hasn’t seemed to really help that much. The key thing I can’t quite figure out with it is how to reference it running as a Windows service from inside the Ubuntu VM.
The frustrating thing about this is that I get the feeling that all of this energy I’m spending configuring the proxy is taking away brain power and time from my “real work”.
But maybe not? Perhaps part of being a coder in a corporate setting is fighting the proxy? Perhaps we should put this in our job postings?