Today we were setting up few Web servers on a private network which will be serving the traffic through the Load Balancer. The setup was simple until we came to know that the Webservers needs to connect to github.com for the repository access.
Diagnosis
We have a jumpbox / Bastion (10.10.1.10) which is used for the Administrative purpose. The jumbpbox has direct internet access for any operation which requires the internet.
After the team discussion, we have decided to use the same squid proxy which is running on the jumpbox.
Solution
So we allowed cachemgr access for our WebServer Private IP range.
squid.conf
acl webnet src 10.10.0.0/16 # Webservers network . . . # Only allow cachemgr access from localhost http_access allow webnet ##add this line http_access allow manager localhost http_access deny manager
Save the squid configuration and restart the service.
Client Side
Install socat package.
yum install -y socat
Since git protocol is over ssh, we need to add the below configuration to the .ssh/config file of the user.
ie, if the user is web, then the config file path will be /home/web/.ssh/config .
Add the below line and save it.
[sociallocker]
ProxyCommand=socat - PROXY:10.10.1.10:%h:%p,proxyport=3128
[/sociallocker]once the all the above configurations are done, you will be able to use git command over ssh, or ssh to any public server.
