SSH or git-clone via Proxy

Today we were setting up few Web servers on a private network which will be serving the traffic through the Load Balancer. The setup was simple until we came to know that the Webservers needs to connect to github.com for the repository access.

 

Diagnosis

We have a jumpbox / Bastion (10.10.1.10) which is used for the Administrative purpose. The jumbpbox has direct internet access for any operation which requires the internet.

After the team discussion, we have decided to use the same squid proxy which is running on the jumpbox.

Solution

So we allowed cachemgr access for our WebServer Private IP range.

squid.conf

acl webnet src 10.10.0.0/16       # Webservers network 
.
.
.
# Only allow cachemgr access from localhost
http_access allow webnet ##add this line
http_access allow manager localhost
http_access deny manager

Save the squid configuration and restart the service.

 

Client Side

Install socat package.

yum install -y socat

Since git protocol is over ssh, we need to add the below configuration to the .ssh/config file of the user.

ie, if the user is web, then the config file path will be /home/web/.ssh/config .
Add the below line and save it.

[sociallocker]

ProxyCommand=socat - PROXY:10.10.1.10:%h:%p,proxyport=3128

[/sociallocker]once the all the above configurations are done, you will be able to use git command over ssh, or ssh to any public server.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Scroll to Top