router/CentOS7
2つのnicを持ったマシンでネットワークを繋げる.
他方はインターネットに繋がるが、もう片方はそのままでは外には出れない. dnf/yum updateすらできない.
このGate(192.168.0.100, 10.10.0.254)のデフォルトGWは 192.168.0.1 を指示している.
内部の 10.10.0.1 のマシンに dnf/yum updateを仕掛けるには、このGateに proxyサービスを提供する Squid を入れる必要がある.
Squid インストール †
一応現状は下記のようになっていて
[root@gate ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@gate ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:70:ef:c7 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 42946sec preferred_lft 42946sec
inet6 fe80::20c:29ff:fe70:efc7/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:70:ef:d1 brd ff:ff:ff:ff:ff:ff
inet 10.10.0.254/24 brd 10.10.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe70:efd1/64 scope link
valid_lft forever preferred_lft forever
[root@gate ~]# ip route
default via 192.168.0.1 dev eth0 proto dhcp metric 100
10.10.0.0/24 dev eth1 proto kernel scope link src 10.10.0.254 metric 101
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.100 metric 100
[root@gate ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@gate ~]#
* ip_forwardは無効のままです
そこに proxyサービスの squid を入れます
[root@gate ~]# yum -y install squid
[root@gate ~]# yum info squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.yz.yamagata-u.ac.jp
* extras: ftp.yz.yamagata-u.ac.jp
* updates: ftp.yz.yamagata-u.ac.jp
Installed Packages
Name : squid
Arch : x86_64
Epoch : 7
Version : 3.5.20
Release : 17.el7_9.8
Size : 10 M
Repo : installed
From repo : updates
Summary : The Squid proxy caching server
URL : http://www.squid-cache.org
License : GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
Description : Squid is a high-performance proxy caching server for Web clients,
: supporting FTP, gopher, and HTTP data objects. Unlike traditional
: caching software, Squid handles all requests in a single,
: non-blocking, I/O-driven process. Squid keeps meta data and especially
: hot objects cached in RAM, caches DNS lookups, supports non-blocking
: DNS lookups, and implements negative caching of failed requests.
:
: Squid consists of a main server program squid, a Domain Name System
: lookup program (dnsserver), a program for retrieving FTP data
: (ftpget), and some management and client tools.
[root@gate ~]#
設定 †
正直あまり要らないかな. そのままで使います. 使うポートは3128
起動 †
[root@gate ~]# systemctl enable squid --now
つかう †
Gateの内側のマシン[10.10.0.1]から外の世界へアクセスするために proxy の設定を施します.
まずその内部マシンの仕様
[root@internal ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@internal ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:03:0d brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/24 brd 10.10.0.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe48:30d/64 scope link
valid_lft forever preferred_lft forever
[root@internal ~]# ip route
default via 10.10.0.254 dev ens192 proto static metric 100
10.10.0.0/24 dev ens192 proto kernel scope link src 10.10.0.1 metric 100
[root@internal ~]# cat /etc/resolv.conf
[root@internal ~]#
「/etc/resolv.conf」の中身は空です.
っで
- yum/dnf を使うなら
「/etc/yum.conf」に proxy 先を記載します. これでyumはproxyを介して外に繋げてパッケージをダウンロードします
[root@internal ~]# echo "proxy=http://10.10.0.254:3128" >> /etc/yum.conf
[root@internal ~]# yum install wget -y
- wgetでパッケージを拾うなら
コマンドライン上で「-e HTTPS_PROXY=http://10.10.0.254:3128」を付けるか
[root@internal ~]# wget -e HTTPS_PROXY=http://10.10.0.254:3128 https://web.chaperone.jp/index.html --no-check-certificate
[saber@internal ~]$ echo "https_proxy=http://10.10.0.254:3128/" > ~/.wgetrc
[saber@internal ~]$ wget https://web.chaperone.jp/index.html --no-check-certificate
[root@internal ~]# echo "https_proxy=http://10.10.0.254:3128/" > /etc/wgetrc
export http_proxy=http://10.10.0.254:3128/
- curl
「/etc/curlrc」に入れて固定させるか、「$HOME/.curlrc」に
proxy = "http://10.10.0.254:3128"
##proxy-user = "ユーザ名:パスワード"
export http_proxy=http://10.10.0.254:3128
export https_proxy=http://10.10.0.254:3128
curl http://web.chaperone.jp -x http://10.10.0.254:3128
- gitをproxy越しに使う
「git config」で設定を行う
[saber@internal ~]$ git config --global --list
fatal: unable to read config file '/home/saber/.gitconfig': No such file or directory
[saber@internal ~]$ git config --global http.proxy http://10.10.0.254:3128
[saber@internal ~]$ git config --global --list
http.proxy=http://10.10.0.254:3128
[saber@internal ~]$
[saber@internal ~]$ git clone https://github.com/StructuralBiology-ICLMedicine/SIDESPLITTER
- conda
[saber@internal ~]$ wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
[saber@internal ~]$ bash Miniconda3-latest-Linux-x86_64.sh -h
usage: Miniconda3-latest-Linux-x86_64.sh [options]
Installs Miniconda3 py39_4.12.0
-b run install in batch mode (without manual intervention),
it is expected the license terms are agreed upon
-f no error if install prefix already exists
-h print this help message and exit
-p PREFIX install prefix, defaults to /home/saber/miniconda3, must not contain spaces.
-s skip running pre/post-link/install scripts
-u update an existing installation
-t run package tests after installation (may install conda-build)
[saber@internal ~]$ bash Miniconda3-latest-Linux-x86_64.sh -b
[saber@internal ~]$ miniconda3/bin/conda init
(close and re-open your current shell)
(base) [saber@internal ~]$ conda --version
conda 4.12.0
(base) [saber@internal ~]$
(base) [saber@internal ~]$ conda config --set proxy_servers.http http://10.10.0.254:3128
(base) [saber@internal ~]$ conda config --set proxy_servers.https http://10.10.0.254:3128
(base) [saber@internal ~]$ cat /home/saber/.condarc
proxy_servers:
http: http://10.10.0.254:3128
https: http://10.10.0.254:3128
(base) [saber@internal ~]$
(base) [saber@internal ~]$ conda create -n sample python=3.9
- pip
一時的なら「--prpxy http://10.10.0.254:3128」で凌げるが、恒久的には「~/.pip/pip.conf」を用意する
(base) [saber@internal ~]$ pip install scipion-installer --proxy http://10.10.0.254:3128
(base) [saber@internal ~]$ mkdir ~/.pip
(base) [saber@internal ~]$ vi ~/.pip/pip.conf
[global]
proxy = http://10.10.0.254:3128
(base) [saber@internal ~]$
- R
環境変数「https_proxy」を定義すれば行けるみたい
[saber@internal ~]$ export https_proxy="http://10.10.0.254:3128"
[saber@internal ~]$ R
> install.packages("BiocManager")
あるいは
[saber@internal ~]$ echo "https_proxy=http://10.10.0.254:3128/" >> ~/.Renviron
- Singularity
コマンドラインなら
HTTP_PROXY=${HTTP_PROXY} HTTPS_PROXY=http://10.10.0.254:3128/ singularity build ...
export http_proxy=http://10.10.0.254:3128/
export https_proxy=http://10.10.0.254:3128/
export no_proxy=localhost,127.0.0.1
クライアントにproxy.pacを読ませるなら †
[root@gate ~]# yum install httpd
[root@gate ~]# systemctl start httpd
[root@gate ~]# vi /var/www/html/proxy.pac
function FindProxyForURL(url, host) {
return "PROXY 10.10.0.254:3128; DIRECT";
}
[root@gate ~]#
*proxy.pacでproxyが有効になるのはブラウザとかかな。yum/dnfは別途設定が必要.
![[PukiWiki]](image/picc.png "[PukiWiki]")
