FAQ
Hi,



for various reasons I am trying to install a private repository for
Centos 5, and I would like to use HTTPS only connections. The servers
must access to this repository through a proxy.



In the .repo file I have configured :

baseurl=https://my.repository/pkg/stable/$basearch



The proxy is defined correctly.



yum fails with:



https://my.repository/pkg/stable/x86_64/repodata/repomd.xml: [Errno 14]
HTTP Error 501: Not Implemented

Trying other mirror.

Error: Cannot retrieve repository metadata (repomd.xml) for repository:
Please verify its path and try again.



Using a fake proxy shows me that the request sent by yum is not correct
(ie GET https://... Instead of a classical CONNECT request).



I have found (thanks google) that this bug is known, seems related to
urllib2.py and httplib.py from python 2.4, but I can't find a way to
make it works. The patches and the solution are quite old, and does not
seems to apply (or I am doing something wrong).



Futhermore the bug is known from Redhat
https://bugzilla.redhat.com/show_bug.cgi?id 8852 since a long time,
and according bugzilla has been corrected in 2006 !



Well, I don't know where to look at now, so help appreciated !



--

Julien Gilles.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos-devel/attachments/20110525/f170c4b7/attachment.html

Search Discussions

  • Julien GILLES at May 25, 2011 at 8:33 am

    for various reasons I am trying to install a private repository for Centos 5,
    and I would like to use HTTPS only connections. The servers must
    access to this
    repository through a proxy.
    Well, I found the solution, but I am a little puzzled...

    The proxy has to be defined using https:// instead of http://

    Yum could suppose himself that proxy is HTTPS aware and could try to
    connect the proxy using the CONNECT command instead of trying this
    insane "GET https://..."

    Hope this will help someone else facing the same problem a day !

    --
    Julien Gilles.
  • Les Mikesell at May 25, 2011 at 11:01 am

    On 5/25/2011 7:33 AM, Julien.GILLES at sungard.com wrote:
    for various reasons I am trying to install a private repository for Centos 5,
    and I would like to use HTTPS only connections. The servers must
    access to this
    repository through a proxy.
    Well, I found the solution, but I am a little puzzled...

    The proxy has to be defined using https:// instead of http://

    Yum could suppose himself that proxy is HTTPS aware and could try to
    connect the proxy using the CONNECT command instead of trying this
    insane "GET https://..."

    Hope this will help someone else facing the same problem a day !
    In a local setup you might be able to manage with ssh port-forwarding
    over ssh to a squid running on the server holding your repo. That way
    you can 'export http_proxy=http://localhost:local_port' and establish
    the ssh connection before running yum and the network traffic to the
    repository will be encrypted and only need port 22 open.

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Ljubomir Ljubojevic at May 25, 2011 at 2:05 pm

    Les Mikesell wrote:
    On 5/25/2011 7:33 AM, Julien.GILLES at sungard.com wrote:
    for various reasons I am trying to install a private repository for Centos 5,
    and I would like to use HTTPS only connections. The servers must
    access to this
    repository through a proxy.
    Well, I found the solution, but I am a little puzzled...

    The proxy has to be defined using https:// instead of http://

    Yum could suppose himself that proxy is HTTPS aware and could try to
    connect the proxy using the CONNECT command instead of trying this
    insane "GET https://..."

    Hope this will help someone else facing the same problem a day !
    In a local setup you might be able to manage with ssh port-forwarding
    over ssh to a squid running on the server holding your repo. That way
    you can 'export http_proxy=http://localhost:local_port' and establish
    the ssh connection before running yum and the network traffic to the
    repository will be encrypted and only need port 22 open.
    Vary nice solution Les.
  • Les Mikesell at May 25, 2011 at 2:33 pm

    On 5/25/2011 1:05 PM, Ljubomir Ljubojevic wrote:
    In a local setup you might be able to manage with ssh port-forwarding
    over ssh to a squid running on the server holding your repo. That way
    you can 'export http_proxy=http://localhost:local_port' and establish
    the ssh connection before running yum and the network traffic to the
    repository will be encrypted and only need port 22 open.
    Vary nice solution Les.
    I use it regularly myself without a local repo for machines that
    (intentionally) don't have direct access to the internet or our caching
    proxies where I point yum anytime there are enough machines to overcome
    its tendency to pull a copy from every mirror. You also need to 'export
    ftp_proxy=http://...' for the generic case where the mirrors will
    include ftp urls (squid handles them equally well).

    --
    Les Mikesell
    lesmikesell at gmail.com
  • Ljubomir Ljubojevic at May 25, 2011 at 2:46 pm

    Les Mikesell wrote:
    On 5/25/2011 1:05 PM, Ljubomir Ljubojevic wrote:
    In a local setup you might be able to manage with ssh port-forwarding
    over ssh to a squid running on the server holding your repo. That way
    you can 'export http_proxy=http://localhost:local_port' and establish
    the ssh connection before running yum and the network traffic to the
    repository will be encrypted and only need port 22 open.
    Vary nice solution Les.
    I use it regularly myself without a local repo for machines that
    (intentionally) don't have direct access to the internet or our caching
    proxies where I point yum anytime there are enough machines to overcome
    its tendency to pull a copy from every mirror. You also need to 'export
    ftp_proxy=http://...' for the generic case where the mirrors will
    include ftp urls (squid handles them equally well).
    I have my own repo with all mayor repositories stored, and repo for some
    of packages recompiled by me. Both are visible from internet, but I am
    thinking of hiding that part with mirrored repos, so my server and
    bandwidth are not pound upon, but at the same time can access those
    repositories from arround the internet for systems i maintain.

    But I just thought of having ssh account would allow people to run
    commands on my server. Hmm.

    Ljubomir
  • Alan Bartlett at May 25, 2011 at 2:58 pm
    Just a reminder to anyone thinking of adding to this thread -- this is
    the CentOS-devel mailing list, for issues with the development of the
    CentOS Project.

    The general, main, CentOS m/l should have been used by this thread's
    OP. If this thread needs to continue, please continue it there.

    Thanks.

    Alan.
  • Julien GILLES at May 26, 2011 at 3:45 am

    -----Message d'origine-----
    De?: centos-devel-bounces at centos.org [mailto:centos-devel-
    bounces at centos.org] De la part de Alan Bartlett
    Envoy??: mercredi 25 mai 2011 20:58
    ??: The CentOS developers mailing list.
    Objet?: Re: [CentOS-devel] Using https repository through proxy

    Just a reminder to anyone thinking of adding to this thread -- this is
    the CentOS-devel mailing list, for issues with the development of the
    CentOS Project.

    The general, main, CentOS m/l should have been used by this thread's
    OP. If this thread needs to continue, please continue it there.
    Yes, my first question was about the management of https proxy by yum, and
    the fact that the bug seems to be known and to be resolved on Redhat, but it
    still does not work on CentOS ; of course workarounds (mirroring, tunnels,...)
    are always possible, but I wonder if the developers are aware of it and if I
    need to open a new bug for that. It is still present in CentOS 6 ?

    --
    Julien Gilles.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos-devel @
categoriescentos
postedMay 25, '11 at 5:51a
activeMay 26, '11 at 3:45a
posts8
users4
websitecentos.org
irc#centos

People

Translate

site design / logo © 2022 Grokbase