Hi,
for various reasons I am trying to install a private repository for Centos 5, and I would like to use HTTPS only connections. The servers must access to this repository through a proxy.
In the .repo file I have configured :
baseurl=https://my.repository/pkg/stable/$basearch
The proxy is defined correctly.
yum fails with:
https://my.repository/pkg/stable/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 501: Not Implemented
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: Please verify its path and try again.
Using a fake proxy shows me that the request sent by yum is not correct (ie GET https://... Instead of a classical CONNECT request).
I have found (thanks google) that this bug is known, seems related to urllib2.py and httplib.py from python 2.4, but I can't find a way to make it works. The patches and the solution are quite old, and does not seems to apply (or I am doing something wrong).
Futhermore the bug is known from Redhat https://bugzilla.redhat.com/show_bug.cgi?id=208852 since a long time, and according bugzilla has been corrected in 2006 !
Well, I don't know where to look at now, so help appreciated !
--
Julien Gilles.
for various reasons I am trying to install a private repository for
Centos 5,
and I would like to use HTTPS only connections. The servers must
access to this
repository through a proxy.
Well, I found the solution, but I am a little puzzled...
The proxy has to be defined using https:// instead of http://
Yum could suppose himself that proxy is HTTPS aware and could try to connect the proxy using the CONNECT command instead of trying this insane "GET https://..."
Hope this will help someone else facing the same problem a day !
-- Julien Gilles.
On 5/25/2011 7:33 AM, Julien.GILLES@sungard.com wrote:
for various reasons I am trying to install a private repository for
Centos 5,
and I would like to use HTTPS only connections. The servers must
access to this
repository through a proxy.
Well, I found the solution, but I am a little puzzled...
The proxy has to be defined using https:// instead of http://
Yum could suppose himself that proxy is HTTPS aware and could try to connect the proxy using the CONNECT command instead of trying this insane "GET https://..."
Hope this will help someone else facing the same problem a day !
In a local setup you might be able to manage with ssh port-forwarding over ssh to a squid running on the server holding your repo. That way you can 'export http_proxy=http://localhost:local_port' and establish the ssh connection before running yum and the network traffic to the repository will be encrypted and only need port 22 open.
Les Mikesell wrote:
On 5/25/2011 7:33 AM, Julien.GILLES@sungard.com wrote:
for various reasons I am trying to install a private repository for
Centos 5,
and I would like to use HTTPS only connections. The servers must
access to this
repository through a proxy.
Well, I found the solution, but I am a little puzzled...
The proxy has to be defined using https:// instead of http://
Yum could suppose himself that proxy is HTTPS aware and could try to connect the proxy using the CONNECT command instead of trying this insane "GET https://..."
Hope this will help someone else facing the same problem a day !
In a local setup you might be able to manage with ssh port-forwarding over ssh to a squid running on the server holding your repo. That way you can 'export http_proxy=http://localhost:local_port' and establish the ssh connection before running yum and the network traffic to the repository will be encrypted and only need port 22 open.
Vary nice solution Les.
On 5/25/2011 1:05 PM, Ljubomir Ljubojevic wrote:
In a local setup you might be able to manage with ssh port-forwarding over ssh to a squid running on the server holding your repo. That way you can 'export http_proxy=http://localhost:local_port' and establish the ssh connection before running yum and the network traffic to the repository will be encrypted and only need port 22 open.
Vary nice solution Les.
I use it regularly myself without a local repo for machines that (intentionally) don't have direct access to the internet or our caching proxies where I point yum anytime there are enough machines to overcome its tendency to pull a copy from every mirror. You also need to 'export ftp_proxy=http://...' for the generic case where the mirrors will include ftp urls (squid handles them equally well).
Les Mikesell wrote:
On 5/25/2011 1:05 PM, Ljubomir Ljubojevic wrote:
In a local setup you might be able to manage with ssh port-forwarding over ssh to a squid running on the server holding your repo. That way you can 'export http_proxy=http://localhost:local_port' and establish the ssh connection before running yum and the network traffic to the repository will be encrypted and only need port 22 open.
Vary nice solution Les.
I use it regularly myself without a local repo for machines that (intentionally) don't have direct access to the internet or our caching proxies where I point yum anytime there are enough machines to overcome its tendency to pull a copy from every mirror. You also need to 'export ftp_proxy=http://...' for the generic case where the mirrors will include ftp urls (squid handles them equally well).
I have my own repo with all mayor repositories stored, and repo for some of packages recompiled by me. Both are visible from internet, but I am thinking of hiding that part with mirrored repos, so my server and bandwidth are not pound upon, but at the same time can access those repositories from arround the internet for systems i maintain.
But I just thought of having ssh account would allow people to run commands on my server. Hmm.
Ljubomir
Just a reminder to anyone thinking of adding to this thread -- this is the CentOS-devel mailing list, for issues with the development of the CentOS Project.
The general, main, CentOS m/l should have been used by this thread's OP. If this thread needs to continue, please continue it there.
Thanks.
Alan.
-----Message d'origine----- De : centos-devel-bounces@centos.org [mailto:centos-devel- bounces@centos.org] De la part de Alan Bartlett Envoyé : mercredi 25 mai 2011 20:58 À : The CentOS developers mailing list. Objet : Re: [CentOS-devel] Using https repository through proxy
Just a reminder to anyone thinking of adding to this thread -- this is the CentOS-devel mailing list, for issues with the development of the CentOS Project.
The general, main, CentOS m/l should have been used by this thread's OP. If this thread needs to continue, please continue it there.
Yes, my first question was about the management of https proxy by yum, and the fact that the bug seems to be known and to be resolved on Redhat, but it still does not work on CentOS ; of course workarounds (mirroring, tunnels,...) are always possible, but I wonder if the developers are aware of it and if I need to open a new bug for that. It is still present in CentOS 6 ?
-- Julien Gilles.
-
Alan Bartlett -
Julien.GILLES@sungard.com -
Les Mikesell -
Ljubomir Ljubojevic