使用netcat构建的代理不允许http基本身份验证

Question

I made a simple proxy server using nc , here's the one-liner:

mkfifo queueueue
nc -l 8080 <queueueue | nc http://$JENKINS_HOSTNAME 80 >queueueue

It listens on port 8080 and then forwards the data to a connection to our Jenkins server. Jenkins is behind a VPN, and the machine I am running this proxy on has VPN access.

On my other machine (no VPN access), I would like to curl the Jenkins server, here's the command to initiate the request through the proxy:

http_proxy=10.1.10.10:8080 curl --user $JENKINS_USERNAME:$JENKINS_PASSWORD http://$JENKINS_HOSTNAME/api/json

Both the client and the proxy machine are on the same network, I can ping and ssh between them, also, I know that the client is connecting to the proxy server, I think the failure is arising when the client is trying to authenticate, here's the output when I try to curl:

$ http_proxy=10.1.10.10:8080 curl --user $JENKINS_USERNAME:$JENKINS_PASSWORD http://$JENKINS_HOSTNAME/api/json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="<some other url>">here</a>.</p>
<hr>
<address>Apache Server at $JENKINS_HOSTNAME Port 80</address>
</body></html>

How can I curl through a proxy like this with HTTP Basic Authentication?

Answer 1

I would use ssh for this instead of netcat.

Just to get some confusion out of the way, I will be referring to the node with VPN access as the "server", and the node without VPN access as the "client".

On the server side you should only need to install and have an ssh server running (in my test I have OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011).

On the client side you will need to do the following:

1) in your /etc/hosts file add in the address that your target URL resolves as on the server. I wasn't able to get curl to run DNS lookups through the proxy, which is why this is necessary.

2) setup ssh keys between the server and the client. while this is not necessary, it makes life easier.

3) run the following ssh command to have ssh act as a SOCKS proxy:

user@host$ ssh -vND 9999 <server>

-v is there so you can see what is going on with ssh, -N tells ssh to not execute a remote command - this is useful for just simple port forwarding -D this option is what actually forwards your local requests to the server

4) now you should be able to run the curl command you have above, but add in

---socks5 localhost:9999

Your full command will look like this:

curl --user $USER:$PASSWORD --socks5 localhost:9999 http://$JENKINS/api/json

If I can figure out how to forward the DNS requests from curl through ssh I'll update the ticket.

edit: formatting, awful grammar.