The Way of Getting Access Through Our Own HTTP Proxy

Since yesterday afternoon, we found that the access to suddenly lost, through some un-official source, we think it’s due to the GFW. Now we tested a solution to get the access back with our own HTTP proxy.

First please install the ncat/socat tool, with

  • pacman -S/yum|apt|brew|choco install nmap-ncat/ncat/nmap

  • pacman -S/yum|apt|brew install socat

Then put the following configuration into the file ~/.ssh/config(if there is no the file, you should create it by hand.):

	ServerAliveInterval 55
	ForwardAgent yes
	ProxyCommand /usr/bin/ncat --proxy %h %p
    # ProxyCommand /usr/bin/socat - PROXY:,proxyport=3128
    # ProxyCommand /usr/bin/nc -X 5 -x %h %p

netcat(或 nc) 支持的代理协议:4(SOCKS v.4)、5(SOCKS v.5) 与 connect(HTTPS proxy)。参见:man netcat

Settings under OS/Windows

Under M$ Windows OS, It's a little bit different with GNU/Linux. We need install the Chocolate package manager for Windows within an administrative Powershell window.

PS C:\Windows\system32> Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString(''))

Then, install the nmap package with choco.exe:

PS C:\Windows\system32> choco install nmap

We need install the Git-SCM for Windows to the git and Minimalist GNU for Windows, MinGW environment. After Git-SCM for Windows installed, we can now launch a Git Bash window, from right clicking the Windows Start button. From the Git Bash window, we can find the newly install ncat command location with which ncat, which returns the following output:

$ which ncat
/c/Program Files (x86)/Nmap/ncat

So, the ~/.ssh/config file should contain the following content now:

	ServerAliveInterval 55
	ForwardAgent yes
	ProxyCommand "/c/Program Files (x86)/Nmap/ncat" --proxy %h %p
    # ProxyCommand /usr/bin/socat - PROXY:,proxyport=3128
    # ProxyCommand /usr/bin/nc -X 5 -x %h %p

As the same with GNU/Linux OS,we should generate the SSH keys with ssh-keygen -t rsa, and put the ~/.ssh/ file content into the GitHub SSH keys

Now you get the SSH traffic proxied under Windows OS platform!

Note:in the last ProxyCommand statement, the -X 5 stands for SOCKS version 5, and the -x presents using the SOCKS proxy. Source: How can I use SSH with a SOCKS 5 proxy?

If any question, please feel free to contact Ryan or me.

Git HTTP Proxy Settings

To make git http traffic(only for proxied, run the following commands:

$ git config --global http.

Or for the socks5 proxy:

$ git config --global http. socks5://

It will modify the file ~/.gitconfig like this:

$ cat ~/.gitconfig                                                                        lennyp@vm-manjaro
        email =
        name = Lenny Peng
        rebase = false
        compression = 0
        postBuffer = 1048576000
        maxRequestBuffer = 100M
[http ""]
        proxy =

使用 git 命令时使用指定的 SSH 私钥

修改 ~/.ssh/config 文件,使其形如下面这样:

cat ~/.ssh/config
Host github-work
    IdentityFile ~/.ssh/id_rsa_work

Host github-personal
    IdentityFile ~/.ssh/id_rsa_personal

然后这样运行 git 命令:

git clone git@github-work:corporateA/webapp.git

就会使用 ~/.ssh/id_rsa_work 的私钥,而运行下面的 git 命令:

git clone git@github-personal:bob/blog.git

则会使用 ~/.ssh/id_rsa_personal 的私钥。

curl 永久代理

参考 Set Up cURL to Permanently Use a Proxy

由于许多软件项目在构建时,都会使用 Curl 下载依赖项,因此就要想办法配置 Curl 使用代理,简单的做法是创建一个 ~/.curlrc 文件,将代理写入到这个文件中:


OpenWRT 设置

主要使用 autosshpolipo 与 Web 代理自动发现,Web Proxy Auto-Discovery 协议。

  • autossh 用于从 SSH 隧道,建立 SOCKS5 端口。安装 autossh 后,会建立 /etc/init.d/autossh 服务,和 /etc/conf/autossh 配置文件。

  • polipo 用于将 SOCKS5 代理,转换为 HTTP 代理。

  • WPAD 通过 dnsmasq 的 DHCP 服务器通告选项

    list dhcp_option '252,'

    autoproxy.pac 文件提供给联网设备。


Last change: 2024-01-23, commit: 70630e4