Tuesday, September 16, 2014

git, npm, bower and corporate proxies

Sometimes, when you work behind evil corporate proxy (that is, evil proxy, not evil corporation), you can run into some connection problems using git or npm or bower or similar open-source instruments. For example, Download of https://github.com/some/package/archive/v0.1.9.tar.gz failed with ECONNRESET, retrying in 1.2s, or fatal: unable to access 'https://github.com/mikeric/rivets.git/': Failed connect to github.com:443; No error. This is all caused by corporate proxies, especially with AD authentication ones.

You need up to 4 pieces of information to set up proxies in mentioned software:

  • Proxy domain
  • Proxy port
  • If your proxy needs AD authentication, you need your domain login
  • and domain password

In latter case you may need also AD domain name.

All following configs are storing your passwords in non-encrypted plain text files. So it'll be good idea (well, it always is) to use latest AV/firewall software and/or use some kind of disk encryption.

< and > are not the part of config, they're just markers.

.gitconfig

My .gitconfig looked like this:

[http]
 proxy = http://<AD>\\<AD username>:<AD password>@<proxy domain>:<proxy port>
[https]
 proxy = http://<AD>\\<AD username>:<AD password>@<proxy domain>:<proxy port>

Note \\ separating AD domain and AD username. This config allowed me to git clone over https protocol.

.npmrc

registry = http://registry.npmjs.org/
proxy = http://<AD>%5C<AD username>:<AD password>@<proxy domain>:<proxy port>

Note that \ is URL-encoded here and that you need to change default repository address to http version (instead of https).

.bowerrc

My .bowerrc was tricky:

{
 "proxy": "http://<AD>%5C<AD username>:<AD password>@<proxy domain>:<proxy port>/",
 "https-proxy": "http://<AD>%5C<AD username>:<AD password>@<proxy domain>:<proxy port>/",
 "registry": "http://bower.herokuapp.com",
 "strict-ssl": false
}

Note "strict-ssl": false option, http:// in https-proxy value, registry change to non-https (like in .npmrc) and trailing slash after proxy port number.