Running behind corporate proxy

[ghost]

Hi,

It would appear IE's proxy settings are not made available to the BASH shell, is this by design?

This causes the APT process post the initial extraction of the subsystem to hang and thus the apt process must be killed to allow you to configure the username etc.

So what does this mean for the environment if anything?

As it is not in place there is no way to populate the apt.conf file with proxy information and the file does not exist even post configuring the user etc.

FYI : adding the configuration post user configuration an populating the proxy information apt work as desired, but the original issue obviously is still present.

Win 10.0.14393

Barry

[sunilmut]

@barryb20 - Thanks for your post and feedback. For future posts, please use the format in contributing.md.

Regarding this post, what browser proxy settings are you looking to extend to the bash shell, during installation?

[ag2307]

Yes, facing the same problem and unable to set the proxy on the shell and henceforth unable to use apt commands. Also apt.conf file is missing. It would be great if we could extend the system proxy or from a browser (ex: Chrome, Firefox or IE) to the bash shell.

[ghost]

@sunilmut The proxy configuration for the APT process to access the Ubuntu servers during initial setup. The linuxsubsystem is downloaded from the Store, extracted then hangs as the APT process is attempting to do something in the background.

@agrocks23 I did the steps below once I was in the BASH shell, Ihad to end task on APT post the initial file extraction pre the user configuration.
gksudo gedit /etc/apt/apt.conf
Add this line to your /etc/apt/apt.conf file (substitute your details for yourproxyaddress and proxyport).

Acquire::http::Proxy "http://yourproxyaddress:proxyport";

[ag2307]

@barryb20 But the problem is on my build, Windows bash doesn't have gedit , gksudo etc. resources pre-installed. Plus apt.conf file is missing from /etc/apt , so where to do my proxy settings.
Microsoft Windows [Version 10.0.14393]

[ghost]

@agrocks23 yeah it confused me too mate, you need to create it as a new file,

Try sudo nano apt.conf or if your really brave sudo vi apt.conf (it was so long since I used vi I had to Google the quit cmd lol I had it right but the wrong way round)

If no authentication required:

Acquire::http::Proxy "http://yourproxyaddress:proxyport";

Authentication required:

http_proxy=http://username:password@yourproxyaddress:proxyport

then save the file one you put your proxy settings in it.

Be warned however if your proxy needs authentication you will need to place your username and the password for said authentication in the apt.conf file and it is plain text.

Barry

[eliohann]

what's work for me :
Created a proxy.conf file in /etc/apt/apt.conf.d/
Inside this file i put :
Acquire::http::Proxy "http://myproxy:myproxyport";

[ghost]

@eliohann thanks, but unfortunately that doesn't resolve my initial configuration hang issue prior to the configuration of the username and password.

[sunilmut]

Thanks @barryb20. I have opened a bug on this.

[klauern]

I had this issue too, and it was worse than just not being able to run behind the proxy, but that I couldn't even install the distribution at all. I only happened to try this again while at home and found that it did work at that time. I wouldn't have been able to follow the suggestion on changing the apt.conf settings as @barryb20 did, because there wasn't any Bash on Ubuntu on Windows to even do that with.

[ghost]

@klauern Yeah I created a document for our Devs to let them know there is no issue on a none corporate (dirty) Internet connection, and to end the APT task when in the office.

It could be that your office proxy is blocking the Microsoft Store / Updates where it is pulling the shell down from. Check if either are blocked.

[JasonLinMS]

Hi everyone,
Please help answer a couple questions to help us resolve this issue:

1. In WSL, is it only APT that has trouble accessing the internet? Do the following commands work? wget www.microsoft.com curl www.microsoft.com
2. In Windows, if you have only set the IE proxy and not the systemwide proxy (winhttp), have you encountered Windows programs that do not respect the IE proxy settings and are thus unable to access the internet?

Thanks!

[klauern]

Hello @JasonLinMS

1. do wget and curl work

Just a couple tests on my end, but I unset my /etc/environment settings and tried curl and wget. It appears that without that set, my bash won't work for anything. For me, I have to have both the APT settings configured in apt.conf for apt / apt-get to work, as well as an /etc/environment/ for everything else:

wget timeouts

curl timeouts

2. Do other apps respect the IE proxy settings

Generally speaking, they do. The exception I've encountered is apps that were cross-compiled from Linux, but over time, I've seen that less and less as toolsets seem to add that hook or functionality in later versions. That said, I tend to spend a lot of my time looking for proxy configs when I see things not working immediately.

For my case, the biggest issue is just not being able to run the installer at all to get started without having to be outside of a proxy. I could probably get some kind of exception rule added with our security group's help, but I would need to know what to request ahead of time. From that point forward, however, I still have to own up to the fact that most/all of our Linux systems require a proxy configuration, and would require extra configuration (which could be handled by some kind of script and/or after-installation cookbook).

[JasonLinMS]

@klauern Thanks, for the failure to run the installer, do you know if the installer tarball is failing to download? Or if the tarball is downloaded and extracted, but the next step (running apt) fails to run. It should be easy to tell based on the messages in bash.exe during installation.

[sunilmut]

@JasonLinMS -

Thanks, for the failure to run the installer, do you know if the installer tarball is failing to download? Or if the tarball is downloaded and extracted, but the next step (running apt) fails to run.

Look at @barryb20 response above
@sunilmut The proxy configuration for the APT process to access the Ubuntu servers during initial setup. The linuxsubsystem is downloaded from the Store, extracted then hangs as the APT process is attempting to do something in the background.

[klauern]

@JasonLinMS - I don't believe the installer tarball is failing to download, but what I see is the following:

C:\Users\username>lxrun /install
-- Beta feature --
This will install Ubuntu on Windows, distributed by Canonical
and licensed under its terms available here:
https://aka.ms/uowterms

Type "y" to continue: y
Downloading from the Windows Store... 100%
Extracting filesystem, this will take a few minutes...

I think it's more that APT attempts to do some post-install configuration before you can get anywhere, and that is hanging up.

[JasonLinMS]

Thanks everyone for the comments.

1. For the case where the proxy settings need to be set inside WSL after installation, we consider that expected behavior since native Ubuntu requires that as well.
2. For the case where the WSL installation fails, @benhillis introduced the following mitigation measures in Insider build 14986 (will also be available in Creators Update)
   1. When your system locale is English, APT will not be run during WSL installation. This means that during installation, the only step using the network is the download of the WSL tarball and desktop shortcut icon from Azure.
   2. When your system locale is non-English, APT will be run during WSL installation to download additional Ubuntu language packs if you say yes at the prompt. A timeout of a few minutes has been added to stop running APT if the command hangs, such as due to no network access. The installation can then continue with prompting for user name and password after the timeout.

Let us know if there are any further issues with installation in Insider build 14986+.

[ghost]

Thanks @JasonLinMS we will download and test.

[luchsamapparat]

Setting proxy environment variables in /etc/environment doesn't work for me. They do not get picked up from what I see when running printenv. Is it neccessary to somehow restart the ubuntu instance? Or re-login? And if yes, how?

[aseering]

@luchsamapparat -- regarding getting a login shell, see #816

[luchsamapparat]

Thanks, that works when using ~/.profile

[diev]

I had problems to connect also. Moreover our corporate proxy uses the white list of allowed urls where I need to collect what this Ubuntu wants. And the latest solution to above listed was to set IPv4 only:

sudoedit /etc/apt/apt.conf.d/99force-ipv4

add this string into:

Acquire::ForceIPv4 "true";

[the-nose-knows]

Using the Ubuntu distro, this was my solution to get around my work proxy, as gleaned from various comments here and help on some Q&A sites like Ask Ubuntu:

cd /etc/apt/apt.conf.d
sudo nano proxy.conf

I then entered the following text (use your own proxy/port number). This did not work until including the semicolon.

Acquire::http::Proxy "http://proxy-address.com:PortNumber";

Then CTRL X to end the editing, Y to save, and ENTER to close out nano.

I could then run sudo apt-get update without issues.

If you're going to be using other tools/CLIs that use the internet, you'll probably need to do this too:

cd /etc
sudo nano environment

Then add the following two lines. If you don't have a special https-specific proxy, just re-use the http proxy.

export http_proxy=http://my-proxy.com:PortNumber
export https_proxy=http://my-proxy.com:PortNumber

Then exit your current terminal/console session and start a new one, and many apps checking for those env-vars will start using them ad-hoc.

[proskehy]

It would be nice if we could use WSL behind a NTLM proxy without tools like CNTLM, any chance of that ever happening?

[zod11]

@eliohann thanks, but unfortunately that doesn't resolve my initial configuration hang issue prior to the configuration of the username and password.

I just set up WSL using powershell only with this:
https://blogs.msdn.microsoft.com/commandline/2018/11/05/whats-new-for-wsl-in-the-windows-10-october-2018-update/

[thered121]

I was running into a similar issue behind a corporate proxy. I have CNTLM running on my machine and setup APT to route through it (adding Acquire::http:: to the apt.conf file). However I would get 404s trying to do apt installs and it was saying it couldn't find my CNTLM proxy (the IP[127.0.0.1:3128 404] error). I set the http_proxy environment variables and was able to verify wget and curl worked as expected and could retrieve files from archive.ubuntu.com . After much digging I came across this thread and the solution above from diev (ForceIPV4) fixed it.

[dragon1393]

I will provide my solution that works for me.
In WSL subsystem add file in /etc/apt/apt.conf with proxy setting

Acquire::http::Proxy "http://user:password@server_addr:port";
Acquire::https::Proxy "http://user:password@server_addr:port";

After that add another setting in ~/.wgetrc file
use_proxy = on
check_certificate = off
http_proxy = http://user:password@server_addr:port
https_proxy = http://user:password@server_addr:port
ftp_proxy = http://user:password@server_addr:port

After that try to install the visual studio code plugin for remote wsl.
It should work.

[pannonsystems]

Is there a way or any plan from Microsoft to not enter username and password into clear text files on WSL to use proxy with authentication (like it works on Windows)? It is extremely insecure and usually violates corporate security policies. So, it is not just dangerous, but can cost someone’s job.

[Leozartino]

Using the Ubuntu distro, this was my solution to get around my work proxy, as gleaned from various comments here and help on some Q&A sites like Ask Ubuntu:

cd /etc/apt/apt.conf.d sudo nano proxy.conf

I then entered the following text (use your own proxy/port number). This did not work until including the semicolon.

Acquire::http::Proxy "http://proxy-address.com:PortNumber";

Then CTRL X to end the editing, Y to save, and ENTER to close out nano.

I could then run sudo apt-get update without issues.

If you're going to be using other tools/CLIs that use the internet, you'll probably need to do this too:

cd /etc sudo nano environment

Then add the following two lines. If you don't have a special https-specific proxy, just re-use the http proxy.

export http_proxy=http://my-proxy.com:PortNumber export https_proxy=http://my-proxy.com:PortNumber

Then exit your current terminal/console session and start a new one, and many apps checking for those env-vars will start using them ad-hoc.

How do I check my proxy server and port on WSL2? Or do I need to create a proxy server with squid or something?

[kiraio-moe]

Using the Ubuntu distro, this was my solution to get around my work proxy, as gleaned from various comments here and help on some Q&A sites like Ask Ubuntu:

cd /etc/apt/apt.conf.d sudo nano proxy.conf

I then entered the following text (use your own proxy/port number). This did not work until including the semicolon.

Acquire::http::Proxy "http://proxy-address.com:PortNumber";

Then CTRL X to end the editing, Y to save, and ENTER to close out nano.

I could then run sudo apt-get update without issues.

If you're going to be using other tools/CLIs that use the internet, you'll probably need to do this too:

cd /etc sudo nano environment

Then add the following two lines. If you don't have a special https-specific proxy, just re-use the http proxy.

export http_proxy=http://my-proxy.com:PortNumber export https_proxy=http://my-proxy.com:PortNumber

Then exit your current terminal/console session and start a new one, and many apps checking for those env-vars will start using them ad-hoc.

Thanks, work like a charm ✨

[kiraio-moe]

After that add another setting in ~/.wgetrc file use_proxy = on check_certificate = off http_proxy = http://user:password@server_addr:port https_proxy = http://user:password@server_addr:port ftp_proxy = http://user:password@server_addr:port

You can also use:

export ALL_PROXY="protocol://address:port"
export all_proxy="protocol://address:port"

[OneBlue]

Hi ! Please try the AutoProxy setting that we've added in WSL. Those should greatly improve compatibility with VPN's.

If the issue still remains, please reopen this issue.