Linux Proxy Setup

Configuring a proxy on Linux involves setting environment variables for user sessions, configuring APT for package management, and specifying proxy settings for Systemd services to ensure all system components can access external networks through the proxy.

Many Linux environments operate behind corporate firewalls or require traffic routing through a proxy server for security, logging, or access control. Proper proxy configuration is critical for system functionality, including software updates, internet access for user applications, and background service communication. This article details the methods for configuring proxy settings across common Linux components.

Environment Variables

Shell environments and applications inheriting them often rely on standard environment variables for proxy configuration. These variables define the proxy server address for HTTP, HTTPS, and FTP traffic, as well as exceptions for direct connections.

Standard Proxy Environment Variables

• HTTP_PROXY: Proxy for HTTP connections.
• HTTPS_PROXY: Proxy for HTTPS connections.
• FTP_PROXY: Proxy for FTP connections.
• NO_PROXY: A comma-separated list of hostnames, IP addresses, or CIDR ranges that should bypass the proxy. Example: localhost,127.0.0.1,*.local,192.168.0.0/24.

These variables are case-sensitive in some contexts (e.g., wget often uses lowercase http_proxy, while others prefer uppercase HTTP_PROXY). It is common practice to set both uppercase and lowercase versions for broader compatibility.

Temporary Shell Session Configuration

To set proxy variables for the current shell session and any processes launched from it:

export HTTP_PROXY="http://proxy.example.com:8080"
export HTTPS_PROXY="http://proxy.example.com:8080"
export FTP_PROXY="http://proxy.example.com:8080"
export NO_PROXY="localhost,127.0.0.1,.example.com"

# For compatibility, also set lowercase versions
export http_proxy="http://proxy.example.com:8080"
export https_proxy="http://proxy.example.com:8080"
export ftp_proxy="http://proxy.example.com:8080"
export no_proxy="localhost,127.0.0.1,.example.com"

Replace proxy.example.com:8080 with your proxy server address and port. If authentication is required, include credentials: http://user:password@proxy.example.com:8080.

Persistent User-Specific Configuration

For proxy settings to persist across user login sessions, add the export commands to the user's shell profile file.

• Bash: ~/.bashrc or ~/.profile
• Zsh: ~/.zshrc

Example for ~/.bashrc:

# Proxy Settings
export HTTP_PROXY="http://proxy.example.com:8080"
export HTTPS_PROXY="http://proxy.example.com:8080"
export FTP_PROXY="http://proxy.example.com:8080"
export NO_PROXY="localhost,127.0.0.1,.example.com"
export http_proxy="http://proxy.example.com:8080"
export https_proxy="http://proxy.example.com:8080"
export ftp_proxy="http://proxy.example.com:8080"
export no_proxy="localhost,127.0.0.1,.example.com"

After modifying, source the file or log out and back in: source ~/.bashrc.

Persistent System-Wide Configuration

For system-wide proxy settings that affect all users and some system processes (though not all Systemd services directly), use /etc/environment or files in /etc/profile.d/.

/etc/environment

This file is read by PAM (Pluggable Authentication Modules) at login for all services and applications started by a login shell. It only supports KEY="value" syntax, without export.

HTTP_PROXY="http://proxy.example.com:8080"
HTTPS_PROXY="http://proxy.example.com:8080"
FTP_PROXY="http://proxy.example.com:8080"
NO_PROXY="localhost,127.0.0.1,.example.com"
http_proxy="http://proxy.example.com:8080"
https_proxy="http://proxy.example.com:8080"
ftp_proxy="http://proxy.example.com:8080"
no_proxy="localhost,127.0.0.1,.example.com"

Changes to /etc/environment typically require a reboot or re-login for new sessions to pick them up.

/etc/profile.d/

Scripts placed in /etc/profile.d/ are sourced by login shells. This is suitable for setting environment variables that require logic or export statements. Create a new file, e.g., /etc/profile.d/proxy.sh:

#!/bin/bash
export HTTP_PROXY="http://proxy.example.com:8080"
export HTTPS_PROXY="http://proxy.example.com:8080"
export FTP_PROXY="http://proxy.example.com:8080"
export NO_PROXY="localhost,127.0.0.1,.example.com"
export http_proxy="http://proxy.example.com:8080"
export https_proxy="http://proxy.example.com:8080"
export ftp_proxy="http://proxy.example.com:8080"
export no_proxy="localhost,127.0.0.1,.example.com"

Ensure the script is executable: sudo chmod +x /etc/profile.d/proxy.sh.

sudo and Proxy Variables

When using sudo, environment variables are often reset for security reasons. To preserve proxy settings for commands run with sudo:

1. Use sudo -E: This preserves the current environment variables.
   bash sudo -E apt update
2. Configure sudoers: Edit /etc/sudoers using sudo visudo and add/modify env_keep.
   Defaults env_keep += "HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY http_proxy https_proxy ftp_proxy no_proxy"
   This approach is generally safer than sudo -E for persistent system configurations.

APT (Advanced Package Tool)

APT, the package manager used by Debian-based distributions (e.g., Ubuntu), requires its own proxy configuration, separate from shell environment variables.

APT Proxy Configuration File

APT's proxy settings are defined in configuration files within /etc/apt/apt.conf.d/. Create a new file, e.g., /etc/apt/apt.conf.d/01proxy, with the following content:

Acquire::http::Proxy "http://proxy.example.com:8080/";
Acquire::https::Proxy "http://proxy.example.com:8080/";
# Acquire::ftp::Proxy "ftp://proxy.example.com:8080/"; # Uncomment if needed

Replace proxy.example.com:8080 with your proxy server address and port.

If the proxy requires authentication:

Acquire::http::Proxy "http://user:password@proxy.example.com:8080/";
Acquire::https::Proxy "http://user:password@proxy.example.com:8080/";

For hosts that should bypass the APT proxy, use Acquire::NoProxy:

Acquire::NoProxy "localhost,127.0.0.1,archive.ubuntu.com";

This is less commonly used than global NO_PROXY but can be specific for APT.

After creating or modifying the file, APT will automatically use these settings for subsequent operations (e.g., apt update, apt install). No service restart is required.

Systemd Services

Systemd manages system services and applications. Services launched by Systemd do not automatically inherit proxy environment variables set in shell profiles or /etc/environment. Each Systemd unit requiring proxy access must be configured explicitly.

Proxy for a Specific Systemd Service

To configure proxy settings for an individual Systemd service, create an override file. This is the recommended method to avoid directly modifying original unit files, which can be overwritten during package updates.

1. Create an override directory:
   bash sudo systemctl edit <service_name>
   This command opens an editor for /etc/systemd/system/<service_name>.service.d/override.conf.

2. Add proxy environment variables:
   Inside the editor, add the [Service] section and Environment directives:

   ini [Service] Environment="HTTP_PROXY=http://proxy.example.com:8080" \ "HTTPS_PROXY=http://proxy.example.com:8080" \ "NO_PROXY=localhost,127.0.0.1" Environment="http_proxy=http://proxy.example.com:8080" \ "https_proxy=http://proxy.example.com:8080" \ "no_proxy=localhost,127.0.0.1"
   Each Environment directive can contain multiple variables, separated by spaces within the quotes, or you can use multiple Environment lines. The \ is for line continuation in the override file.

3. Save and exit: Save the file. Systemd will automatically reload the daemon and prompt to restart the service. Confirm the restart. If not prompted, manually reload and restart:
   bash sudo systemctl daemon-reload sudo systemctl restart <service_name>

Global Systemd Proxy Configuration

For services that do not have specific proxy settings or for a system-wide default, configure proxy settings in Systemd's global environment. This affects all services that do not explicitly override these variables.

1. Create a directory for drop-in configurations:
   bash sudo mkdir -p /etc/systemd/system.conf.d/

2. Create a proxy configuration file:
   bash sudo nano /etc/systemd/system.conf.d/proxy.conf

3. Add proxy environment variables:
   ini [Manager] DefaultEnvironment="HTTP_PROXY=http://proxy.example.com:8080" DefaultEnvironment="HTTPS_PROXY=http://proxy.example.com:8080" DefaultEnvironment="NO_PROXY=localhost,127.0.0.1" DefaultEnvironment="http_proxy=http://proxy.example.com:8080" DefaultEnvironment="https_proxy=http://proxy.example.com:8080" DefaultEnvironment="no_proxy=localhost,127.0.0.1"

4. Reload Systemd daemon and restart services:
   bash sudo systemctl daemon-reload sudo systemctl restart --all # Use with caution, restarts all user and system services
   A full system reboot is often the safest way to ensure all services pick up these global changes.

Verification

After configuring proxy settings, verify their effectiveness:

• Environment Variables:
  bash env | grep -i proxy
• APT:
  bash apt config dump | grep -i proxy
  Attempt an update: sudo apt update.
• General Network Access:
  bash curl -v http://ifconfig.me
  The output should show the proxy server's IP address if traffic is routed through it, or your external IP if NO_PROXY is effective.
• Systemd Service: Check the service status and logs for connectivity issues.
  bash sudo systemctl status <service_name> sudo journalctl -u <service_name>
  You can also inspect the environment of a running service process. Find the PID of the service, then:
  bash sudo cat /proc/<PID>/environ | tr '\0' '\n' | grep -i proxy

Comparison of Proxy Configuration Methods

Method	Scope	Persistence	Affected Components	Configuration Example
Shell Environment (Temporary)	Current shell session	No	Commands launched from current shell	export HTTP_PROXY="..."
User Profile (~/.bashrc)	User's login sessions	Yes	User applications, shell commands	Add export lines to ~/.bashrc
System-wide (/etc/environment)	All login sessions, some system processes	Yes	Login shells, some applications (non-Systemd)	HTTP_PROXY="..." in /etc/environment
System-wide (/etc/profile.d/)	All login shells	Yes	Login shells, applications launched from them	Script with export lines in /etc/profile.d/
APT (/etc/apt/apt.conf.d/)	APT package manager only	Yes	apt, apt-get, aptitude	Acquire::http::Proxy "..."; in 01proxy
Systemd Service Override (override.conf)	Specific Systemd unit	Yes	One Systemd service	Environment="..." in /etc/systemd/system/<service>.service.d/override.conf
Global Systemd (system.conf.d/)	All Systemd services (default)	Yes	All Systemd services unless overridden	DefaultEnvironment="..." in /etc/systemd/system.conf.d/proxy.conf