这是在 VirtualBox VM 中安装 Ubuntu 13.04 Desktop 的步骤。我使用 HTTP 代理 xyz251:9090 连接公司网络。我已使用自动配置脚本配置了客户操作系统,因此 Firefox 运行正常,但我无法使用代理让“apt-get”或“Ubuntu Software Center”进行连接。
我创建了文件“/etc/apt/apt.conf”,它现在包含一行文本:
Acquire::http:Proxy "http://x.y.z.251:9090"
这就是我在“系统设置/网络/网络代理”中指定并应用于整个系统的 proxy.pac 文件。
当我使用 Firefox 时,数据包跟踪显示 TCP 连接是通过端口 9090 上的公司代理完成的,当我运行“Ubuntu 软件中心”和“apt-get”时,数据包跟踪显示具有最终目标 IP 地址和端口 80 的 TCP SYN 数据包。当然,SYN 数据包没有响应,因为公司防火墙阻止端口 80 上的 TCP 连接进出。
在终端窗口中使用“sudo apt-get”,我总是看到:
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/main Translation-en_US
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/main Translation-en
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/restricted Translation-en_US
Ign cdrom://Ubuntu 13.04 _Raring Ringtail_ - Release amd64 (20130424) raring/restricted Translation-en
Err http://extras.ubuntu.com raring Release.gpg
Could not connect to extras.ubuntu.com:80 (91.189.92.152), connection timed out
Err http://archive.canonical.com raring Release.gpg
Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80]
Err http://us.archive.ubuntu.com raring Release.gpg
Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
Err http://us.archive.ubuntu.com raring-updates Release.gpg
Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
Err http://us.archive.ubuntu.com raring-backports Release.gpg
Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
59% [Connecting to security.ubuntu.com (91.189.91.14)]
最终,我看到了:
Err http://security.ubuntu.com raring-security Release.gpg
Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]
Reading package lists... Done
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/raring/Release.gpg Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/raring-updates/Release.gpg Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/raring-backports/Release.gpg Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::14). - connect (101: Network is unreachable) [IP: 2001:67c:1562::14 80]
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/raring-security/Release.gpg Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]
W: Failed to fetch http://archive.canonical.com/ubuntu/dists/raring/Release.gpg Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80]
W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/raring/Release.gpg Could not connect to extras.ubuntu.com:80 (91.189.92.152), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.
我根本不确定我做错了什么。
---更新----我也尝试过:
Acquire::http:proxy "http://user:[email protected]:9090/"
当然,“xyz” 是占位符;我怀疑我雇主的安全人员是否会对我发布实际数字表示友好。我在数据包跟踪中没有看到任何差异——“apt-get” 仍在使用真实 IP 地址和端口 80。我在 apt.conf 文件中犯了一个故意的错误,“apt-get” 退出时出现错误,因此我确信它看到了代理的此配置行,但它似乎没有遵守它。
我使用“NAT”网络连接,因为在网络之间架设桥梁违反了 IT 政策,而 DHCP 服务器只向已知的 MAC 地址提供地址。我不希望 IT 安全部门再次来敲我的电脑。
答案1
根据我过去的经验,Ubuntu(GNOME)总体上与PAC(自动配置)配合得不是很好。Pac(代理自动配置)基本上是JavaScript逻辑,用于确定最接近或最合适的代理,我强烈推荐直接使用代理服务器(在您的情况下是网络 - 网络代理)。
需要检查的几件事
检查你的 /etc/apt/apt.conf
网络 - 网络代理 GUI 将/etc/apt/apt.conf在那里更新并设置代理信息。
从 pac 中查找代理服务器信息
proxy.pac无论如何,您可以通过阅读文件来找到详细信息。
所以/etc/apt/apt.conf应该如下所示(假设代理服务器是 => proxy.company.com 端口 80),不要使用 pac URL。
Acquire::http::proxy "http://proxy.company.com:80/";
Acquire::https::proxy "https://proxy.company.com:80/";
Acquire::ftp::proxy "ftp://proxy.company.com:80/";
注意:如果 apt 配置文件中未指定代理,
apt-get则将恢复到http_proxy环境变量。
从 apt.conf 手册页,回应@Braiam 的评论
http
HTTP URIs; http::Proxy is the default http proxy to use. It is in
the standard form of http://[[user][:pass]@]host[:port]/. Per host
proxies can also be specified by using the form http::Proxy::<host>
with the special keyword DIRECT meaning to use no proxies. If no
one of the above settings is specified, http_proxy environment
variable will be used.
检查代理环境变量
您可以通过在终端中运行以下命令来检查代理设置
echo $http_proxy
echo $https_proxy
echo $ftp_proxy
如果您正确设置了环境变量,您应该能够在 CLI 中更新。
首选 IPv4
我注意到apt-get尝试使用其 ipv6 地址连接到更新服务器。这可能会引发问题(有时 IPV6 地址会过期或更改)。
您可以编辑/etc/gai.conf并添加precedence ::ffff:0:0/96 100优先使用 ipv4 而不是 ipv6 的选项。
更多细节
答案2
我相信我也遇到过这个问题,答案很简单。语法很关键。它必须看起来像这样:
Acquire::http::Proxy "http://x.y.z.251:9090";
(有一个额外的“:”和一个终止“;”)
答案3
@Braiam
我认为最好先单独回答一下以澄清一些事情。
我使用 Vagrant 和防火墙后面的 Ubuntu 13.04 Raring x86_64 VM 进行了快速测试。
apt-get 版本是0.9.7.7ubuntu4
root@raring:~# apt-get --version
apt 0.9.7.7ubuntu4 for amd64 compiled on Apr 12 2013 23:49:05
Supported modules:
*Ver: Standard .deb
*Pkg: Debian dpkg interface (Priority 30)
Pkg: Debian APT solver interface (Priority -1000)
S.L: 'deb' Standard Debian binary tree
S.L: 'deb-src' Standard Debian source tree
Idx: Debian Source Index
Idx: Debian Package Index
Idx: Debian Translation Index
Idx: Debian dpkg status file
Idx: EDSP scenario file
更新:它在 Precise 12.04.3 上以同样的方式工作
root@support:/etc/apt# uname -a
Linux support 3.8.0-30-generic #44~precise1-Ubuntu SMP Fri Aug 23 17:33:45 UTC 2013 i686 i686 i386 GNU/Linux
root@support:/etc/apt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.3 LTS
Release: 12.04
Codename: precise
root@support:/etc/apt# apt-get --version
apt 0.8.16~exp12ubuntu10.14 for i386 compiled on Sep 8 2013 03:26:42
第一步——清除 apt 配置文件
我清除了 中的代理设置/etc/apt/apt.conf。我还ack扫描了ag所有文件和子目录,/etc/apt以确保 apt 配置文件中没有设置代理。
默认情况下{http_proxy,https_proxy,ftp_proxy}未设置环境变量。
apt-get 无法连接到更新服务器。
root@raring:~# apt-get -o Debug::Acquire::http=true update
0% [Connecting to au.archive.ubuntu.com (202.158.214.106)] [Connecting to security.ubuntu.com (91.189.91.13)] [Connecting to ppa.launchpad.net (91.189.95.83)]
第二步-设置环境变量
只需设置代理变量
export {http_proxy,https_proxy,ftp_proxy}="http://10.xxx.xxx.231:80"
apt-get 现在可以连接了!
查看调试输出(这是我从未尝试过的)。
root@raring:~# apt-get -o Debug::Acquire::http=true update
0% [Working]GET http://security.ubuntu.com/ubuntu/dists/raring-security/Release.gpg HTTP/1.1
Host: security.ubuntu.com
Cache-Control: max-age=0
User-Agent: Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)
GET http://au.archive.ubuntu.com/ubuntu/dists/raring/Release.gpg HTTP/1.1
Host: au.archive.ubuntu.com
Cache-Control: max-age=0
User-Agent: Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)
GET http://ppa.launchpad.net/git-core/ppa/ubuntu/dists/raring/Release.gpg HTTP/1.1
Host: ppa.launchpad.net
Cache-Control: max-age=0
User-Agent: Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)
HTTP/1.1 200 OK
Date: Fri, 27 Sep 2013 12:12:20 GMT
ETag: "16e20bb4-3a5-4db2e154a1dc0"
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Accept-Ranges: bytes
Last-Modified: Thu, 25 Apr 2013 11:54:39 GMT
Content-Length: 933
Proxy-Connection: Keep-Alive
Get:1 http://au.archive.ubuntu.com raring Release.gpg [933 B]
0% [1 Release.gpg 0 B/933 B 0%] [Waiting for headers] [Waiting for headers]GET http://au.archive.ubuntu.com/ubuntu/dists/raring-updates/Release.gpg HTTP/1.1
Host: au.archive.ubuntu.com
Cache-Control: max-age=0
User-Agent: Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)
99% [Waiting for headers] [Waiting for headers]HTTP/1.1 200 OK
Date: Fri, 27 Sep 2013 12:12:20 GMT
ETag: "16e20ee7-3a5-4e7594ace9200"
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Accept-Ranges: bytes
Last-Modified: Fri, 27 Sep 2013 08:30:00 GMT
Content-Length: 933
Proxy-Connection: Keep-Alive
Get:2 http://au.archive.ubuntu.com raring-updates Release.gpg [933 B]
50% [2 Release.gpg 0 B/933 B 0%] [Waiting for headers] [Waiting for headers]GET http://au.archive.ubuntu.com/ubuntu/dists/raring-backports/Release.gpg HTTP/1.1
Host: au.archive.ubuntu.com
Cache-Control: max-age=0
User-Agent: Debian APT-HTTP/1.3 (0.9.7.7ubuntu4)
100% [Waiting for headers] [Waiting for headers]HTTP/1.1 200 OK
Date: Fri, 27 Sep 2013 12:12:21 GMT
ETag: "16e0083d-3a5-4e6844f477fc0"
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Accept-Ranges: bytes
Last-Modified: Mon, 16 Sep 2013 18:24:07 GMT
Content-Length: 933
Proxy-Connection: Keep-Alive
Get:3 http://au.archive.ubuntu.com raring-backports Release.gpg [933 B]
67% [3 Release.gpg 0 B/933 B 0%] [Waiting for headers] [Waiting for headers]HTTP/1.1 200 OK
Date: Fri, 27 Sep 2013 12:12:20 GMT
ETag: "3a5-4e75c5d969600"
Server: Apache/2.2.22 (Ubuntu)
Expires: Fri, 27 Sep 2013 13:05:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3159, s-maxage=3300, proxy-revalidate
Last-Modified: Fri, 27 Sep 2013 12:10:00 GMT
Content-Length: 933
Proxy-Connection: Keep-Alive
......
第三步-取消设置环境变量
取消设置环境变量 =>unset {http_proxy,https_proxy,ftp_proxy}
现在 apt-get 无法连接。
结论
正如所说man apt.conf的,如果没有设置 http::Proxy,http_proxy则将使用环境变量。
顺便提一句:我也是 Arch Linux 用户。Pacman 的工作方式类似,如果我不使用wget或curl使用代理pacman.conf,它将使用 `{http_proxy,https_proxy,ftp_proxy}' 环境变量。
更新
sudo不保留环境变量。这就是sudo apt-get update失败的原因。要解决该问题(保留代理环境变量),请使用sudo -E apt-get update。
答案4
触摸 /etc/apt/apt.conf && sudo vi etc/apt/apt.conf
获取::http:proxy”http://用户:[电子邮件保护]:80/“;获取::https:proxy”https://用户:[电子邮件保护]:80/“;
替换 xyz00:80 -->> 您的代理 URL 或 IP