Poxy Proxy

I've been wrestling a number of our applications onto a poxy proxy web server to connect out to the web, as our network crew have our server currently behind a firewall that has all outgoing ports closed. I thought I'd note a couple of the tricks I've learnt in the process.

To set an environment variable globally across all users in Red Hat (and I imagine therefore CentOS):

The script /etc/profile does a bunch of setup and in doing so calls each *.sh script in /etc/profile.d/ - this is is where to globally set environment variables. Stick a shell script in there, containing something like:

!#/bin/bash
export http_proxy=http://example.com:8080


And then source the /etc/profile script:

$ . /etc/profile

And it will run that script for each shell, setting the http_proxy environment variable in each.

Nifty.

Not that this helped me, particularly, as none of our applications reference this variable. Instead, we had to deal with each individually to point it at the proxy server, at which point I found SELinux blocked them from making the connection. To stop that happening I had to, as root, set the SELinux boolean variable http_can_network_connect to true, like this:

$ sudo setsebool httpd_can_network_connect=1

As you might imagine, working all this out simply to go off and grab an RSS feed or two was a bit irksome, and as we will be trialling various applications on the server we really need to be able to open specified ports.