-
-
Save naderman/377e40c1c76e0fe8b905c1a333c4112a to your computer and use it in GitHub Desktop.
<?php | |
error_reporting(E_ERROR); | |
@ini_set('display_errors', 'Off'); | |
echo "Unencrypted HTTP "; | |
check('http://packagist.org/packages.json', false); | |
echo "\nEncrypted HTTPS "; | |
check('https://packagist.org/packages.json', true); | |
echo "\n"; | |
function check($url, $ssl) { | |
foreach (array(false, true) as $fulluri) { | |
$httpRes = file_get_contents($url, false, createContext($url, $ssl, $fulluri)); | |
echo $fulluri ? 'FULL-' : 'PATH-'; | |
echo strpos($httpRes, 'provider-includes') !== false ? 'OK ' : 'FAIL '; | |
} | |
} | |
function createContext($url, $ssl, $fulluri) | |
{ | |
$options = array('http' => array( | |
)); | |
if (PHP_SAPI === 'cli' && (!empty($_SERVER['HTTP_PROXY']) || !empty($_SERVER['http_proxy']))) { | |
$proxy = parse_url(!empty($_SERVER['http_proxy']) ? $_SERVER['http_proxy'] : $_SERVER['HTTP_PROXY']); | |
echo 'HTTP_PROXY '; | |
} | |
if (!empty($_SERVER['CGI_HTTP_PROXY'])) { | |
$proxy = parse_url($_SERVER['CGI_HTTP_PROXY']); | |
echo 'CGI_HTTP_PROXY '; | |
} | |
if (preg_match('{^https://}i', $url) && (!empty($_SERVER['HTTPS_PROXY']) || !empty($_SERVER['https_proxy']))) { | |
$proxy = parse_url(!empty($_SERVER['https_proxy']) ? $_SERVER['https_proxy'] : $_SERVER['HTTPS_PROXY']); | |
echo 'HTTPS_PROXY '; | |
} | |
if (!empty($_SERVER['NO_PROXY']) || !empty($_SERVER['no_proxy']) && parse_url($url, PHP_URL_HOST)) { | |
echo 'NO_PROXY '; | |
} | |
if (!empty($proxy)) { | |
$proxyURL = isset($proxy['scheme']) ? $proxy['scheme'] . '://' : ''; | |
$proxyURL .= isset($proxy['host']) ? $proxy['host'] : ''; | |
if (isset($proxy['port'])) { | |
$proxyURL .= ":" . $proxy['port']; | |
} elseif ('http://' == substr($proxyURL, 0, 7)) { | |
$proxyURL .= ":80"; | |
} elseif ('https://' == substr($proxyURL, 0, 8)) { | |
$proxyURL .= ":443"; | |
} | |
$proxyURL = str_replace(array('http://', 'https://'), array('tcp://', 'ssl://'), $proxyURL); | |
if (0 === strpos($proxyURL, 'ssl:') && !extension_loaded('openssl')) { | |
throw new \RuntimeException('You must enable the openssl extension to use a proxy over https'); | |
} | |
$options['http']['proxy'] = $proxyURL; | |
$options['http']['request_fulluri'] = $fulluri; | |
if ('https' === parse_url($url, PHP_URL_SCHEME)) { | |
$options['ssl']['SNI_enabled'] = true; | |
if (PHP_VERSION_ID < 50600) { | |
$options['ssl']['SNI_server_name'] = parse_url($url, PHP_URL_HOST); | |
} | |
} | |
if (isset($proxy['user'])) { | |
$auth = urldecode($proxy['user']); | |
if (isset($proxy['pass'])) { | |
$auth .= ':' . urldecode($proxy['pass']); | |
} | |
$auth = base64_encode($auth); | |
$options['http']['header'] = array("Proxy-Authorization: Basic {$auth}"); | |
} | |
} | |
$options['http']['header'][] = 'User-Agent: Proxy-Test'; | |
uasort($options['http']['header'], function ($el) { | |
return preg_match('{^content-type}i', $el) ? 1 : -1; | |
}); | |
return stream_context_create($options); | |
} |
Unencrypted HTTP PATH-OK FULL-OK Encrypted HTTPS PATH-OK FULL-OK
Unencrypted HTTP PATH-FAIL FULL-FAIL Encrypted HTTPS PATH-OK FULL-OK
Unencrypted HTTP PATH-OK FULL-OK Encrypted HTTPS PATH-OK FULL-OK
at my customer, when using cntlm:
Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-FAIL HTTP_PROXY NO_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-FAIL HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-FAIL
If I add a tinyproxy in front, and always configure it to add the Connection: keep-alive
header, I get this result:
Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-OK HTTP_PROXY NO_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-OK
On centos7.6.1810
I am trying to build a tool as a non-interactive user via sudo without success and it led me to this test. Most other build tools and components seem to grab my proxy settings or allow me to specify them via the direct command line as an option. I haven't cracked Composer though.
variables
$SUDO_WWW = sudo -H -u apache
$RUN_PHP = /usr/bin/scl enable rh-php72
With proxy set for normaluser in .bash_profile, .gitconfig, .curlrc
[normaluser@mybox somedir]$ $RUN_PHP "php proxy-test.php"
Unencrypted HTTP HTTP_PROXY PATH-OK HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-FAIL HTTP_PROXY HTTPS_PROXY FULL-FAIL
With proxy set for builduser in .gitconfig, .curlrc
[builduser@mybox somedir]$ $SUDO_WWW $RUN_PHP "php proxy-test.php"
[sudo] password for builduser:
Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-FAIL FULL-FAIL
Unencrypted HTTP PATH-FAIL FULL-FAIL Encrypted HTTPS PATH-FAIL FULL-FAIL
Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-FAIL FULL-FAIL
@tlay never saw this, but if still relevant, as per your output the HTTP_PROXY/HTTPS_PROXY env vars are not actually set for builduser at all, so no way for Composer to use them.
@juank537 @juliocapuano you do not seem to have any HTTP_PROXY/HTTPS_PROXY environment variables set up, so no proxy can be used.
Unencrypted HTTP HTTP_PROXY PATH-FAIL HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY FULL-OK
Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-OK FULL-OK
For me only :
Unencrypted HTTP PATH-FAIL
Unencrypted HTTP PATH-OK FULL-OK
Encrypted HTTPS PATH-FAIL FULL-FAIL
Received this elsewhere:
Unencrypted HTTP HTTP_PROXY PATH-OK HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY FULL-FAIL