Hi all. Welcome back to part 2 of the network configuration series.
In this blog I will advise how to apply some proxy settings to your network locations
In last month’s bash scripting blog, we created a new network location called “Home”, auto populated it with the available network interfaces, switched to it and deleted the “Automatic” location. This was using the below combination of commands:
networksetup –createlocation "Home" populate networksetup –switchtolocation "Home" networksetup –deletelocation "Automatic"
Additionally, I will create another location called “Office” (to apply the proxy settings to) and switch to this location with the below commands:
networksetup –createlocation "Office" populate networksetup –switchtolocation "Office"
Now let’s apply some settings.
Adding HTTP proxies
The command used to add the HTTP proxies is “networksetup –setwebproxy”. The man page for “networksetup” shows the following for “setwebproxy”
The options translate to:
- “networkservice” – This is the physical interface. For example “Wi-fi”, “Airport”, “Ethernet”, “Ethernet 2” and “Thunderbolt-Ethernet” are all valid examples.
- “domain” – This is the IP or DNS address HTTP requests should be forwarded to, the proxy server address.
- “portnumber” – This is the port number to be used for the proxy server.
- “authenticated” – If the proxy requires authentication, and you want to input it now, this should be turned on. The only valid options are “on” or “off”.
- “username” – Authenticated needs to be on. This should be the username to be authenticated with.
- “password” – Authenticated needs to be on. This should be the password to be authenticated with.
Please Note: The last three options only work with the currently logged in user and will not work system wide through this method.
To set a HTTP proxy of “proxy.amsys.co.uk” on port “8080” on the Ethernet interface, you would use:
networksetup –setwebproxy "Ethernet" "proxy.amsys.co.uk" "8080"
To set a HTTP proxy of “proxy.google.com” on port “8888” on the Wi-Fi interface, along with authentication of “darren” with the password “123” you would use (this is all on one line):
networksetup –setwebproxy "Wi-Fi" "proxy.google.com" "8888" "on" "darren" "123"
Adding HTTPS proxies
The setting of the HTTPS proxy details is the same as for HTTP, but instead of using “-setwebproxy” you need to use “-setsecurewebproxy”.
For example, to set the same proxies on HTTPS as the first HTTP example, you would use:
networksetup –setsecurewebproxy "Ethernet" "proxy.amsys.co.uk" “8080"
To set the same proxies on HTTPS as the second HTTP example, you would use (this is all on one line):
networksetup –setsecurewebproxy "Wi-Fi" "proxy.google.com" "8888" "on" "darren" "123"
The “networksetup” tool details many options for setting proxies on other protocols, such as:
- FTP – -setftpproxy
- Streaming – -setstreamingproxy
- Gopher – -setgopherproxy
- SOCKS – -setsocksfirewallproxy
These all operate on the same general usage of “interface” “address” “port” “authentication” “username” “password” as HTTP detailed above.
Points to note
When running these commands, they work on the current network location, hence why we switched to the “Office” location before running these commands.
Also, as mentioned above, setting the authentication will add the provided details into the currently logged in user’s Keychain. To add these to the system, the keychain item/s need to be copied into the System Keychain using Keychain Utility (/Applications/Utilities/) or scripted using the “security” command line tool.
Finally, as each proxy setting is tied to an interface, you will need to repeat your commands for each required physical or virtual interface.
I hope that this has given you some starting points or ideas on configuring your proxies using the command line, scripts or payload-free packages. Next time, I will go through adding exceptions to the proxies, and then tying it up into a single script, that can be added to a payload free installer or ran on first boot of a new machine.
Any hints, tips or opinions? Let us know in the comments below and I’ll try to respond to as many as I can.