How do I configure Emacs behind an authenticated HTTP proxy?

Asked 6/5, 2010 at 17:53 Answered 9/9, 2013 at 11:26

There's another question that answers this though it doesn't specify anything regarding proxy authentication.

Its solution is

(setq url-proxy-services '(("no_proxy" . "work\\.com")
                           ("http" . "proxy.work.com:911")))

Basie answered 6/5, 2010 at 17:53 Comment(2)

Are you talking about in emacs/w3 then? That's what that answer is referring to – Ingulf 6/5, 2010 at 18:6

i am referring to elpa, that probably uses emacs/w3 – Basie 6/5, 2010 at 18:23

Nowadays, my approach to the "authenticated proxy problem" is to use CNTLM. It is portable, quite easy to configure and may be run as deamon.

Basie answered 29/3, 2011 at 13:37 Comment(3)

CNTLM has completely bypassed all of my previous http tunnel issues -- I have no complaints about it whatsoever. (On an authenticated proxy too) – Eiger 18/11, 2014 at 15:52

After struggling with all proxy configurations I could find, I have to say tools such as CNTLM, proxychains are the best solution so far. I really hope something could be done to make a unique working proxy setting in emacs. – Eckhart 26/11, 2015 at 6:22

doesn't cntlm need to control the ports? In which case it won't run in a corporate environment where the workstation is running a corporate firewall. – Unexceptional 8/1, 2018 at 13:56

I get authorization working without user interaction by:

(setq url-proxy-services
   '(("no_proxy" . "^\\(localhost\\|10.*\\)")
     ("http" . "proxy.com:8080")
     ("https" . "proxy.com:8080")))

(setq url-http-proxy-basic-auth-storage
    (list (list "proxy.com:8080"
                (cons "Input your LDAP UID !"
                      (base64-encode-string "LOGIN:PASSWORD")))))

This work for Emacs 24.3. It based on non-public API tricks, so might not work in anther Emacs versions...

Replace LOGIN and PASSWORD with your auth info...

Solly answered 9/9, 2013 at 11:26 Comment(9)

Works great. I wonder if there is a way to get it to ask for my password. – Assuntaassur 10/10, 2013 at 21:28

If I remember proper it ask about password if you only set url-proxy-services. In Emacs 24.x – Solly 11/10, 2013 at 7:56

Oh, man! I even want to donate you! I sit behind corporete firewall, and couldn't access to mepla, but now this solution works! – Belk 15/1, 2015 at 9:39

Also have a look at the emacs auth-source library which is part of emacs. It allows you to define a .authinfo.gpg file where you can specify protocols and addresses and the login/password. On the first attempt to access the resource with the specified protocol, emacs will prompt for your gpg key, which is used to open your authinfo file. From that point on, it will use the info in this file until you quit your session. Means you don't need to provide the password every time and as the passwords are protected by gpg, you can be failry confident they are secure – Scarron 24/11, 2015 at 0:38

@Tim I use ~/.authinfo (same as ~/.netrc) for Gnus, but don't known that Emacs may use ~/.authinfo as auth storage for HTTP proxy. Is that true? – Solly 24/11, 2015 at 8:6

how to fill the "LOGIN:PASSWORD" for an un-authencated proxy? – Eckhart 24/11, 2015 at 15:38

@Eckhart Simply don't use url-http-proxy-basic-auth-storage, or don't provide entry to your proxy.com:8080! – Solly 24/11, 2015 at 15:54

@Solly it will depend on the emacs library/mode you are using. For example, it hsould work for those emacs modes which use libraries that are auth-source aware. However, it probably won't work for something which just puts an elisp wrapper around a shell command i.e. browse-url will likely work, but a wrapper which calls curl probably won't – Scarron 25/11, 2015 at 5:43

Still works in Emacs 29.1 in 2024! – Intendancy 1/3 at 8:56

Well, if you really want to do this and do not mind using another program then ... socat is the answer. Use socat to forward a local port through to a connection passing through the http proxy. You are not bypassing it, just "bolting on" the functionality to an application that does not have it (in case anyone asks). This might be difficult.

Another solution that would work great if you are on a unixy OS is to install your own non-authenticating http proxy that uses the authenticating proxy (like squid). This might look like circumvention to some people. Be careful.

For example, take a look at Proxytunnel.

UPDATE: Mike Hoss seems to be correct in the comment he adds to the question linked to above. The URL package will ask for id and password. At least that is what I see in the defun for url-http-create-request in file url-http.el.

Uninspired answered 6/6, 2010 at 20:1 Comment(0)

In case anyone else hits what I've just struggled with:

If you use cntlm or some other local authenticating proxy, you may need to specify a loopback IP address rather than "localhost". I found "localhost" silently failed, but "127.0.0.1" worked a treat.

Shaughn answered 3/1, 2013 at 18:5 Comment(1)

This would make more sense as a comment to the answer than as an answer. – Basie 4/1, 2013 at 17:13

ELPA uses the "url" package. As far as I know, there is no way to do proxy authentication with it.

Can you set up your proxy auth outside of Emacs?

Rollandrollaway answered 26/5, 2010 at 15:30 Comment(2)

well, yes, in other programs (e.g. firefox) I can provide them my user name and password for a certain http proxy And everything goes fine... – Basie 26/5, 2010 at 16:48

After setting the proxy as described in the question text, ELPA is now asking for user/pw when updating the package list and can access the http repository via an authenticating proxy. [Emacs 24.3.1, Windows, Vincent Goulet's distribution] – Jitters 22/4, 2014 at 9:57

Recommended topics

Hot tags