https-proxy | https/http proxy , with Basic Authentication | Proxy library

I'm not familiar with the SMTP feature of curl, but I know quite a bit about SMTP. curl apparently failed to authenticate. I haven't found a documentation about which authentication mechanisms it supports, but GSSAPI doesn't seem to be one of them (at least not with the options that you specified). (I know nothing about GSSAPI either.)

My guess about what went wrong is that you're not using TLS with curl (STARTTLS is still listed as one of the supported extensions). What I take from this documentation is that you should either specify --ssl or --ssl-reqd, or change smtp to smtps (smtps://mymailserver.com), which switches from Explicit TLS to Implicit TLS. The list of supported authentication mechanisms often changes once TLS is enabled and will likely include PLAIN afterwards.

It seems the solution inside the code is:

Looks like you found an phosphor-webui openbmc recipe issue.

The text "Attempting to disable network" comes from here which was changed 8 days ago by this. So lets check upstream to see if there is a fix in review. I don't see any changes to open bmc recipes here

You should be able to do one of three things

1. remove phosphor-webui from you image, and build without it. Just remove phosphor-webui from you machine conf, and use webui-vue instead.
2. Roll you openbmc repo back 18 days and build before it the breaking change. git checkout ca2f10c
3. Fix the recipe and make everyone's life better. It looks like you need change the Datastore Variables. Something like d.setVar(network, "true") in the recipe file. (if that works send in a patch)

Discord and eMail are the perfered ways of reaching out to the openbmc community. Let us know how it goes and if you have anymore issues.

Caused by ProxyError('Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy',

It says that you can try using HTTP on the URL. But the search library that you are using, I don't see any options for changing the protocol........

Managed Certificates only work with L7 (HTTP) LoadBalancer not with TCP ones.

My understanding is you want to use nginx as an Ingress controller on GKE but you want to expose it behind an L7 LoadBalancer so you can use Google Managed Certificates ?

Proxy configuration for boto3 is described here.

Passing username and password is not documented, however if you look at the underlying code (httpsession.py), it will extract username and password from a URL like https://username:password@example.com:443, and insert a Proxy-Authorization header using basic auth.

If that works with your company, you should be OK. However, some proxies require a different authorization method, and this will fail.

In that case will need to discuss your company's exact proxy mechanism with your IT group. They may suggest work-arounds, such as running your own proxy to handle authentication. Or they may permit you to use a cloud development tool that avoids the use of proxies.

I mention this because your deployment environment -- whether cloud or a local data center -- probably doesn't use an authenticating proxy. Which means that code written with the expectation of such a proxy won't work in a production deployment.

I solved it now.

I used django with Django REST framework as the backend, which uses urls with a trailing slash as the default. When I opened the page in the browser it worked without a slash as well, because I was automatically forwarded. That forward did not work over the proxy because the response sent from localhost:8000 has the location set to /endpoint/ which always resulted in the localhost:4200.

I fixed it by removing the trailing slash in the urls.py:

See this answer from Ask Different, shamelessly reposted below:

OpenSSL on macOS does not use the system keychain (which makes sense as it's a cross platform library) but rather has its own .pem file containing its root certificates. Even though my systems have a newer version of OpenSSL installed using homebrew and/or MacPorts, the system-wide OpenSSL pem file located at /etc/ssl/cert.pem was out of date and did not include the ISRG Root X1 certificate.

The solution:

1. Rename /etc/ssl/cert.pem to something else. (I suggest /etc/ssl/cert.pem.org)
2. Download the latest cacert.pem from https://curl.se/docs/caextract.html
3. Rename it to cert.pem
4. Copy it to /etc/ssl/cert.pem

Now curl and any other app using OpenSSL can access websites signed using current Let's Encrypt certificates.

Alternatively, the MacPorts package curl-ca-bundle installs a .pem file containing ISRG Root X1 to /opt/local/etc/openssl/cert.pem which can be used as well.

Other possible solutions:

• Manually add the ISRG Root X1 certificate to /etc/ssl/cert.pem
• Configure OpenSSL to use a different .pem file for its root certificates, such as /opt/local/etc/openssl/cert.pem

(Another possible solution is to use curl's -k/--insecure flag.

After lots of frustration it became apparent that the problem was once again in front of the computer. The following option in my git config was the culprit: