I could connect to minio with duplicati-cli normally but couldn’t connect when proxy (http_proxy with IP,PORT, with and without Username,Password) configured in linux machine.
Here is the duplicati command(Version: - 2.0.5.1_beta_2020-01-18)
duplicati-cli test ‘s3://testbucket?s3-server-name=192.168.1.1%3A9000&s3-location-constraint=&s3-storage-class=&auth-username=minio&auth-password=minio&s3-ext-forcepathstyle=true’
Getting following error:
Fatal error => Error making request with Error Code ProxyAuthenticationRequired and Http Status Code ProxyAuthenticationRequired. No further error information was returned by the service.
What other tools work? If you have none, it looks like Using an HTTP proxy can get AWS CLI to do S3.
I don’t run a proxy, but I’d guess that common tools like curl could test a proxied web page fairly easily.
Why are you testing with and without username/password? If there’s an admin, ask for settings to use.
What proxy server is in use? Best Linux Proxy Server shows that there are many that you might be on.
You could test changing Client library to use to Minio SDK just to see if that helps. I don’t use S3.
Ultimately a network trace by tcpdump or wireshark can show the detailed interaction with proxy server. Proxy-Authenticate suggests that the server will also say what style of authentication it needs from you.
Thanks for the reply. I’m analyzing duplicati-cli commands by connecting to MinIO server. Trying to connect though HTTP_PROXY but its failing.
I could use wget command successfully with https_proxy. Ex: http_proxy=“http://test:test@192.168.1.45:3128/” wget http://askubuntu.com
But I couldn’t succeed with dulpicat-cli. So Im expecting help to use duplicati command with proxy.
I’m going to guess that proxies that require authentication aren’t supported, but I have no proxy so I played with nc -l -p <various> to first see that s3-ext-proxyport could make it do proxy-like things there. I saw this:
on fake proxy port 9001, which I guess is how it asks the proxy to go connect to port 9000 for actual get.
I’m not particularly familiar with proxies at the protocol level, but I’d guess you got a 401 error+challenge.
You’d have to run a network trace as suggested previously, if you want to see what it actually sent back. That information might be useful if you want to try the workaround I’ll give. It authenticates but with limits.
Are you a developer or highly technical? You posted this in Developer category, so I’ll go talk about code.
I didn’t write this, its author is rarely available, and developers tend to do more on Issues, which is where this might have to go as an enhancement request. There are lots of those in line, along with other issues.
Duplicati seems to query the third-party SDK from Amazon in order to find out what options it can accept:
Most options have pretty simple types that are accepted by the filter. You might say you just need a string for username, and a string for password. That was once the case, but it was deprecated, then obsoleted.
AmazonS3Config now has ProxyCredentials which means it takes a System.Net.ICredentials which isn’t one of the simple types that most things use and which Duplicati can deal with. I think the setting code is:
If you follow the code differently, or wish to do the enhancement yourself, pull requests can be submitted.
A workaround might be to configure Duplicati to use an Rclone destination, which appears to understand standard environment variables such as curl might use. I did see a 2019 note that it only does basic auth, however I have no idea what proxy server is in use and what sorts of authentication it could be looking for.