Ssl
python get-pip.py 在代理後面不起作用
我在嘗試執行試圖使用以下命令獲取的devstack時遇到問題我添加了詳細參數
pip
sudo -H -E python /opt/stack/devstack/files/get-pip.py -c /opt/stack/devstack/tools/cap-pip.txt --verbose
我得到了這個輸出,它永遠掛在那裡,然後再嘗試四次並退出。
Created temporary directory: /tmp/pip-ephem-wheel-cache-WNf2he Created temporary directory: /tmp/pip-req-tracker-YNDzMb Created requirements tracker '/tmp/pip-req-tracker-YNDzMb' Created temporary directory: /tmp/pip-install-qbbm3e Setting pip!=8,<10 (from -c /opt/stack/devstack/tools/cap-pip.txt (line 1)) extras to: () Collecting pip!=8,<10 (from -c /opt/stack/devstack/tools/cap-pip.txt (line 1)) 1 location(s) to search for versions of pip: * https://pypi.org/simple/pip/ Getting page https://pypi.org/simple/pip/ Looking up "https://pypi.org/simple/pip/" in the cache No cache entry available Starting new HTTPS connection (1): pypi.org:443
我的機器坐在代理後面,它使用白名單來允許一些域名,這些域名是允許的。
# python .pypa.io .python.org .pypi.org .pythonhosted.org
我們也使用我們自己的證書
我可以使用 curl 獲取頁面,
curl -v pypi.org:443
但這是我使用詳細模式獲得的輸出。* Rebuilt URL to: www.pypi.org:443/ * Trying X.X.X.X... * Connected to X.X.X.X (X.X.X.X) port XXYY (#0) > GET http://www.pypi.org:443/ HTTP/1.1 > Host: www.pypi.org:443 > User-Agent: curl/7.47.0 > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 503 Service Unavailable < Server: squid/3.5.12 < Mime-Version: 1.0 < Date: Fri, 24 Aug 2018 15:55:36 GMT < Content-Type: text/html;charset=utf-8 < Content-Length: 3601 < X-Squid-Error: ERR_CONNECT_FAIL 101 < Vary: Accept-Language < Content-Language: en < X-Cache: MISS from dns < X-Cache-Lookup: MISS from dns:XXYY < Via: 1.1 dns (squid/3.5.12) < Connection: close < <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> ... </body></html> * Closing connection 0
但是當我執行openssl時,我什麼也得不到
sudo openssl s_client -connect pypi.org:443
在檢查 squid 訪問日誌時,我還可以看到 TCP_MISS
1535126136.880 137 X.X.X.X TCP_MISS/503 3966 GET http://www.pypi.org:443/ - HIER_DIRECT/2a04:4e42:2c::319 text/html
請任何幫助表示讚賞。
這件事快把我逼瘋了。
謝謝你。
更新以使用帶有 https 而不是 http 的 curl
執行命令時,
curl -v https://pypi.org:443
這是我得到的輸出* Rebuilt URL to: https://pypi.org:443/ * Trying X.X.X.X... * Connected to X.X.X.X (X.X.X.X) port XXYY (#0) * Establish HTTP proxy tunnel to pypi.org:443 > CONNECT pypi.org:443 HTTP/1.1 > Host: pypi.org:443 > User-Agent: curl/7.47.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * found 149 certificates in /etc/ssl/certs/ca-certificates.crt * found 601 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / RSA_AES_128_GCM_SHA256 * server certificate verification SKIPPED * server certificate status verification SKIPPED * common name: pypi.org (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #1 * subject: CN=pypi.org * start date: Tue, 15 May 2018 17:28:09 GMT * expire date: Fri, 12 May 2028 17:28:09 GMT * issuer: ******** info about the certificate issuer ********* * compression: NULL * ALPN, server did not agree to a protocol > GET / HTTP/1.1 > Host: pypi.org > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Security-Policy: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com < Content-Type: text/html; charset=UTF-8 < ETag: "5fFqoiKHaa7+ibgDS4xg6Q" < Referrer-Policy: origin-when-cross-origin < Server: nginx/1.13.9 < Content-Length: 17391 < Accept-Ranges: bytes < Date: Fri, 24 Aug 2018 16:32:00 GMT < Age: 17 < X-Served-By: cache-iad2147-IAD < X-Cache: HIT < X-Cache-Hits: 1 < X-Timer: S1535128321.765578,VS0,VE1 < Vary: Accept-Encoding, Accept-Encoding < Strict-Transport-Security: max-age=31536000; includeSubDomains; preload < X-Frame-Options: deny < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < X-Permitted-Cross-Domain-Policies: none < X-Cache: MISS from dns < X-Cache-Lookup: MISS from dns:3131 < Via: 1.1 dns (squid/3.5.12) < Connection: close < <!DOCTYPE html> <html lang="en"> <head> ... </body></html> * Closing connection 0
這是魷魚訪問日誌
1535128320.770 105 129.6.112.80 TCP_MISS/200 18684 GET https://pypi.org/ - HIER_DIRECT/151.101.128.223 text/html
看起來您需要使用代理,但不要使用
get-pip.py
. 這就是它失敗的原因。根據文件get-pip.py
,應通過以下方式給予代理:python get-pip.py --proxy="http://[user:passwd@]proxy.server:port"
以 curl 作為基礎的實驗的詳細輸出,您需要像這樣使用它:
python get-pip.py --proxy="http://X.X.X.X:XXYY"
或者,使用您迄今為止使用的特定命令行:
sudo -H -E python /opt/stack/devstack/files/get-pip.py \ --proxy="http://X.X.X.X:XXYY" \ -c /opt/stack/devstack/tools/cap-pip.txt --verbose