Set Proxy for Specific YUM/DNF Repositories

Last updated: September 6, 2024

Reviewed by: David Martinez
Baeldung Pro – Linux – NPI EA (cat = Baeldung on Linux)
announcement - icon

Learn through the super-clean Baeldung Pro experience:

>> Membership and Baeldung Pro.

No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.

1. Overview

YUM (Yellowdog Updater, Modified) and DNF (Dandified YUM) are the package managers for CentOS, RHEL, and Fedora systems. In many enterprise environments, routing traffic through a proxy server is often needed, either for security or because direct internet access is restricted.

When setting up YUM/DNF repositories on Linux systems, it’s important to configure the system to use the proxy server to access and update packages.

In this tutorial, we’ll learn how to configure a proxy for specific YUM/DNF repositories.

2. Configuring a Proxy for a Specific YUM/DNF Repository

In some scenarios, we may access certain repositories via a proxy server. This might be because:

  • Internal repositories are directly accessible without a proxy
  • External repositories require a proxy to connect to the internet
  • Different repositories need different proxy configurations based on their locations

YUM and DNF configurations are stored in .repo files, typically located in /etc/yum.repos.d/. Accordingly, each .repo file contains the configuration for a repository, including its name, base URL, and other settings. All in all, to configure a proxy for a specific repository, we’ll need to edit its .repo file and add the proxy configuration.

3. Locate the YUM/DNF Repository Configuration

The first step is to identify the specific repository configuration file. By default, YUM/DNF repository configuration files are stored in /etc/yum.repos.d/. For example, we may have a file named epel-testing.repo:

$ cd /etc/yum.repos.d/
$ ls -l
total 96
-rw-r--r--   1 root root 59084 Jan  3  2016 telnet-0.17-47.el6.x86_64.rpm
-rw-r--r--   1 root root  1457 Sep  4  2021 epel-testing.repo
-rw-r--r--   1 root root  7437 Feb 16  2022 katello-ca-consumer-latest.noarch.rpm
-rw-r--r--   1 root root   358 Sep  7  2022 redhat.repo
-rw-r--r--   1 root root     0 Sep 22  2022 jenkins.repo
drwxr-xr-x.  2 root root  4096 Oct 28  2022 .
drwxr-xr-x. 98 root root 12288 Aug 25 10:46 ..

We should see a list of .repo files. After that, we must identify the file, which in our case is epel-testing.repo, corresponding to the repository for which we want to set a proxy.

4. Edit the .repo File

Once we’ve located the correct .repo file, we open it in a text editor:

$ sudo nano /etc/yum.repos.d/epel-testing.repo

In this file, each repository is defined under a section labeled with the repository’s name in square brackets ([]). Below this, we’ll find settings like name, baseurl, and enabled:

$ cat epel-testing.repo
[epel-testing]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=http://download.example/pub/epel/testing/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

5. Add Proxy Settings

Let’s add the following settings to the file epel-testing.repo (or edit them if they’re already present), to set a proxy for this repository:

proxy=http://our-proxy-server:port
proxy_username=our-username
proxy_password=our-password

The value corresponding to the “proxy” variable defines the URL of the proxy server, including the port, whereas the variables “proxy_username” and “proxy_password” are optional and only needed if our proxy server requires authentication.

Let’s understand this with the help of an example:

[example-repo]
name=Example Repository
baseurl=http://repo.example.com/centos/$releasever/os/$basearch/
enabled=1
gpgcheck=1
proxy=http://proxy.example.com:8080
proxy_username=user
proxy_password=password

If our proxy server does not require authentication, we may omit the proxy_username and proxy_password lines.

6. Test the YUM/DNF Configuration

After saving the configuration file, we need to test the repository access using yum or dnf:

For yum:
$ sudo yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up everything

First, let’s clean up all YUM cache, including metadata and package data from repositories:

$ sudo yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
repo id           repo name                       status
base/7/x86_64     CentOS-7 - Base                 10,072
extras/7/x86_64   CentOS-7 - Extras                 400
updates/7/x86_64  CentOS-7 - Updates               1,230
repolist: 11,702

Next, let’s display the enabled DNF repositories along with the number of available packages:

For dnf:
$ sudo dnf clean all
41 files removed

Similar to YUM, we can clear all metadata and cache stored by DNF:

$ sudo dnf repolist
repo id                     repo name                                      status
base/7/x86_64               CentOS-7 - Base                                10,072
extras/7/x86_64             CentOS-7 - Extras                                400
updates/7/x86_64            CentOS-7 - Updates                              1,230
repolist: 11,702

This command shows the active repositories and their package counts.

The commands above should display the repository contents, indicating that the proxy configuration is working correctly.

7. Additional Considerations

In this section, we’ll discuss some of the important aspects that we must keep in mind while configuring a proxy for YUM/DNF repositories:

  • Global Proxy Settings: If we want to apply a proxy globally for all YUM/DNF operations, we configure it in the main configuration file, typically located at /etc/yum.conf for YUM and /etc/dnf/dnf.conf for DNF.
  • No Proxy for Internal Repositories: We may have internal repositories that should be accessed directly without a proxy. In such cases, we need to ensure that the proxy configuration is not added to those specific .repo files.
  • Environment Variables: For users who prefer setting a proxy globally via environment variables, we use http_proxy, https_proxy, and no_proxy environment variables. This approach applies to all YUM/DNF operations.

8. Conclusion

Configuring a proxy for specific YUM/DNF repositories provides fine-grained control over how different repositories are accessed.

In this article, we discussed how this proves useful in mixed environments with internal and external repositories or when working within networks that require different proxy configurations. By following the steps discussed in this article, we ensure that only the necessary repositories route traffic through a proxy while others are accessed directly.