Yes, we're now running our only Summer Sale. All Courses are 30% off until 20th July, 2026:
Set Proxy for Specific YUM/DNF Repositories
Last updated: September 6, 2024
1. Overview
YUM (Yellowdog Updater, Modified) and DNF (Dandified YUM) are the package managers for CentOS, RHEL, and Fedora systems. In many enterprise environments, routing traffic through a proxy server is often needed, either for security or because direct internet access is restricted.
When setting up YUM/DNF repositories on Linux systems, it’s important to configure the system to use the proxy server to access and update packages.
In this tutorial, we’ll learn how to configure a proxy for specific YUM/DNF repositories.
2. Configuring a Proxy for a Specific YUM/DNF Repository
In some scenarios, we may access certain repositories via a proxy server. This might be because:
- Internal repositories are directly accessible without a proxy
- External repositories require a proxy to connect to the internet
- Different repositories need different proxy configurations based on their locations
YUM and DNF configurations are stored in .repo files, typically located in /etc/yum.repos.d/. Accordingly, each .repo file contains the configuration for a repository, including its name, base URL, and other settings. All in all, to configure a proxy for a specific repository, we’ll need to edit its .repo file and add the proxy configuration.
3. Locate the YUM/DNF Repository Configuration
The first step is to identify the specific repository configuration file. By default, YUM/DNF repository configuration files are stored in /etc/yum.repos.d/. For example, we may have a file named epel-testing.repo:
$ cd /etc/yum.repos.d/
$ ls -l
total 96
-rw-r--r-- 1 root root 59084 Jan 3 2016 telnet-0.17-47.el6.x86_64.rpm
-rw-r--r-- 1 root root 1457 Sep 4 2021 epel-testing.repo
-rw-r--r-- 1 root root 7437 Feb 16 2022 katello-ca-consumer-latest.noarch.rpm
-rw-r--r-- 1 root root 358 Sep 7 2022 redhat.repo
-rw-r--r-- 1 root root 0 Sep 22 2022 jenkins.repo
drwxr-xr-x. 2 root root 4096 Oct 28 2022 .
drwxr-xr-x. 98 root root 12288 Aug 25 10:46 ..
We should see a list of .repo files. After that, we must identify the file, which in our case is epel-testing.repo, corresponding to the repository for which we want to set a proxy.
4. Edit the .repo File
Once we’ve located the correct .repo file, we open it in a text editor:
$ sudo nano /etc/yum.repos.d/epel-testing.repo
In this file, each repository is defined under a section labeled with the repository’s name in square brackets ([]). Below this, we’ll find settings like name, baseurl, and enabled:
$ cat epel-testing.repo
[epel-testing]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=http://download.example/pub/epel/testing/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
5. Add Proxy Settings
Let’s add the following settings to the file epel-testing.repo (or edit them if they’re already present), to set a proxy for this repository:
proxy=http://our-proxy-server:port
proxy_username=our-username
proxy_password=our-password
The value corresponding to the “proxy” variable defines the URL of the proxy server, including the port, whereas the variables “proxy_username” and “proxy_password” are optional and only needed if our proxy server requires authentication.
Let’s understand this with the help of an example:
[example-repo]
name=Example Repository
baseurl=http://repo.example.com/centos/$releasever/os/$basearch/
enabled=1
gpgcheck=1
proxy=http://proxy.example.com:8080
proxy_username=user
proxy_password=password
If our proxy server does not require authentication, we may omit the proxy_username and proxy_password lines.
6. Test the YUM/DNF Configuration
After saving the configuration file, we need to test the repository access using yum or dnf:
For yum:
$ sudo yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up everything
First, let’s clean up all YUM cache, including metadata and package data from repositories:
$ sudo yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
repo id repo name status
base/7/x86_64 CentOS-7 - Base 10,072
extras/7/x86_64 CentOS-7 - Extras 400
updates/7/x86_64 CentOS-7 - Updates 1,230
repolist: 11,702
Next, let’s display the enabled DNF repositories along with the number of available packages:
For dnf:
$ sudo dnf clean all
41 files removed
Similar to YUM, we can clear all metadata and cache stored by DNF:
$ sudo dnf repolist
repo id repo name status
base/7/x86_64 CentOS-7 - Base 10,072
extras/7/x86_64 CentOS-7 - Extras 400
updates/7/x86_64 CentOS-7 - Updates 1,230
repolist: 11,702
This command shows the active repositories and their package counts.
The commands above should display the repository contents, indicating that the proxy configuration is working correctly.
7. Additional Considerations
In this section, we’ll discuss some of the important aspects that we must keep in mind while configuring a proxy for YUM/DNF repositories:
- Global Proxy Settings: If we want to apply a proxy globally for all YUM/DNF operations, we configure it in the main configuration file, typically located at /etc/yum.conf for YUM and /etc/dnf/dnf.conf for DNF.
- No Proxy for Internal Repositories: We may have internal repositories that should be accessed directly without a proxy. In such cases, we need to ensure that the proxy configuration is not added to those specific .repo files.
- Environment Variables: For users who prefer setting a proxy globally via environment variables, we use http_proxy, https_proxy, and no_proxy environment variables. This approach applies to all YUM/DNF operations.
8. Conclusion
Configuring a proxy for specific YUM/DNF repositories provides fine-grained control over how different repositories are accessed.
In this article, we discussed how this proves useful in mixed environments with internal and external repositories or when working within networks that require different proxy configurations. By following the steps discussed in this article, we ensure that only the necessary repositories route traffic through a proxy while others are accessed directly.