Creating local EPEL repo behind corporate proxy/firewall

Latest response

Hello

I want to create a local copy of the EPEL repo on our network for RHEL 8.4. The EPEL repo server is in the DMZ with controlled access to the internet.

I have so far managed to install the epel-release-latest-8.noarch.rpm manually so that the epel.repo file gets created.

The edited epel.repo looks like this:

[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
baseurl=https://mirrors.ukfast.co.uk/sites/dl.fedoraproject.org/pub/epel/$releasever/Everything/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

I have commented out the metalink line so it stops access to multiple mirrors which won't be whitelisted on the proxy and only used a working URL for the base URL.

If I try to use reposync it produces connection errors:

# reposync --repoid=epel -p /repo
Updating Subscription Management repositories.
Extra Packages for Enterprise Linux 8 - x86_64                                                                                                                                                                                                                                        0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'epel':
  - Curl error (56): Failure when receiving data from the peer for https://mirrors.ukfast.co.uk/sites/dl.fedoraproject.org/pub/epel/8/Everything/x86_64/repodata/repomd.xml [Received HTTP code 403 from proxy after CONNECT]
Error: Failed to download metadata for repo 'epel': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

As far as I know the proxy has already whitelisted the URL. So I am not sure why there is still a 403 error. Any ideas?

Thanks.

Responses

The first thing to check is whether you are actually using the proxy. One way to test this is to configure the proxy explicitly on the command, eg. https_proxy=https://your.proxy:port reposync --repoid=epel -p /repo If that still doesn't work I suggest you chek the URL really is whitelisted on your proxy.

Thanks Michael, I will check with proxy team and feedback.