Run the Apply-Orbit-File operator from GPT behind a proxy with authentication
This guide describes a workaround for running the Apply-Orbit-File operator from GPT on Windows systems where the internet access is routed through a proxy that requires authentication.
The Apply-Orbit-File operator downloads orbit files from ESA’s public server to process products. When the user uses a machine which is not directly connected to the internet, a proxy server and port must be configured for each application that requires internet access.
Since GPT uses native JVM networking libraries which do not support proxy authentication, it can only connect to the internet through a proxy without authentication.
To bypass this limitation, you can configure a local proxy using 3rd party software. The local proxy authenticates with the upstream proxy and exposes a non-authenticated proxy endpoint for GPT to use.
This workaround can be used until an official solution is integrated into a future SNAP update.
Table of contents
The steps to apply this workaround on the Windows systems:
Install the WinGate application with a free license for 10 concurrent user
Download WinGate fromhttps://www.wingate.com/download/wingate/download.php and run the installer:
Click Next.
Select the 1st option and then click Next.
Choose the installation directory and then click Next.
Uncheck the last option - WinGate Network Driver - and then click Next.
Provide the email address for the administrative alerts and the email address of the sender and then click Next.
Click Next to start the installation of the WinGate application.
Click Next to finish the installation.
Perform the initial setup of the WinGate application
Open Start, type wingate and click on the WinGate Management application.
Click on the localhost square.
The WinGate application requires a license to be used. The user can activate the free license with 10 concurrent users. Click OK to begin.
If the machine has direct internet access, select the Online option. If a proxy without authentication is required to access the internet, check “Use proxy server to connect to the Internet”. Otherwise, select the Off-line option. Click OK.
Select the 3rd option - Activate a free license - then click Next.
Click on Make request button to save the License Request file localy. The WinGate application saves the file with the name License Request.req. Transfer this file to a machine with internet access.
On a computer with internet access, upload the License Request.req on the Activation Website: http://activation.qbik.com. The license file will be automatically downloaded from the Activation Website.
Transfer the downloaded file back to the offline machine to activate the WinGate application free license.
In WinGate, click on Import activation file, select the new license file, then click Finish.
WinGate needs to be restarted after the license is successfully activated.
Click on Next to start the setup of WinGate database provider.
Select the 3rd option - WinGate user database engine - from the dropdown menu and the click Next.
Click Finish to finish the setup of WinGate database engine.
Click OK to restart the WinGate application.
Configure the Local Proxy in WinGate
After the WinGate application was restarted, click on the localhost square.
Select the Use another account option.
Enter the username Administrator, leave the password blank and then click OK.
The WinGate dashboard opens, and the application displays a notification requiring user attention. Click the Go to notifications link in the yellow banner at the top.
The 1st notification about WinGate Updates can be ignored because the application is not yet configured to access the internet through the upstream proxy.
The 2nd notification about WinGate DNS client configuration can be fixed by the following steps:
→ In the left Navigation panel, click on Control Panel → DNS Client to open the DNS Client window
→ Click on the Add new server button from the group of 4 buttons (1st button).
→ Enter the desired DNS server IP address, e.g. 8.8.8.8, check the Use server for internet lookups checkbox and then click OK.
→ Click OK on the DNS Client window.
The WinGate application is now ready. Click the second link, Install / configure services, to configure the local proxy that connects to the upstream proxy requiring authentication.
Double click on WWW Proxy Server service to open the properties window
In the General tab, you can optionally change the local proxy server port to any port that is not being used by another application. The default port is 80.
In the Connection tab, check Connect via upstream proxy, then enter the IP address / domain of the upstream proxy, the port, select the Proxy type, check Proxy requires authentication and enter the credentials. Then click OK.
Check that the local proxy is working and that the internet can be accessed without entering the authentication credentials.
Open the Windows network settings, select Proxy, enter the local proxy IP address
127.0.0.1and the local proxy port 80(default), then click Save.
Open a browser and access any website. If the page loads without prompting for proxy authentication credentials, the workaround is working.
Verify the Workaround with SNAP GPT
Open the gpt.vmoptions file located in <SNAP_INSTALL_DIR>\bin directory:
Add the following lines to configure the local proxy IP and port:
-Dhttp.proxyHost=127.0.0.1
-Dhttp.proxyPort=80 Save the file.
Open the Command prompt window in the bin directory of SNAP Desktop, then run the Apply-Orbit-File GPT operator with the command:
gpt.exe Apply-Orbit-File {S1_product_directory}\manifest.safe -t {output_directory}\target.dimIf the output looks like this, the workaround is not functioning in the user’s environment, or an error occurred during setup. Please review the configuration.
If the output looks like this, the workaround is working in the user environment. Congratulations!
The steps to apply this workaround on the Linux systems:
Install the SQUID application which is licensed under the GPL
a) To be able to download the updates and the software packages using apt, through a proxy with authentication, a special configuration is needed.
If the system is already configured, skip to the step b)
Edit the apt configuration file, by entering the following command in the terminal:
sudo nano /etc/apt/apt.conf
Enter the following special line:
Acquire::http::proxy “http://<username>:<password>@<ip>:<port>/”;,then press CTRL + O for saving the changes and CTRL + X to exit the nano.
Check for updates of Ubuntu operating system by entering the following command:
sudo apt update
If the output is like this, the apt is correctly configured to pass the proxy with authentication, else please check the connection with the proxy server and the provided authentication credentials are correct.
b) install the SQUID application
Install of the squid local proxy application by entering the following command in the terminal:
sudo apt install squid
Enter Y to confirm the installation
Configure the Local Proxy in SQUID
Backup the original configuration file of squid application, before entering the custom configuration for this workaround, by entering the following command in the terminal:
sudo mv/etc/squid/squid.conf /etc/squid/squid.conf.bak
Edit the squid configuration file by entering the following command in the terminal:
sudo nano /etc/squid/squid.conf
Enter the following lines in the squid.conf file:
cache_peer <upstream_proxy_ip> parent <upstream_proxy_port> 0 no-query default login=<username>:<password>
never_direct allow all
always_direct deny all
http_port <local_proxy_port>
acl localhost src 127.0.0.1
http_access allow localhost
http_access deny all
dns_nameservers 8.8.8.8then, press CTRL + O to save the changes and CTRL + X to exit the nano.
Restart the squid service by entering the following command in the terminal:
sudo systemctl restart squid
Check that the local proxy is working and that the internet can be accessed without entering the authentication credentials.
a) Check using a terminal program like curl.
Open a connection with an internet website using curl by entering the following command in the terminal:
curl -x 127.0.0.1:<local_proxy_port> http://step.esa.int
If the output looks like this, the curl application is not installed.
Install the curl application by entering the following command in the terminal:sudo apt install curl
Open a connection with an internet website using the curl by entering the following command in the terminal:
curl -x 127.0.0.1:<local_proxy_port> http://step.esa.int
If the output looks like this, the local proxy is working and passing the requests through the upstream proxy which requires authentication, else please check the connection with the upstream proxy server and the authentication credentials provided in the squid configuration file are correct.
b) check using the browser
Open the network settings of Ubuntu, toggle Network Proxy, enter the local proxy IP address
127.0.0.1and the local proxy port set on the squid configuration file, then click on Save
Open the browser then browse to a website from the internet. If it loads without requesting the proxy authentication credentials, the workaround is ready.
Verify the Workaround with SNAP GPT
Open the gpt.vmoptions from the bin directory of the SNAP Desktop then, enter the local proxy IP by
-Dhttp.proxyHost=127.0.0.1and the local proxy port by
-Dhttp.proxyPort=<local_proxy_port>then, Save the file.
Open the console window at the bin directory of the SNAP Desktop then run the Apply-Orbit-File GPT operator by entering the following command in the terminal:
./gpt Apply-Orbit-File {S1_product_zip_file} -t {output_directory}/target.dim
If the output looks like this, the workaround is not functioning in the user’s environment, or an error occurred during setup. Please review the configuration.
If the output looks like this, the workaround is working in the user environment. Congratulations!