The way to use curl for calls to a URL that have basic authentication through a proxy with per-user authentication and password is as follows:
curl -v -o /dev/null -x http://myproxy.feitam.es:8080 -U 'user1:34uyd/%^-erTd' -u 'consumer:54RT^%s-rbJ&%1' -X GET https://webservices.feitam.es/apicontext
The '-v' option is to see the result of connection management, not content.
The '-o /dev/null' option is so as not to see the content that the call returns. If we want to see the content, this option should be removed. If instead /dev/null specify a file with its path the curl output is written to the file.
The '-X command' option is used to specify the method to use: GET, POST, HEAD, DELETE, etc. This option can also be specified with '--request'. In this example we specify a GET request.
The option '-x protocol://host:port' is the same as the '--proxy' option, and through it we specify the protocol, server and port of the proxy to use. Therefore the above curl could also be:
curl -v -o /dev/null --proxy http://myproxy.feitam.es:8080 -U 'user1:34uyd/%^-erTd' -u 'consumer:54RT^%s-rbJ&%1' -X GET https://webservices.feitam.es/apicontext
The '-U user:password' option is the same as the '--proxy-user' option, and with this option we specify the user and password. If we only specify the curl user will prompt us for the password of the specified user. I recommend always enclosed in single quotation marks (') as they avoid problems with foreign characters in the password that break the curl command, but it is not necessary. And so the initial curl order could also be:
curl -v -o /dev/null -x http://myproxy.feitam.es:8080 --proxy-user 'user1:34uyd/%^-erTd' -u 'consumer:54RT^%s-rbJ&%1' -X GET https://webservices.feitam.es/apicontext
Or it could be if we don't specify the password:
curl -v -o /dev/null -x http://myproxy.feitam.es:8080 --proxy-user 'user1' -u 'consumer:54RT^%s-rbJ&%1' -X GET https://webservices.feitam.es/apicontext
You can also specify the proxy user and password within the proxy option as follows (possibly if you have rare characters the password might fail to run):
curl -v -o /dev/null -x http://user1:34uyd/%^-erTd@myproxy.feitam.es:8080 -U 'user1:34uyd/%^-erTd' -u 'consumer:54RT^%s-rbJ&%1' -X GET https://webservices.feitam.es/apicontext
The '-u user:password' option is where we indicate the basic authentication user and password that requires the URL we call. This can be specified only by the user and by running the curl command will prompt us at the prompt for the user's password. Therefore the initial curl command might also be:
curl -v -o /dev/null -x http://myproxy.feitam.es:8080 -U 'user1:34uyd/%^-erTd' -u 'consumer' -X GET https://webservices.feitam.es/apicontext
And basic authentication can also be sent as a header of type 'Authorization' and the user value:password (without the single quotation marks) must be encoded in base64 and sent as follows:
curl -v -o /dev/null -x http://myproxy.feitam.es:8080 -U 'user1:34uyd/%^-erTd' --header "Authorization: Basic Y29uc3VtZXI6NTRSVF4lcy1yYkomJTE=" -X GET https://webservices.feitam.es/apicontext
An example of execution without specifying the URL and proxy password, and where we can see that it requests both passwords:
operatorfeitam@dev04:~$ curl -v -o /dev/null -x http://myproxy.feitam.es:8080 -U 'user1' -u 'consumer' -X GET https://webservices.feitam.es/apicontext
Enter host password for user 'consumer':
Enter proxy password for user 'user1':
Note: Unnecessary use of -X or --request, GET is already inferred.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.50.12.55:8080...
* TCP_NODELAY set
* Connected to myproxy.feitam.es (10.50.12.55) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to webservices.feitam.es:443
* Proxy auth using Basic with user 'user1'
* Server auth using Basic with user 'consumer'
> CONNECT webservices.feitam.es:443 HTTP/1.1
> Host: webservices.feitam.es:443
> Proxy-Authorization: Basic dXNlcjE6MzR1eWQvJV4tZXJUZA==
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* CONNECT phase completed!
* CONNECT phase completed!
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [63 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3169 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [621 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [36 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=ES; L=Madrid; O=feitam.es; CN=webservices.feitam.es
* start date: Dec 23 00:00:00 2020 GMT
* expire date: Jan 23 23:59:59 2022 GMT
* subjectAltName: host "webservices.feitam.es" matched cert's "webservices.feitam.es"
* issuer: C=US; O=Let's Encrypt; CN=R3 TLS RSA SHA256 2020 CA1
* SSL certificate verify ok.
* Server auth using Basic with user 'consumer'
} [5 bytes data]
> GET /apicontext HTTP/1.1
> Host: webservices.feitam.es
> Authorization: Basic Y29uc3VtZXI6NTRSVF4lcy1yYkomJTE===
> User-Agent: curl/7.68.0
> Accept: */*
>
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host myproxy.feitam.es left intact
operatorfeitam@dev04:~$
All this I have certified with a curl 7.68.0 on a Windows Subsystem for Linux Ubuntu 20.04 Windows 10.