Only use a proxy for certain git urls/domains?

Question

Is it possible to configure git to use a proxy only for specific domains?

I'd like to use our corporate proxy to access Github but leave it off for accessing our own internal git repos.

I'm using bower and it needs to require items both within our firewall and on github so I can't do this as a per project setting. It needs to be some kind of global configuration option. Any thoughts?

score 80 · Answer 1 · edited May 23 '17 at 12:26

To add another possibility, you can define a proxy through the git config http.proxy.

git config --global http.proxy http://mydomain\\myusername:mypassword@myproxyserver:proxyport

But what is really neat is, starting git1.8.5 (October 2013), you can set http settings per url.

The "http.*" variables can now be specified per URL that the configuration applies.
For example,

[http]
   sslVerify = true
[http "https://weak.example.com/"]
   sslVerify = false

would flip http.sslVerify off only when talking to that specified site.

See commit d4770964d5:

$ git config --bool --get-urlmatch http.sslVerify https://good.example.com
true
$ git config --bool --get-urlmatch http.sslVerify https://weak.example.com
false

With only <section> specified, you can get a list of all variables in the section with their values that apply to the given URL. E.g

$ git config --get-urlmatch http https://weak.example.com
http.sslverify false

All the details are in commit 6a56993b:

http.<url>.*::

Any of the http.* options above can be applied selectively to some urls.
For a config key to match a URL, each element of the config key is compared to that of the URL, in the following order:

Scheme (e.g., https in https://example.com/).
Host/domain name (e.g., example.com in https://example.com/).
Port number (e.g., 8080 in http://example.com:8080/).
Path (e.g., repo.git in https://example.com/repo.git).
User name (e.g., user in https://user@example.com/repo.git)

The list above is ordered by decreasing precedence; a URL that matches a config key's path is preferred to one that matches its user name.
For example, if the URL is https://user@example.com/foo/bar a config key match of https://example.com/foo will be preferred over a config key match of https://user@example.com.

All URLs are normalized before attempting any matching (the password part, if embedded in the URL, is always ignored for matching purposes) so that equivalent urls that are simply spelled differently will match properly.

Environment variable settings always override any matches.
The urls that are matched against are those given directly to Git commands.
This means any URLs +visited as a result of a redirection do not participate in matching.

To make specific domain NOT use the proxy settings, you need to set `http.proxy = ""` — imanuelcostigan, Sep 26 '16 at 22:41
How can you use a wildcard like *.mycompany.com to match all subdomains? — bbodenmiller, Oct 04 '16 at 06:25

score 69 · Accepted Answer · edited Feb 19 '17 at 09:50

69

I usually use the environment variables:

http_proxy=http://username:password@proxydomain:port
https_proxy=http://username:password@proxydomain:port

That is picked up by git when accessing GitHub repo.

Note:

both http_proxy and https_proxy must use the http:// url of the proxy (no https://).
always use the fqn (full qualified name) of proxydomain (don't rely on its short name)

But for internal repo, all I have to do is define and export one more environment variable:

no_proxy=.my.company,localhost,127.0.0.1,::1, for accessing any repo with an address like myrepo.my.company or localhost.

You can define NO_PROXY or no_proxy, it doesn't matter.

But just in case, I always set HTTP_PROXY, HTTPS_PROXY, http_proxy, https_proxy, NO_PROXY and no_proxy.

edited Feb 19 '17 at 09:50

bbodenmiller

3,101
5
34
50

answered Apr 17 '13 at 20:43

VonC

1,262,500
529
4,410
5,250

1

In my case, it didn't work until I tried removing `http://` for both http and https. – MIWMIB Aug 07 '14 at 23:55
no_proxy should not using * to wild match, use .mycompany.com instead will works. – Guixing Bai Dec 01 '14 at 10:05
@GuixingBai you are correct. I have edited the answer accordingly. – VonC Dec 01 '14 at 10:07
what if my password contains '@' in between?? any solution.? – Sheelpriy May 04 '15 at 12:12
@sheelpriy yes, use percent encoding: http://stackoverflow.com/a/6172831/6309 (`%40`) – VonC May 04 '15 at 12:14
@VonC What does the `::1` do in the no_proxy statement? – LightCC Sep 08 '17 at 03:55
1

@LightCC it ignores the IPv6 loopback address `::1` (https://en.wikipedia.org/wiki/Localhost, https://tools.ietf.org/html/rfc4291#section-2.5.3) – VonC Sep 08 '17 at 12:34
Any possibilities, if I want use `PROXYAAA` for domain `AAA` but `PROXYBBB` for domain `BBB` ??? in my case its for git pull, we have configured `.subversion/servers` with group for svn, but its ignored for git – xxxvodnikxxx Mar 09 '18 at 13:02
1

@xxxvodnikxxx could my [answer below](https://stackoverflow.com/a/18712501/6309) be helpful? For a certain server, you can set a certain proxy. – VonC Mar 09 '18 at 13:04
are you using Linux / Mac machine ? does this work with Git Bash on Windows ? – Luke Sep 08 '22 at 02:22
1

@Luke Windows, simple CMD, not even Git bash. This works across platforms. – VonC Sep 08 '22 at 05:26

Artif3x · Answer 3 · 2017-01-13T15:11:36.497

49

As some have mentioned here, you can do this by specifying a URL along with the proxy settings, but Here's the use case that fixed this for me. Thanks to VonC above!

Notice below that I'm specifying the root of the Git server. The full path to the git repo you've cloned isn't required. You can use a single entry to take care of the entire server.

Add the following to your .gitconfig file. On my windows system, I'm using %userprofile%\.gitconfig

[http]
    proxy = http://my.proxy.net:8080
[https]
    proxy = http://my.proxy.net:8443
[http "http://my.internalgitserver.com/"]
    proxy = ""

edited Jan 13 '17 at 15:11

answered Jan 12 '17 at 22:05

Artif3x

4,391
1
28
24

4

You are welcome. +1. Note that you might have set the Windows environment variable `NO_PROXY` to `my.internalgitserver.com`, and that could have been enough to not use the defined proxy: http://stackoverflow.com/a/27229920/6309 – VonC Jan 13 '17 at 05:09
Thanks, VonC. I'm in a situation where I'm creating several template config files for various proxied tools (git, bower, npm) and passing them out to team members. While you're right on the NO_PROXY setting working, it wasn't necessary in my case, and the simplicity of having these all in a single file that I can distribute is what I was after. – Artif3x Jan 13 '17 at 15:14
1

Good point. Distributing a file is easier than environment variables. – VonC Jan 13 '17 at 15:16
2

Even better - distribute a script or the direct git commands to apply the above. i.e. `git config --global http.proxy http://myproxy.net:8080`, for the first one, etc. Then you don't even need them to find the right place to put or update the file. – LightCC Sep 08 '17 at 03:55
@LightCC: Yes, that would work for sure; however, my particular use case requires the user's credentials be added to the URL: username:password@myproxy.net:8080, so that would complicate the script somewhat to include prompts and such. – Artif3x Sep 12 '17 at 03:08
Hi, many thanks for this answer, but I found its supported for git 1.8.5+, I am facing with 1.8.3, dont you know if there is some similar option? Thanks – xxxvodnikxxx Mar 09 '18 at 13:51
Just FYI.... if you also have in the .gitconfig "[credential] helper = wincred" it will STILL pop up for the proxy... and then it won't use it, so don't be fooled by that window. – Reginald Blue Feb 08 '21 at 19:10

jweyrich · Answer 4 · 2016-02-17T12:11:03.240

You can adjust various configuration options for each remote specifically. Let's say we have 2 remotes, named origin and upstream respectively. You adjust the proxy for each doing the following:

git config --path remote.origin.proxy http://user:pass@proxy_for_origin:8080
git config --path remote.upstream.proxy http://user:pass@proxy_for_upstream:8080

This will change the sections of each remote inside your local repository configuration (.git/config).

You can also adjust the global configuration options if you wish. Since it doesn't make sense to reference a remote name in the global config file ($HOME/.gitconfig), you can use url-matching (IIRC, supported since Git 1.8.5). Example:

[http "https://example.com/repo1.git"]
    proxy = http://user:pass@proxy1:8080
[http "https://example.com/repo2.git"]
    proxy = http://user:pass@proxy2:8080

If you want to see what's been set:

git config --path --get-urlmatch https://example.com/repo1.git
git config --path --get-urlmatch https://example.com/repo2.git

score 12 · Answer 5 · answered Feb 13 '20 at 10:01

assume your proxy is (like my ss) is : socks5://127.0.0.1:1086

config git proxy

for all
- add: git config --global http.proxy socks5://127.0.0.1:1086
- remove: git config --global --unset http.proxy
only for specific domain, eg: https://github.com
- add: git config --global http.https://github.com.proxy socks5://127.0.0.1:1086
- remove: git config --global --unset http.https://github.com.proxy

Note

After added proxy, using

cat ~/.gitconfig

can see related global config:

[http]
        proxy = socks5://127.0.0.1:1086

or

[http "https://github.com"]
        proxy = socks5://127.0.0.1:1086

Use `socks5h` instead of `socks5` to send DNS through SOCKS5 proxy (https://stackoverflow.com/a/16756248/5380322) — Cepr0, Apr 18 '20 at 16:39

Anurag Singh · Answer 6 · 2019-07-22T11:12:00.047

I had a similar problem, where i am behind my corporate proxy. I basically have two kinds of repositories:

External- which need proxy
Internal- which don't need proxy

I had to set a proxy in global config, which would act as the default, if not otherwise specified in local config.

So below are the commands for configuration:

set global config with proxy

git config --global --add http.proxy "http://username:password@proxydomain:port"
git config --global --add https.proxy "https://username:password@proxydomain:port"

then move to your local directory that contains your .git folder and for which you don't need proxy

cd "C:\Users\username\directory_without_proxy\"

set local config with empty proxy

git config --local --add http.proxy ""
git config --local --add https.proxy ""

It could be done the other way too. That is, you keep the global config as empty and local config with your proxy settings.

Just to double check you can use below command to list down the config settings for global and local respectively:

git config --global --list
git config --local --list

score -1 · Answer 7 · answered Apr 30 '15 at 06:44

-1

On Windows , Simply [note without password] following worked for me

git config --global http.proxy http://mydomain\\myusername:@myproxyserver:proxyport

git config --global https.proxy http://mydomain\\myusername:@myproxyserver:proxyport

answered Apr 30 '15 at 06:44

TheWhiteRabbit

15,480
4
33
57

Only use a proxy for certain git urls/domains?

7 Answers7

config git proxy

Note

Linked