How to use the git protocol through a HTTP CONNECT proxy

Many corporate firewalls prevent git from using its efficient binary protocol by blocking outbound network connections. Sometimes, you are lucky and are trying to clone a repository that is hosted on a site like github which exports their repositories over HTTP, which would enable you to get through the firewall using the http_proxy environment variable. However, you are usually not that lucky and are only given a git:// URL to clone from.

Fortunately, most corporate firewalls allow for tunneling connections through their HTTP proxies, using HTTP CONNECT. This is normally used for allowing browser to connect to secure websites (using SSL over port 443), but if you are lucky, you can have your firewall administrator configure the proxy to also allow CONNECT for port 9418, which is the port used by git.

Once they have appropriately configured the proxy, you should then be able to use tools like netcat-openbsd or socat to connect through as follows…

  1. Install socat. For example, on Debian/Ubuntu, just sudo apt-get install socat.
  2. Create a script called gitproxy in your bin directory; You will need to replace proxy.yourcompany.com with the name of your proxy host and the port with the port used by the proxy (common ports include 3128, 8123 and 8000). (If the javascript is broken, visit Gist 49288 and download the raw file; or use the original commands as reproduced in the comments.)
  3. Configure git to use it: 
    $ git config --global core.gitproxy gitproxy

That’s it! Your git clone commands should now transparently accept git:// URLs.

Update: Fix quoting and add link to Gist 49288.

This entry was written by Emil Sit, posted on 9 December 2008 at 13:29, filed under Technology and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

6 Comments

  1. Artem Russakovskii
    Posted 19 January 2009 at 19:24 | Permalink

    Thanks for your solution, it worked almost perfectly.

    The instructions are pretty botched up though: the double quotes should be single, otherwise both ! and $ get interpolated by the shell.

    Hopefully wordpress won’t mess this up:

    echo ‘#!/bin/sh’ > ~/bin/gitproxy
    echo ‘exec socat STDIO PROXY:yourproxy.yourcompany.com:$1:$2,proxyport=3128′ >> ~/bin/gitproxy chmod +x ~/bin/gitproxy

    Artem http://beerpla.net http://twitter.com/ArtemR

  2. Emil Sit
    Posted 19 January 2009 at 21:49 | Permalink

    Thanks for the fix!

    I’ve also added a link to a more commented script as a gist on GitHub. That may be easier to download and configure.

  3. Sander Alberink
    Posted 4 June 2009 at 04:06 | Permalink

    Nice idea. However, I’m searching for this solution against an authenticating proxy. Any clues here?

  4. Emil Sit
    Posted 14 July 2009 at 08:56 | Permalink

    @Sander (sorry for delay; blog wasn’t sending e-mails about pending comments), try appending “,proxyauth=username:password” to the PROXY: command (after the _proxyport).

  5. tej
    Posted 20 August 2009 at 04:43 | Permalink

    2009/08/20 15:11:24 socat[12975] E CONNECT git.et.redhat.com:9418: Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. ) fatal: The remote end hung up unexpectedly

    I was trying to clone libvirt. How do i turn off SSL here.

  6. Jason Haruska
    Posted 2 November 2009 at 15:42 | Permalink

    It worked great. Thanks for the info. Should get around to updating git protocol to use $httpproxy or maybe a new $gitproxy variable

6 Trackbacks

  1. By Linmaya on 9 April 2009 at 00:21

    Using git over proxy…

    I was trying to clone Android repository at office when this problem of “Connection refused” started coming when running the ‘repo’ tool. On subsequent googling, I got this really useful link (thanks to Emil Sit) which explained…

  2. By The re-entrant coder » Git through proxy…. on 4 June 2009 at 05:05

    [...] go through a proxy. I had a hard time finding info on how to use git with a proxy, but then I found this link detailing a script that uses socat to get through a proxy. The sample script they provided did half [...]

  3. By Using Git behind Proxy « Stand on the shoulders of giants on 4 June 2009 at 08:22

    [...] using tunneling and installing local proxy. Following the instruction from this, this #2, and this #3 link, I installed socat, tconf and proxy+ in my local machine, but got no luck. After doing all the [...]

  4. By » Day 12: Another Day at the Office The Codex 2 Project on 30 June 2009 at 18:57

    [...] some further discussions in IRC I was linked on how to use the Git protocol though an HTTP connect proxy, but unfortunately we aren’t running from a proxy in the labs. The next idea was to change the [...]

  5. By Script to proxy git and svn protocols via http proxy « Darragh’s Blog on 31 August 2009 at 05:04

    [...] repos that didn’t have http equivalents I did some searching and found the following website http://www.emilsit.net/blog/archives/how-to-use-the-git-protocol-through-a-http-connect-proxy/ which described how you could use socat to create a tunnel that allowed access to git repositories [...]

  6. By Life with Debian and Ubuntu » Using git over proxy on 19 October 2009 at 08:17

    [...] started coming when running the ‘repo’ tool. On subsequent googling, I got this really useful link (thanks to Emil Sit) which explained how git can be used over http proxy for those git servers [...]

Post a Comment

Your email is never shared. Required fields are marked *

*
*