Thoughts on Systems

Emil Sit

Dec 9, 2008 - 2 minute read - Technology firewall git proxy tools

How to use the git protocol through a HTTP CONNECT proxy

Many corporate firewalls prevent git from using its efficient binary protocol by blocking outbound network connections. Sometimes, you are lucky and are trying to clone a repository that is hosted on a site like github which exports their repositories over HTTP, which would enable you to get through the firewall using the http_proxy environment variable. However, you are usually not that lucky and are only given a git:// URL to clone from.

Fortunately, most corporate firewalls allow for tunneling connections through their HTTP proxies, using HTTP CONNECT. This is normally used for allowing browser to connect to secure websites (using SSL over port 443), but if you are lucky, you can have your firewall administrator configure the proxy to also allow CONNECT for port 9418, which is the port used by git.

Once they have appropriately configured the proxy, you should then be able to use tools like netcat-openbsd or socat to connect through as follows…

  1. Install socat. For example, on Debian/Ubuntu, just sudo apt-get install socat.
  2. Create a script called gitproxy in your bin directory; You will need to replace with the name of your proxy host and the port with the port used by the proxy (common ports include 3128, 8123 and 8000). (If the javascript is broken, visit Gist 49288 and download the raw file; or use the original commands as reproduced in the comments.)
  3. Configure git to use it:
    $ git config –global core.gitproxy gitproxy

That’s it! Your git clone commands should now transparently accept git:// URLs.

Update: Fix quoting and add link to Gist 49288.