Using git behind a proxy

This is a simple recipe about how to use git behind a proxy.

Right now I’m working behind a very restrictive firewall and I can’t get any port I need open, so I use a proxy socks for working with git,bzr,jabber and so on. I was looking for an easy way to use git with a proxy but I didn’t find easily the solution. After some researches a friend (Roberto) found the solution and we use it at work.

Let’s see it ;-)

Just in case we don’t have it:

$ mkdir ~/bin

Now the interesting part, the wrapper for the proxy:

$ cat <<EOF>> ~/bin/proxy-wrapper
#!/bin/sh
# Put your own values
PROXY_IP=10.0.0.80
PROXY_PORT=22000

nc -x${PROXY_IP}:${PROXY_PORT} -X5 $*

EOF
$ chmod +x ~/bin/proxy-wrapper

Note that you’ll need to have installed netcat (the openbsd’s one: netcat-openbsd) to be able to use the command nc with the option -x.

Then you’ll have to be sure you have setted the ~/bin directory on your PATH and then add the env variable GIT_PROXY_COMMAND. That variable will be used by git for doing pushes through git or ssh protocol:

$ cat <<EOF>> ~/.bashrc
export PATH=~/bin:"${PATH}"
export GIT_PROXY_COMMAND=~/bin/proxy-wrapper
EOF

Now you will be able to use git normally with no worries about the firewall, nat or whatever.

Tags: , , ,

11 Responses to “Using git behind a proxy”

  1. scimmia says:

    and what about proxy authentification?

    • juanje says:

      Sorry, I didn’t say that I use a proxy we had set up with a ssh and without user or password. It is in our internal net and just for our connections.

      With netcat you can pass an username, but I’m not sure about the pass. It should be (otherwise it won’t make any sense…). Try the help of netcat. I saw this:

      nc -P${USER} -x${PROXY_IP}:${PROXY_PORT} -X5 $*

      Another option is to try with tsocks or similar tool instead of netcat. I guess it will work.

  2. I tried this to retrieve LDTP source code from our proxy setup, it doesn’t work. Not sure, where the issue is.

    git clone ssh://nagappan@git.freedesktop.org/git/ldtp/ldtp.git

    I have installed netcat. Our company uses Squid proxy server. I tried this on Ubuntu 9.04. After making the above mentioned changes, I have also sourced bashrc (. ~/.bashrc)

    When I tried anonymous user

    git clone git://anongit.freedesktop.org/git/ldtp/ldtp.git

    I get the following error message

    Initialized empty Git repository in /tmp/ldtp/.git/
    nc: invalid option — ‘x’
    nc -h for help
    fatal: The remote end hung up unexpectedly

    Maybe the setup you have provide will just work for anonymous user !?!

    Thanks

    • juanje says:

      As I said, you need to install the openbsd nectat, the standard one won’t work. I use Guadalinex v6 (based in Ubuntu Jaunty) and it works perfect, but you need to install the package ‘netcat-openbsd’.

      Probably you have instaled the package ‘netcat’, which is a dummy package and actually will install you ‘netcat-traditional’. This one hasn’t support for socks proxies.

      I hope this help you up :-)

  3. I even tried changing the option in proxy-wrapper

    nc ${PROXY_IP} ${PROXY_PORT} $*

    That doesn’t help.

    Anyways, thanks for sharing the info.

    Thanks

  4. [...] Using git behind a agent « Nothing in particular [...]

  5. Paul Collins says:

    You can also set this up globally or per-repository by using “git config” to adjust “core.gitproxy”.

    • juanje says:

      Yes, I guess you can, but when I was looking for a solution I couldn’t find it. I googled it and nothing. Some reference to gitproxy, but nothing about how this was working.

      I didn’t see in that moment in the git’s documentation, but I guess it’s not just its fault…

      Tomorrow I’ll try using directly the git configuration instead of the env variables. At least I’ll try… you know, with git nothing is easy…. (sorry, I couldn’t resit :-P)

      Thanks for the tip :-)

  6. Nirbheek Chauhan says:

    Here’s the method I use(d) for connecting to git servers via an http proxy which has the CONNECT method enabled:

    Install the “connect”[1] program, then use the following script as the “proxy-wrapper”: http://is.gd/1F44h

    Then, just set the http_proxy env variable (with authentication or whatever), and this should Just Work.

    1. http://www.meadowy.org/~gotoh/projects/connect/

  7. Berend De Schouwer says:

    The socks client in some distros (dante-client in Ubuntu) already comes with a useful little command called socksify(1)

    socksify git checkout ….

    works with passwords, etc. like sudo(8). No need to write custom scripts or anything.

  8. Susan says:

    I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

    Susan

    http://8080proxy.com