This error occurs when Git ignores the no_proxy or NO_PROXY environment variable and still routes requests through a proxy server for hosts that should be bypassed. The fix involves using Git's native http.noProxy configuration or URL-specific proxy settings instead of relying on the environment variable.
This error indicates that Git is attempting to connect to a remote repository through a proxy server even though you've configured the `no_proxy` or `NO_PROXY` environment variable to bypass the proxy for that host. Git uses libcurl for HTTP/HTTPS operations, and while libcurl generally respects the `no_proxy` environment variable, Git's behavior can be inconsistent depending on your operating system, Git version, and how the proxy settings are configured. In corporate environments, this often happens when trying to access internal Git servers while a corporate proxy is configured for external traffic. The "fatal: unable to access" message appears because the proxy either blocks the connection to the internal host or the internal host is not reachable through the proxy network. This creates a frustrating situation where the proxy settings work correctly in browsers and other tools but Git continues to route traffic through the proxy.
First, identify all proxy settings affecting Git:
# Check environment variables
echo "HTTP_PROXY: $HTTP_PROXY"
echo "HTTPS_PROXY: $HTTPS_PROXY"
echo "http_proxy: $http_proxy"
echo "https_proxy: $https_proxy"
echo "NO_PROXY: $NO_PROXY"
echo "no_proxy: $no_proxy"
# List all proxy-related environment variables
env | grep -i proxy
# Check Git config at all levels
git config --system --get http.proxy
git config --global --get http.proxy
git config --local --get http.proxy 2>/dev/null
git config --system --get https.proxy
git config --global --get https.proxy
git config --local --get https.proxy 2>/dev/null
# Check for http.noProxy setting
git config --global --get http.noProxyNote which settings are active. Git config settings take precedence over environment variables.
The most reliable method is to use Git's native http.noProxy setting instead of the environment variable:
# Set hosts to bypass proxy (comma-separated list)
git config --global http.noProxy "internal.company.com,git.local,192.168.1.0/24"
# For multiple domains
git config --global http.noProxy "*.internal.company.com,localhost,127.0.0.1"
# Verify the setting
git config --global --get http.noProxyExample .gitconfig:
[http]
proxy = http://proxy.company.com:8080
noProxy = internal.company.com,git.local,localhostThis approach is more reliable than environment variables because Git's configuration takes precedence.
For more granular control, set an empty proxy for specific Git servers:
# Disable proxy for a specific domain
git config --global http.https://git.internal.company.com.proxy ""
# Disable proxy for all subdomains
git config --global http.https://*.internal.company.com.proxy ""
# Disable proxy for a specific repository URL
git config --global http.https://git.internal.company.com/team/repo.git.proxy ""In .gitconfig:
[http]
proxy = http://proxy.company.com:8080
[http "https://git.internal.company.com"]
proxy =
[http "https://gitlab.local"]
proxy =This URL-specific configuration ensures Git bypasses the proxy only for matching URLs while using the proxy for everything else.
If you prefer using the environment variable, ensure the syntax is correct:
# Correct format (comma-separated, no spaces)
export no_proxy="localhost,127.0.0.1,.internal.company.com,git.local"
export NO_PROXY="localhost,127.0.0.1,.internal.company.com,git.local"
# Note: Leading dot matches subdomains
# .company.com matches git.company.com, repo.company.com, etc.
# company.com only matches exactly company.com
# Wrong formats (may not work):
export no_proxy="localhost, 127.0.0.1" # spaces cause issues
export no_proxy="localhost;127.0.0.1" # semicolons don't work
export no_proxy="http://internal.company.com" # don't include protocolFor Windows (Command Prompt):
set no_proxy=localhost,127.0.0.1,.internal.company.comFor Windows (PowerShell):
$env:no_proxy = "localhost,127.0.0.1,.internal.company.com"Make it permanent in shell profile:
# Add to ~/.bashrc or ~/.zshrc
export no_proxy="localhost,127.0.0.1,.internal.company.com"
export NO_PROXY="$no_proxy"Clear any Git-specific proxy settings that might override your bypass configuration:
# Remove system-level proxy (may require sudo)
git config --system --unset http.proxy
git config --system --unset https.proxy
# Remove global proxy
git config --global --unset http.proxy
git config --global --unset https.proxy
# Remove local repository proxy (run in repo directory)
git config --local --unset http.proxy
git config --local --unset https.proxy
# Verify removal
git config --list --show-origin | grep -i proxyAfter removing conflicting settings, Git will respect the environment variables or you can reconfigure with proper bypass rules.
Verify that proxy bypass is working correctly:
# Test with curl first (uses same libcurl as Git)
curl -v https://git.internal.company.com
# Test Git connection with verbose output
GIT_CURL_VERBOSE=1 git ls-remote https://git.internal.company.com/repo.git
# Clone with debugging
GIT_TRACE=1 GIT_CURL_VERBOSE=1 git clone https://git.internal.company.com/team/repo.git
# Test fetch on existing repository
cd existing-repo
GIT_CURL_VERBOSE=1 git fetch originIn the verbose output, look for:
- Proxy: lines showing which proxy is being used
- Connected to showing direct connection to the host
- No proxy-related connection errors
If proxy bypass continues to be problematic, switch to SSH which bypasses HTTP proxies entirely:
# Clone using SSH (bypasses HTTP proxy)
git clone [email protected]:team/repo.git
# Change existing remote from HTTPS to SSH
git remote set-url origin [email protected]:team/repo.git
# Verify the change
git remote -vSSH connections use port 22 by default and don't go through HTTP proxies. However, if your network also blocks SSH or requires an SSH proxy, you'll need to configure ~/.ssh/config:
# For hosts that should bypass SSH proxy
Host git.internal.company.com
ProxyCommand none
User git
IdentityFile ~/.ssh/id_ed25519For CI/CD pipelines, ensure proxy bypass is properly configured:
GitHub Actions:
jobs:
build:
runs-on: self-hosted
env:
no_proxy: "git.internal.company.com,localhost,127.0.0.1"
NO_PROXY: "git.internal.company.com,localhost,127.0.0.1"
steps:
- name: Configure Git proxy bypass
run: |
git config --global http.https://git.internal.company.com.proxy ""
- uses: actions/checkout@v4GitLab CI:
variables:
no_proxy: "git.internal.company.com,localhost"
NO_PROXY: "git.internal.company.com,localhost"
before_script:
- git config --global http.https://git.internal.company.com.proxy ""Jenkins Pipeline:
environment {
no_proxy = 'git.internal.company.com,localhost'
NO_PROXY = 'git.internal.company.com,localhost'
}### Understanding Proxy Priority in Git
Git determines proxy settings in this priority order (highest to lowest):
1. URL-specific http.<url>.proxy Git config
2. General http.proxy Git config
3. HTTPS_PROXY / https_proxy environment variables (for HTTPS URLs)
4. HTTP_PROXY / http_proxy environment variables (for HTTP URLs)
The no_proxy environment variable is processed by libcurl, but Git config settings can override it. This is why using http.noProxy or URL-specific proxy settings in Git config is more reliable.
### Git for Windows Specific Issues
Git for Windows handles proxy settings differently:
# Check if Git is using Windows credential helper
git config --global --get credential.helper
# Windows may ignore no_proxy if set in Unix format
# Use Windows-style environment variables:
setx no_proxy "localhost,127.0.0.1,.company.com"
# Or configure in Git Bash profile (~/.bash_profile)
export no_proxy="localhost,127.0.0.1,.company.com"### CIDR Notation Support
Some versions of Git/libcurl support CIDR notation in no_proxy:
# May work depending on libcurl version
export no_proxy="localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16"
# More reliable: list specific hosts
export no_proxy="localhost,127.0.0.1,10.0.1.50,192.168.1.100"### Debugging Proxy Issues
Enable maximum verbosity to diagnose proxy problems:
# Full debugging output
GIT_TRACE=1 \
GIT_CURL_VERBOSE=1 \
GIT_TRACE_PACKET=1 \
GIT_TRACE_PERFORMANCE=1 \
git fetch origin 2>&1 | tee git-debug.logLook for these indicators:
- * Trying <IP>... - Direct connection attempt
- * Connected to <proxy> - Going through proxy
- * CONNECT <host>:443 - HTTPS tunneling through proxy
### Proxy Auto-Configuration (PAC) Files
If your organization uses a PAC file, it may override no_proxy settings:
# Check for PAC file configuration
echo $auto_proxy
# On macOS, check system proxy settings
scutil --proxyPAC files can make proxy decisions based on URLs, potentially ignoring no_proxy. Work with your network administrator to update the PAC file to bypass the proxy for internal Git servers.
### Using the 'none' Keyword
In some configurations, you can use the special keyword none to explicitly disable proxy:
# In .gitconfig
[http "https://internal.company.com"]
proxy = noneThis explicitly tells Git not to use any proxy for matching URLs, rather than just setting an empty value.
### Credential and Proxy Interaction
Sometimes credential helpers interact poorly with proxy settings:
# If using credential.helper, ensure it's not adding proxy headers
git config --global --unset credential.helper
# Or use a simpler credential storage
git config --global credential.helper store### Verify libcurl Configuration
Git's proxy behavior depends on how libcurl was compiled:
# Check curl/libcurl configuration
curl --version
# Look for proxy-related features:
# - HTTP-proxy
# - HTTPS-proxy
# - SOCKS4/SOCKS5If libcurl doesn't include proxy support, proxy settings won't work at all.
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git
fatal: missing blob object 'abc1234' in blobless clone
How to fix 'missing blob object in blobless clone' in Git