The 'Proxy CONNECT aborted' error occurs when Git attempts to connect to a remote repository through a proxy server, but the proxy terminates the connection. This typically happens due to misconfigured proxy settings, authentication failures, or firewall restrictions blocking the tunnel. The fix usually involves correcting proxy configuration or bypassing the proxy entirely.
The "fatal: unable to access: Proxy CONNECT aborted" error indicates that Git's underlying HTTP library (libcurl) attempted to establish a tunnel through a proxy server using the HTTP CONNECT method, but the proxy server terminated the connection before the tunnel could be established. When Git communicates with remote repositories over HTTPS, it uses libcurl to make HTTP requests. If a proxy is configured, libcurl first sends a CONNECT request to the proxy asking it to establish a TCP tunnel to the destination server (e.g., github.com:443). The proxy should respond with "HTTP 200 Connection established" and then relay all subsequent traffic. When the proxy instead aborts this connection, you see this error. This error is commonly encountered in corporate environments where proxy servers are required for internet access. The proxy may abort the connection for several reasons: invalid proxy credentials, the proxy blocking certain hosts, SSL/TLS inspection conflicts, or the proxy simply not supporting the CONNECT method for non-HTTP ports.
First, identify what proxy settings Git is currently using:
# Check Git-specific proxy settings
git config --global --get http.proxy
git config --global --get https.proxy
# Check system-wide settings
git config --system --get http.proxy
git config --system --get https.proxy
# Check repository-specific settings
git config --get http.proxy
git config --get https.proxy
# Check environment variables
echo $HTTP_PROXY
echo $HTTPS_PROXY
echo $http_proxy
echo $https_proxy
echo $NO_PROXYMake note of all proxy settings found - you may have conflicting configurations at different levels.
Ensure your proxy URL is correctly formatted. The proper syntax is:
http://[username:password@]proxyhost:portExamples of correct formats:
# Without authentication
git config --global http.proxy http://proxy.company.com:8080
# With authentication (URL-encoded special characters)
git config --global http.proxy http://username:[email protected]:8080
# If password contains special characters, URL-encode them
# @ = %40, : = %3A, # = %23, ! = %21
git config --global http.proxy http://john.doe:p%[email protected]:8080Important: Use http:// prefix even for HTTPS proxy - the protocol refers to how Git talks to the proxy, not the end destination.
Verify the proxy is reachable and working:
# Test if proxy port is open
nc -zv proxy.company.com 8080
# Test CONNECT method through proxy with curl
curl -v -x http://proxy.company.com:8080 https://github.com
# With authentication
curl -v -x http://username:[email protected]:8080 https://github.com
# Debug Git's HTTP communication
GIT_CURL_VERBOSE=1 git ls-remote https://github.com/git/git.gitLook for these responses:
- 407 Proxy Authentication Required - Credentials needed or incorrect
- 403 Forbidden - Proxy blocking the destination
- 502 Bad Gateway - Proxy cannot reach destination
- Connection established - Proxy working correctly
If your proxy requires authentication, configure it properly:
# Set proxy with embedded credentials (less secure but simpler)
git config --global http.proxy http://username:[email protected]:8080
git config --global https.proxy http://username:[email protected]:8080More secure method using .netrc:
# Create or edit ~/.netrc (Linux/macOS) or %USERPROFILE%\_netrc (Windows)
machine proxy.company.com
login username
password your_passwordThen configure proxy without credentials:
git config --global http.proxy http://proxy.company.com:8080On Windows with NTLM authentication:
# Use cntlm as a local proxy bridge
# Install cntlm, configure with domain credentials
# Then point Git to cntlm
git config --global http.proxy http://localhost:3128Remove all proxy settings and start fresh if configurations are conflicting:
# Remove Git proxy settings at all levels
git config --global --unset http.proxy
git config --global --unset https.proxy
git config --system --unset http.proxy
git config --system --unset https.proxy
git config --unset http.proxy
git config --unset https.proxy
# Clear environment variables (add to shell profile to persist)
unset HTTP_PROXY
unset HTTPS_PROXY
unset http_proxy
unset https_proxy
# On Windows PowerShell
$env:HTTP_PROXY = ""
$env:HTTPS_PROXY = ""Then reconfigure with the correct settings:
git config --global http.proxy http://proxy.company.com:8080
git config --global https.proxy http://proxy.company.com:8080If the proxy works for some hosts but not others, configure exceptions:
# Bypass proxy for specific domains
git config --global http.https://github.com.proxy ""
git config --global http.https://gitlab.com.proxy ""
# Or use NO_PROXY environment variable
export NO_PROXY="github.com,gitlab.com,bitbucket.org,*.internal.company.com"
# Set proxy only for specific domains
git config --global http.https://internal-git.company.com.proxy http://proxy.company.com:8080This is useful when:
- External Git hosts should bypass proxy (direct internet access available)
- Internal Git servers need proxy but external don't
- Certain hosts cause issues through the proxy
If your proxy performs SSL inspection (MITM), you may need to trust its certificate:
# Temporarily disable SSL verification (NOT recommended for production)
git config --global http.sslVerify false
# Better: Add corporate CA certificate
git config --global http.sslCAInfo /path/to/corporate-ca-bundle.crt
# Or append to system certificate store
# On Ubuntu/Debian:
sudo cp corporate-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# On RHEL/CentOS:
sudo cp corporate-ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trustFind your corporate CA certificate:
1. Ask IT department for the CA certificate
2. Export from browser: Visit https://github.com, click lock icon, view certificate chain
3. Look in corporate PKI documentation
If proxy issues persist with HTTPS, switch to SSH which may bypass the proxy:
# Check current remote URL
git remote -v
# Change from HTTPS to SSH
git remote set-url origin [email protected]:username/repository.git
# Test SSH connection
ssh -T [email protected]If SSH is also blocked (port 22), try SSH over HTTPS port:
# Edit ~/.ssh/config
Host github.com
Hostname ssh.github.com
Port 443
User gitNote: Some corporate proxies block SSH traffic entirely, in which case HTTPS with proper proxy configuration is your only option.
Enable detailed debugging to identify the exact failure point:
# Enable Git HTTP trace
GIT_TRACE=1 GIT_CURL_VERBOSE=1 git clone https://github.com/user/repo.git
# More detailed curl debugging
GIT_TRACE_CURL=1 git fetch
# On Windows
set GIT_TRACE=1
set GIT_CURL_VERBOSE=1
git clone https://github.com/user/repo.gitLook for these key lines in output:
- * Connected to proxy.company.com - Proxy connection established
- > CONNECT github.com:443 - CONNECT request sent
- < HTTP/1.1 200 Connection established - Success
- < HTTP/1.1 407 Proxy Authentication Required - Auth needed
- < HTTP/1.1 403 Forbidden - Blocked by proxy
If none of the above solutions work, the issue may be on the proxy side:
Information to gather for IT:
# Collect all proxy settings
git config --list | grep -i proxy
env | grep -i proxy
# Get error details
GIT_CURL_VERBOSE=1 git clone https://github.com/example/repo.git 2>&1 | head -50Questions to ask IT:
1. What is the correct proxy URL and port?
2. Does the proxy require authentication? What type (Basic, NTLM, Kerberos)?
3. Is GitHub/GitLab/Bitbucket on the allowed list?
4. Does the proxy support the HTTP CONNECT method for port 443?
5. Is there a PAC (Proxy Auto-Configuration) file that should be used?
6. Are there specific proxy settings for developer tools?
Some corporate environments have separate proxies for development traffic or require VPN for Git access.
### Understanding the HTTP CONNECT Method
When Git accesses an HTTPS URL through a proxy, the communication flow is:
1. Git connects to proxy on configured port (e.g., 8080)
2. Git sends: CONNECT github.com:443 HTTP/1.1
3. Proxy validates request and (optionally) authenticates user
4. Proxy connects to github.com:443
5. Proxy responds: HTTP/1.1 200 Connection established
6. Proxy relays all subsequent traffic (TLS handshake, Git protocol)
"Proxy CONNECT aborted" means step 3, 4, or 5 failed - the proxy rejected or couldn't complete the tunnel.
### Proxy Authentication Types
Different proxy authentication methods require different configurations:
Basic Authentication:
git config --global http.proxy http://user:pass@proxy:8080NTLM Authentication (Windows domains):
Use cntlm as a local proxy:
# Install cntlm
# Configure /etc/cntlm.conf with domain credentials
# cntlm listens on localhost:3128
git config --global http.proxy http://localhost:3128Kerberos Authentication:
# Ensure valid Kerberos ticket
kinit [email protected]
# Use proxy with negotiate authentication
# May need curl compiled with GSSAPI support### SOCKS Proxy Support
Git can use SOCKS proxies if libcurl was built with SOCKS support:
# SOCKS5 proxy
git config --global http.proxy socks5://proxy:1080
# SOCKS5h (proxy does DNS resolution)
git config --global http.proxy socks5h://proxy:1080Note: Git for Windows may not support SOCKS proxies depending on how curl was compiled. Check with:
curl --version | grep -i socks### PAC File Support
Proxy Auto-Configuration (PAC) files are not directly supported by Git. You have two options:
1. Manually extract proxy URL from PAC file for GitHub:
// Look for rules matching *.github.com in the PAC file
if (dnsDomainIs(host, "github.com"))
return "PROXY proxy.company.com:8080";2. Use a local proxy that understands PAC files:
# Install px (Python-based proxy supporting PAC)
pip install px-proxy
px --pac=http://proxy.company.com/proxy.pac
git config --global http.proxy http://localhost:3128### libcurl Version Issues
Some versions of libcurl have specific proxy-related bugs:
- libcurl 7.55.0+: Changed non-blocking CONNECT behavior, causing issues with some proxies
- libcurl 7.66.0: Fixed several proxy authentication issues
Check your curl version:
curl --version
git --versionIf you suspect a curl bug, try upgrading Git (which includes updated curl on Windows) or updating libcurl on Linux.
### Environment Variable Priority
Git respects environment variables in this order:
1. git config http.proxy (highest priority)
2. https_proxy / HTTPS_PROXY (for HTTPS URLs)
3. http_proxy / HTTP_PROXY (fallback)
4. all_proxy / ALL_PROXY (catch-all)
NO_PROXY / no_proxy excludes hosts from proxy use:
export NO_PROXY="localhost,127.0.0.1,.internal.company.com"### Windows-Specific Issues
Credential Manager conflicts:
# Check if credential manager has cached bad proxy credentials
git credential-manager-core erase
protocol=http
host=proxy.company.com
# Or clear Windows credentials
# Control Panel > Credential Manager > Windows CredentialsCorporate proxy with auto-detect:
# Check Windows proxy settings
netsh winhttp show proxy
# Import from Internet Explorer settings
netsh winhttp import proxy source=ie### CI/CD Pipeline Configuration
For CI/CD systems behind proxies:
# GitHub Actions
env:
HTTP_PROXY: http://proxy.company.com:8080
HTTPS_PROXY: http://proxy.company.com:8080
NO_PROXY: localhost,127.0.0.1
# GitLab CI
variables:
HTTP_PROXY: "http://proxy.company.com:8080"
HTTPS_PROXY: "http://proxy.company.com:8080"
GIT_SSL_NO_VERIFY: "1" # Only if SSL inspection is used
# Jenkins (in Jenkinsfile)
environment {
HTTP_PROXY = 'http://proxy.company.com:8080'
HTTPS_PROXY = 'http://proxy.company.com:8080'
}kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git