Linux Proxy Configuration: The Complete Guide to http_proxy, PAC, and System-Wide Settings (2026)

Linux Proxy Configuration: The Complete Guide to http_proxy, PAC, and System-Wide Settings (2026)

Sarah’s Networking Brief: Every corporate Linux box I have ever deployed sat behind a proxy. The first time I joined a company with strict egress filtering, I spent three hours debugging a broken apt update before realizing the machine had no proxy environment variables set. That experience taught me that proxy configuration is not optional infrastructure; it is the difference between a workstation that works and one that silently fails. This guide covers every proxy touchpoint on a modern Linux system, from system-wide environment variables to per-application overrides, so you never waste a morning chasing phantom network errors again.

What Are Linux Proxy Settings and Why Do They Matter

A proxy server sits between your Linux machine and the internet, forwarding requests on your behalf. On corporate networks, proxies are mandatory. They filter traffic, enforce content policies, cache frequently accessed resources, and log outbound connections for compliance. If your machine is on a managed network and you cannot reach apt update, docker pull, or git clone, the first thing I check is whether proxy environment variables are set.

Linux handles proxy configuration through environment variables. The three core variables are:

  • http_proxy routes HTTP traffic through the proxy
  • https_proxy routes HTTPS traffic through the proxy
  • no_proxy defines addresses that bypass the proxy entirely

Most command-line tools on Linux respect these variables automatically. curl, wget, apt, git, and docker all read them. The trick is knowing where to set them so they persist across reboots and apply to every session.

Pro Tip: Test your proxy settings immediately after setting them. Run curl -I and check the HTTP status code. If you get a 200, the proxy is working. If you get a connection refused or timeout, the proxy address or port is wrong. I have seen developers spend hours debugging package installs when a single curl test would have revealed the problem in seconds.

Set System-Wide Proxy on Ubuntu, Fedora, and Arch

The most reliable way to apply proxy settings across all users and all sessions is through /etc/environment. This file is read by the PAM stack at login, which means every desktop session, every SSH connection, and every cron job picks up the variables.

Open the file with root privileges and append your proxy variables:

fosslinux@ubuntu:~$ sudo nano /etc/environment

# Add these lines at the end of the file:
http_proxy=
https_proxy=
no_proxy=localhost,127.0.0.1,192.168.0.0/16,10.0.0.0/8

Save the file and verify the current contents:

fosslinux@ubuntu:~$ cat /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
http_proxy=
https_proxy=
no_proxy=localhost,127.0.0.1,192.168.0.0/16,10.0.0.0/8

Load the variables into your current shell session without rebooting:

fosslinux@ubuntu:~$ source /etc/environment
fosslinux@ubuntu:~$ echo $http_proxy


fosslinux@ubuntu:ubuntu:~$ echo $https_proxy


fosslinux@ubuntu:~$ echo $no_proxy
localhost,127.0.0.1,192.168.0.0/16,10.0.0.0/8

For per-user proxy settings that do not affect other users on the same machine, add the export statements to ~/.bashrc or ~/.profile instead:

fosslinux@ubuntu:~$ echo 'export http_proxy= >> ~/.bashrc
fosslinux@ubuntu:~$ echo 'export https_proxy= >> ~/.bashrc
fosslinux@ubuntu:~$ source ~/.bashrc

Insight: The no_proxy variable is not optional. Without it, every connection to your local development server, database, or internal API gets routed through the proxy. I once watched a developer chase a mysterious 502 error for an hour before we realized no_proxy was missing and the proxy was rejecting internal traffic. Always include your local subnets in no_proxy.

Configure Proxy for APT, DNF, and Pacman Package Managers

Package managers are the most common place where proxy misconfigurations cause problems. Each distribution handles proxy configuration differently.

APT Proxy on Ubuntu and Debian

APT reads proxy settings from configuration files in /etc/apt/apt.conf.d/. Create a dedicated proxy configuration file:

fosslinux@ubuntu:~$ sudo tee /etc/apt/apt.conf.d/95proxies << 'EOF'
Acquire::http::Proxy "
Acquire::https::Proxy "
Acquire::ftp::Proxy "
EOF

fosslinux@ubuntu:~$ cat /etc/apt/apt.conf.d/95proxies
Acquire::http::Proxy "
Acquire::https::Proxy "
Acquire::ftp::Proxy "

The trailing slash after the port number is required. Without it, APT throws a parse error. I have seen this mistake in every corporate environment I have worked in.

DNF Proxy on Fedora and RHEL

DNF reads proxy settings from /etc/dnf/dnf.conf. Add the proxy directives under the [main] section:

fosslinux@fedora:~$ sudo tee -a /etc/dnf/dnf.conf << 'EOF'
proxy=
proxy_username=proxyuser
proxy_password=proxypass
EOF

DNF also respects the standard http_proxy and https_proxy environment variables, so if you have already set those in /etc/environment, DNF will pick them up without additional configuration. The /etc/dnf/dnf.conf approach is useful when you need different proxy credentials for package management than for general traffic.

Pacman Proxy on Arch Linux and CachyOS

Pacman does not have a built-in proxy configuration directive. Instead, it relies on environment variables. Set http_proxy and https_proxy before running Pacman, or configure them system-wide in /etc/environment. For the XferCommand in /etc/pacman.conf, you can pass proxy flags to wget or curl:

fosslinux@arch:~$ grep -A2 'XferCommand' /etc/pacman.conf
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
XferCommand = /usr/bin/curl -L -C - -o %o %u --proxy 

Why It Matters: If you skip the APT or DNF proxy configuration and rely only on environment variables, you will hit failures during unattended upgrades and cron-based package refreshes. These automated tasks often run in minimal environments where /etc/environment may not be sourced. The package-manager-specific configuration files are the only reliable path for automated operations.

Configure Proxy for Git, Docker, curl, and wget

Individual applications have their own proxy configuration mechanisms. Some read environment variables; others need explicit configuration.

Git Proxy Settings

Git supports per-protocol proxy configuration through git config. Set the proxy for HTTP and HTTPS separately:

fosslinux@ubuntu:~$ git config --global http.proxy 
fosslinux@ubuntu:~$ git config --global https.proxy 

fosslinux@ubuntu:~$ git config --global --list | grep proxy
http.proxy=
https.proxy=

To remove the proxy configuration later:

fosslinux@ubuntu:~$ git config --global --unset http.proxy
fosslinux@ubuntu:~$ git config --global --unset https.proxy

Docker Proxy Settings

Docker requires proxy configuration in ~/.docker/config.json. This controls proxy behavior for docker pull, docker push, and docker build operations:

fosslinux@ubuntu:~$ mkdir -p ~/.docker
fosslinux@ubuntu:~$ cat > ~/.docker/config.json << 'EOF'
{
  "proxies": {
    "default": {
      "httpProxy": "
      "httpsProxy": "
      "noProxy": "localhost,127.0.0.1,192.168.0.0/16"
    }
  }
}
EOF

fosslinux@ubuntu:~$ cat ~/.docker/config.json
{
  "proxies": {
    "default": {
      "httpProxy": "
      "httpsProxy": "
      "noProxy": "localhost,127.0.0.1,192.168.0.0/16"
    }
  }
}

For Docker daemon-level proxy configuration (affecting all containers on the host), create a systemd override directory and set the environment variables there:

fosslinux@ubuntu:~$ sudo mkdir -p /etc/systemd/system/docker.service.d
fosslinux@ubuntu:~$ sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf << 'EOF'
[Service]
Environment="HTTP_PROXY=
Environment="HTTPS_PROXY=
Environment="NO_PROXY=localhost,127.0.0.1,192.168.0.0/16"
EOF

fosslinux@ubuntu:~$ sudo systemctl daemon-reload
fosslinux@ubuntu:~$ sudo systemctl restart docker

curl and wget

Both curl and wget respect the standard http_proxy and https_proxy environment variables automatically. No additional configuration is needed if the variables are set in /etc/environment. For one-off tests, curl accepts the -x flag to specify a proxy explicitly:

fosslinux@ubuntu:~$ curl -x  -I 
HTTP/1.1 200 OK
Date: Wed, 09 Jul 2026 04:12:33 GMT
Server: example.com
Content-Type: text/html; charset=UTF-8

Worth Knowing: The Docker daemon proxy configuration and the Docker client proxy configuration are separate things. The client config in ~/.docker/config.json affects docker pull from your workstation. The systemd override affects containers running on the Docker daemon. If your builds fail inside containers but docker pull works fine, you need the daemon-level configuration, not the client config.

Proxychains-ng: Per-Application Proxy Routing on Linux

Linux does not natively parse PAC files the way Windows does. If your corporate network distributes proxy settings through a PAC file, you need to extract the proxy address manually and configure it using environment variables or proxychains-ng.

proxychains-ng is the Linux-native tool for routing individual applications through a proxy without affecting system-wide traffic. Install it from your distribution repositories:

fosslinux@ubuntu:~$ sudo apt install -y proxychains4
Reading package lists... Done
Building dependency tree... Done
The following additional packages will be installed:
  libproxychains4
The following NEW packages will be installed:
  libproxychains4 proxychains4
0 upgraded, 2 newly installed, 0 to remove and 29 not upgraded.
...
Setting up proxychains4 (4.17-3build1) ...

Configure the proxy list in /etc/proxychains4.conf:

fosslinux@ubuntu:~$ sudo tee /etc/proxychains4.conf << 'EOF'
# proxychains4 configuration
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
http 192.168.1.100 8080
EOF

The strict_chain option routes all traffic through the proxies in order. The proxy_dns option resolves DNS through the proxy, preventing DNS leaks. Test it by running any command through proxychains4:

fosslinux@ubuntu:~$ proxychains4 curl -s  | head -5
[proxychains] Strict chain ...  192.168.1.100:8080  ...  example.com:80  ...  OK



Example Domain


Proxy vs VPN: When to Use Each

A proxy routes traffic at the application layer. Each application that needs proxy access must be configured individually, or you must set environment variables that the application respects. A VPN routes all traffic at the kernel level through a virtual network interface. Every packet from every application goes through the tunnel.

Use a proxy when you need selective routing. I run both on my daily workflow: WireGuard handles my primary tunnel for all traffic when I am on untrusted networks. Squid runs as a forward proxy for selective traffic shaping. When I need to route only my research tools through a specific egress point, I configure them to use the proxy while my video calls and messaging apps bypass it entirely.

Use a VPN when you need full-system encryption. If every byte leaving your device must pass through a secure tunnel, a VPN is the correct choice. The 2026 landscape has blurred some of these lines. Modern proxies like Squid 6.14 support SSL bumping for traffic inspection, while VPN protocols like WireGuard have become lightweight enough to run alongside proxies without noticeable performance impact.

How to Troubleshoot Common Proxy Configuration Problems

Most proxy failures fall into three categories: DNS resolution through the proxy, HTTPS certificate issues, and environment variable propagation.

If curl works but apt update fails, the proxy environment variables are probably not reaching the APT process. Check whether /etc/apt/apt.conf.d/95proxies exists and has the correct syntax. A missing trailing slash after the port number in the proxy URL is the most common cause of APT proxy failures.

If HTTPS connections fail with certificate errors, the proxy may be performing SSL inspection. In that case, you need to import the proxy CA certificate into your system trust store. On Ubuntu and Fedora:

fosslinux@ubuntu:~$ sudo cp proxy-ca.crt /usr/local/share/ca-certificates/
fosslinux@ubuntu:~$ sudo update-ca-certificates

For debugging, use curl -v to see exactly which proxy is being contacted and what response it returns:

fosslinux@ubuntu:~$ curl -v -x  
* Trying 192.168.1.100:8080...
* Connected to proxy.example.com (192.168.1.100) port 8080
> GET / HTTP/1.1
> Host: example.com
> Proxy-Connection: Keep-Alive
< HTTP/1.1 200 OK
< Content-Type: text/html

Frequently Asked Questions

How do I check if proxy environment variables are set

Run env | grep -i proxy to list all active proxy variables. If no output appears, the variables are not set in your current session. Check /etc/environment for system-wide settings or ~/.bashrc for per-user settings.

Why does my proxy work in the terminal but not in GUI applications

GUI applications launched from a desktop environment do not always inherit shell environment variables. If you set proxy variables in ~/.bashrc, they only apply to terminal sessions. For GUI applications, set the variables in /etc/environment or use the desktop environment’s network settings panel. On GNOME, go to Settings, Network, Network Proxy. On KDE, go to System Settings, Connections, Proxies.

How do I use a proxy with SSH

SSH does not use http_proxy or https_proxy. For HTTP proxy tunneling through SSH, use proxychains-ng or configure an SSH proxy command with ncat. For direct SOCKS proxy support, use ssh -o ProxyCommand='ncat --proxy proxy.example.com:8080 --proxy-type http %h %p'.

Can I use a PAC file on Linux

Linux does not natively parse PAC files. Extract the proxy address and port from the PAC file manually, then configure it using environment variables or proxychains-ng. Some desktop environments like GNOME have limited PAC support through their network settings panels, but it is unreliable across distributions.

How do I remove proxy settings

Remove the proxy lines from /etc/environment and run source /etc/environment or reboot. For per-user settings, remove the export lines from ~/.bashrc and run source ~/.bashrc. For APT, delete /etc/apt/apt.conf.d/95proxies. For Git, run git config --global --unset http.proxy and git config --global --unset https.proxy.

Conclusion

Proxy configuration on Linux is straightforward once you know the three layers: system-wide environment variables in /etc/environment, package-manager-specific configs for APT and DNF, and per-application settings for Git and Docker. The no_proxy variable is the piece most people forget, and it causes the most frustrating debugging sessions. Set it early, test with curl, and you will never waste a morning chasing phantom network errors again.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *