How to use Git and Github for Windows from within a Windows auth proxy network.

If you work at a company where you need to type in your user id to access sites on the internet and when you want to use git to push to a repository on the internet and it just hangs. This post may help you out.

While git is a nice distributed version control system (dvcs), it was not written for windows.  A side effect of this fact is that it does support using proxy servers. But it really only supports using the kinds of proxy servers one would find in environments with non windows machines.  So, this is a case, were a little ingenuity goes a long way.  I credit Matt Hinze for figuring all of this out. Now it is standard practice when we need to connect to remote git repositories.

In order to make git access repositories on the internet through a windows auth proxy server we need to add a local proxy and configure git to use the local proxy.  This local proxy takes care of all the authentication so that git just works with the proxy and the proxy relays the data through the tightly controlled corporate proxy server.  Lets look at a diagram of how this works.

image

The light blue box represents your machine/workstation; the red box is the corporate network; the green box represents the internet. Since git cannot send ntlm credentials to the proxy, the network traffic just dies at the proxy.  With the local ntlmmapps proxy, git can communicate to it without having to send the username and password, and the ntlmmapps proxy adds that information so the corporate ntml proxy gets it’s credentials and passes the network traffic through to github.com.

To configure this its pretty simple.

  1. Download and unzip the ntmlmaps script & install python for windows (15 MB download).
  2. Open up the server.cfg in notepad and enter the values for your proxy and network.
    1. PARENT_PROXY:
    2. PARENT_PROXY_PORT:
    3. NT_DOMAIN:
    4. USER:
    5. PASSWORD:  (leave this blank, you can enter it when the proxy starts up)
    6. LISTEN_PORT:5865 ( remember this number you need it to configure git)
  3. Open the runserver.bat file in notepad and change the following line from
    before: “c:\program files\python\python.exe” main.py
    after: C:\Python27python.exe main.py
  4. run the runserver.bat ( probably need to run it as administrator)
  5. type in your password
  6. configure git in a command line.
    1. git config –global http.proxy http://localhost:58665

Your done, this should now push all the git commands through your local proxy which will authenticate the network calls and pass through the git commands.

Follow me on RSS and Twitter

Related Articles:

Post Footer automatically generated by Add Post Footer Plugin for wordpress.

About Eric Hexter

I am the CTO for QuarterSpot. I (co)Founded MvcContrib, Should, Solution Factory, and Pstrami open source projects. I have co-authored MVC 2 in Action, MVC3 in Action, and MVC 4 in Action. I co-founded online events like mvcConf, aspConf, and Community for MVC. I am also a Microsoft MVP in ASP.Net.
This entry was posted in CodeProject, GIT, Tools. Bookmark the permalink. Follow any comments here with the RSS feed for this post.
  • Rob

    Any reason you linked directly an older version of ntlmaps?

    • erichexter

      That one has been working for us. At some point someone tried a differnet version that did not work. So, I am sticking with that version until we upgrade and determine if the lastest works.

      • Rob

        The latest version bundles Python which is nice–saves a download.

        I wasn’t able to get either version to work, sadly. I was still getting a 407 even though my local proxy was configured and running.

        I was able to manually specify my proxy with creds in my git config (http://stackoverflow.com/questions/783811/getting-git-to-work-with-a-proxy-server) and I also needed to specify our corporate certificate. It worked after that. The downside is, of course, I need to store my creds in the git config.

        Still…helpful article! Got me on the right path toward a solution :)

  • xelibrion

    Hi Eric

    We use cntlm proxy http://cntlm.sourceforge.net, does not require python and works like a charm.

  • http://twitter.com/srkenny Sean Kenny

    Hi Eric.  Thanks for this.  Worked for me all right.  Just needed to change “after: C:Python27python.exe main.py” to “after: C:Python27python.exe main.py” and “git config –global http.proxy http://localhost:58665″ to “git config –global http.proxy http://localhost:5865″.

    • Leem

      Thanks Sean, these changes worked for me.