How to use an HTTPS proxy for Linux terminal applications

Routing terminal traffic through an HTTPS-capable proxy keeps outbound commands on the expected network path when direct access is filtered, inspected, or logged. Setting the proxy in the shell is the quickest way to make one terminal session follow that path without rewriting every command line.

Proxy-aware Linux clients usually read http_proxy for plain HTTP URLs and https_proxy for HTTPS URLs. When https_proxy points to a proxy URL such as http://proxy.example.net:8888, the client connects to that proxy first and then opens a CONNECT tunnel to the remote HTTPS server through it.

The steps below scope the change to the current shell session so only commands launched from that terminal inherit it. Add no_proxy only for destinations that are explicitly allowed to bypass the proxy, and use the shell-specific Bash or Zsh guides when the same proxy should load automatically in new terminals.

Related: How to set proxy environment variable in Bash
Related: How to set proxy environment variable in zsh
Related: How to create an SSH SOCKS proxy
Related: How to unset an environment variable in Linux

Steps to use an HTTPS proxy for Linux terminal applications:

  1. Record the proxy URL in the form http://proxy.example.net:8888 before exporting it into the shell.

    Use an https:// proxy URL only when the proxy listener itself expects TLS. Most HTTPS request flows still use an http:// proxy URL because the client creates an HTTP CONNECT tunnel through that proxy.

  2. Export the proxy for the current shell session. Add no_proxy only when approved hosts or domains must stay direct. 
    $ export https_proxy=http://proxy.example.net:8888
$ export no_proxy=localhost,127.0.0.1,.example.internal

    If proxy authentication is required, avoid typing credentials directly into reusable shell history or startup files unless that exposure is acceptable.

  3. Verify that an HTTPS request now opens a proxy tunnel instead of connecting to the destination directly. 
    $ curl -vI https://example.com
* Uses proxy env variable https_proxy == 'http://proxy.example.net:8888'
*   Trying 203.0.113.10:8888...
* Connected to proxy.example.net (203.0.113.10) port 8888
* CONNECT tunnel: HTTP/1.1 negotiated
* Establish HTTP proxy tunnel to example.com:443
> CONNECT example.com:443 HTTP/1.1
< HTTP/1.1 200 Connection established
HTTP/2 200

    The decisive lines are the https_proxy value, the connection to the proxy host, and the CONNECT example.com:443 tunnel request.

  4. Run the same check with another proxy-aware client when the workflow depends on more than curl. 
    $ wget -S --spider https://example.com/
Spider mode enabled. Check if remote file exists.
Connecting to proxy.example.net:8888... connected.
Proxy request sent, awaiting response...
  HTTP/1.1 200 OK
Remote file exists.

    If the request still connects straight to the target host, that client may ignore shell proxy variables or may be using its own config file instead of the current shell environment.

    Use How to unset an environment variable in Linux when the proxy should stop affecting later commands, or use How to set proxy environment variable in Bash or How to set proxy environment variable in zsh when the same value should load automatically in future shells.