Proxy environment variables let cURL inherit the same outbound path across ad hoc commands, shell scripts, CI runners, and interactive shells. That keeps proxy policy out of individual command lines, reduces copy-and-paste drift, and makes it easier to switch between direct and proxied traffic without rewriting every request.

When cURL starts a transfer, it checks proxy variables that match the URL scheme. http_proxy is used for HTTP URLs, https_proxy is used for HTTPS URLs, ALL_PROXY provides a fallback when no scheme-specific variable is set, and NO_PROXY excludes hosts, domains, or IP ranges that must stay direct.

Because these variables affect every matching cURL invocation in the current shell, narrow values and explicit bypass lists matter. The examples below use masked proxy hostnames, service paths, and credential names that preserve the shape of a production setup without exposing live infrastructure values. Keep NO_PROXY entries exact, remember that command-line options or ~/.curlrc can still change the final behavior, and verify routing with --verbose before persisting the settings to shell startup files or automation.

Related: How to use HTTP and SOCKS proxies with cURL
Related: How to authenticate to an HTTP proxy with cURL
Related: How to force proxy CONNECT tunneling with cURL

Steps to use proxy environment variables with cURL:

  1. Check the current environment for inherited proxy settings before exporting new values. 
    $ env | grep -iE '^(http|https|all|no)_proxy='
http_proxy=http://legacy-proxy.corp.example:3128
NO_PROXY=localhost,127.0.0.1,::1,.svc.corp.example

    Login profiles, wrapper scripts, and CI runners can inject proxy variables before the shell prompt appears.

  2. Export the session proxy values that cURL should use for HTTP and HTTPS requests. 
    $ export http_proxy="http://proxy-gw.corp.example:3128"
$ export https_proxy="http://proxy-gw.corp.example:3128"

    Use lowercase http_proxy for HTTP; uppercase HTTP_PROXY is ignored by curl.

  3. Add an ALL_PROXY fallback only when one proxy should cover protocols without their own variables. 
    $ export ALL_PROXY="socks5h://proxy-gw.corp.example:1080"

    Scheme-specific variables override ALL_PROXY, and socks5h:// keeps hostname resolution on the proxy.

  4. Define a narrow NO_PROXY list for hosts, domains, and IP ranges that must bypass the proxy. 
    $ export NO_PROXY="localhost,127.0.0.1,::1,.svc.corp.example,10.42.0.0/16"

    CIDR entries in NO_PROXY require curl 7.86.0 or newer.

    NO_PROXY bypasses proxy use even when a proxy is configured, so keep exclusions exact.

  5. Probe the active HTTP proxy variable with a short verbose request before pointing cURL at the real proxy. 
    $ http_proxy="http://127.0.0.1:9" curl --verbose --max-time 2 http://example.com/
* Uses proxy env variable http_proxy == 'http://127.0.0.1:9'
*   Trying 127.0.0.1:9...
* Failed to connect to 127.0.0.1 port 9 after 0 ms: Couldn't connect to server
curl: (7) Failed to connect to 127.0.0.1 port 9 after 0 ms: Couldn't connect to server

    The connection failure is expected here; the important line is the proxy variable that curl reports before it connects.

  6. Verify that a bypass target stays direct by testing a host covered by NO_PROXY. 
    $ http_proxy="http://127.0.0.1:9" NO_PROXY="127.0.0.1" curl --verbose --max-time 2 http://127.0.0.1:18080/health
* Uses proxy env variable NO_PROXY == '127.0.0.1'
*   Trying 127.0.0.1:18080...
* Connected to 127.0.0.1 (127.0.0.1) port 18080
> GET /health HTTP/1.1
< HTTP/1.0 200 OK
{"status":"healthy","service":"edge-probe"}

    Replace the loopback endpoint with the internal readiness URL, metadata service, or local daemon check that must never traverse the proxy.

  7. Keep proxy credentials scoped to one request when authentication or a temporary override is required. 
    $ http_proxy="http://svc_ci_proxy:${PROXY_PASS}@proxy-gw.corp.example:3128" \
  https_proxy="http://svc_ci_proxy:${PROXY_PASS}@proxy-gw.corp.example:3128" \
  curl --silent https://api.internal.example.net/v1/health
{"status":"healthy","service":"billing-api"}

    Proxy credentials supplied directly on the command line or expanded from shell variables still reach child processes and logs, so prefer a secret store or a short-lived shell when possible.

  8. Persist the variables in the shell startup file only after the verbose checks match the intended route. 
    $ cat <<'EOF' >> ~/.bashrc
export http_proxy="http://proxy-gw.corp.example:3128"
export https_proxy="http://proxy-gw.corp.example:3128"
export ALL_PROXY="socks5h://proxy-gw.corp.example:1080"
export NO_PROXY="localhost,127.0.0.1,::1,.svc.corp.example,10.42.0.0/16"
EOF

    Use ~/.zshrc instead of ~/.bashrc when zsh owns the interactive shell.

  9. Clear the session variables when the proxy should no longer affect subsequent cURL commands. 
    $ unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY ALL_PROXY all_proxy NO_PROXY no_proxy

    Removing both uppercase and lowercase names prevents an older export from quietly taking effect in later shells or scripts.