CI Proxy Errors - "Received HTTP code 403/407 from proxy"
A request that goes through an HTTP proxy failed at the proxy itself. A 407 means the proxy demands authentication; a 403 means it refused the request; a timeout means the proxy was unreachable or slow.
What this error means
Network steps fail with Received HTTP code 407 from proxy after CONNECT, 403 Forbidden from the proxy, or proxy connect timeouts. The remote host is fine - the proxy in the middle rejected or dropped the request.
curl: (56) Received HTTP code 407 from proxy after CONNECT
# or
Unable to connect to proxy: Connection timed outCommon causes
Missing or wrong proxy authentication
A 407 means the proxy requires credentials. If HTTPS_PROXY lacks the user:pass@ part, or the credentials are wrong, every CONNECT is rejected.
Proxy variables misconfigured or unreachable
A wrong proxy host/port, a missing NO_PROXY exclusion for internal hosts, or a transiently unreachable proxy causes 403s and connect timeouts.
How to fix it
Inspect the proxy environment
See exactly what proxy settings the tools are using.
env | grep -i -E 'proxy'
# expected shape:
# HTTPS_PROXY=http://user:pass@proxy.internal:8080
# NO_PROXY=localhost,127.0.0.1,.internalFix auth and exclusions
- Include credentials in the proxy URL or supply them where the tool expects.
- Add internal/registry hosts to
NO_PROXYso they bypass the proxy. - Confirm the proxy host/port is reachable; retry if it was a transient blip.
How to prevent it
- Set proxy and
NO_PROXYvariables consistently for all tools. - Store proxy credentials as secrets, not inline in logs.
- Bypass the proxy for internal mirrors and registries.