Every developer can relate to trying to install a Python package behind a company proxy only to cause pip to continuously throw connection errors. It doesn’t matter if it’s because of company network limitations or a proxy configuration error, fighting pip behind a proxy can become a daunting experience rather quickly.
The good news is that most issues are straightforward to get around presuming you understand what is causing the misbehaving conduct. In this guide, we will share some of the most common mistakes users make when using pip with proxies, and how you can avoid them. Therefore, allowing your installations to run smoothly every time.
Forgetting to Specify the Proxy in pip Commands
One of the most common reasons installations fail is that you forgot to tell pip to use your proxy. When you don’t specify the proxy, pip tries to connect directly to PyPI or another package source, which won’t work if the network you’re connected to is behind a proxy and requires authentication to connect.
Typical signs consist of connection timeouts, “Cannot connect to proxy” errors and downloads stalling.
Quick fix:
Usage of the –proxy flag while installing a package, such as:
| pip install –proxy http://user:password@proxyserver:port package_name |
Another solution is to configure your proxy with something like HTTP_PROXY and HTTPS_PROXY so that you don’t have to keep typing it every time.
Using the Wrong Proxy Protocol (HTTP vs HTTPS vs SOCKS)
Another similarly common mistake is using the wrong protocol type. Proxies can run over HTTP, HTTPS, or SOCKS, and pip needs the right one to communicate correctly.
Furthermore, Pip may fail to securely connect, or return certificate errors, if you declare http:// for an HTTPS proxy. SOCKS proxies are more powerful, but pip doesn’t support them out of the box and you’ll need to use something like proxychains or torsocks to set it up.
How to avoid it:
- Confirm which proxy protocol your network uses before configuring pip.
- Use the correct prefix, such as https:// for secure proxies.
- Test your configuration with a simple installation command before releasing it in scripts or CI pipelines.
When you utilize the correct protocol, it allows you to avoid unnecessary troubleshooting as well as make sure that connections stay safe.
Storing Credentials Unsafely in Commands
Although it may be harmless to insert your username into the command line (i.e. –proxy http://user:pass@proxy:port), you are incurring a significant security risk. There are a number of different ways that all sorts of things can get access to these credentials including your shell’s history, process monitors and team logs.
Improved approaches:
- Rather than writing passwords in clear text, you can store credentials in environment variables.
- Store the proxy configuration in pip’s configuration file with adequate file permissions.
- Do not share code or Dockerfiles that contain proxy information.
Quick checklist:
✔ Use environment variables like HTTP_PROXY.
✔ Restrict access to .pip/pip.conf or pip.ini.
Χ Don’t hardcode credentials into commands or automation scripts.
These simple precautions help protect your network and maintain compliance with IT security policies.
Ignoring SSL Verification Issues
Proxies, generally corporate proxies, can sometimes influence SSL certificates. An error message you may see is:
| SSLError: certificate verify failed: unable to get local issuer certificate |
This is generally because your proxy intercepts the SSL connection and re-signs the SSL traffic using a custom certificate authority.
How to do it:
- Add the root CA certificate from your organization to the system or Python certificate store.
- If you’re unable to, use pip’s –trusted-host pypi.org –trusted-host files.pythonhosted.org options if necessary.
- You should NEVER disable SSL verification completely as this poses a security risk.
Following proper guidelines around SSL configuration will ensure data security and prevent attempts to install from failing in the future.
Forgetting Persistent Proxy Configuration
Another much lesser-known mistake no one knows about is defining the proxy only for a single session. When you run pip once successfully, then restart your terminal or if you’re in a virtual environment, pip will then fail again. That’s presumably because you didn’t set the proxy permanently.
If you’re wondering how to set pip with a proxy permanently, there are two easy solutions.
1. Use pip config:
➔ pip config set global.proxy http://user:pass@proxy:port
2. Set environment variables globally:
➔ export HTTP_PROXY=http://user:pass@proxy:port
➔ export HTTPS_PROXY=https://user:pass@proxy:port
With the help of this setup, you won’t need to re-enter proxy details every time you use pip. Plus, it allows you to save time, reduce errors and make sure there is consistency across all the environments.
Final Thoughts
It is not that difficult to configure your pip to work, especially when you have an understanding of the common mistakes and how to avoid them. Moreover, when you use the correct proxy, secure credentials and keep the setup consistent, you can avoid errors and guarantee a fast, secure and more reliable Python package installation.