Iranian developers regularly face strict restrictions: GitHub blocks accounts, npm packages fail to install, and PyPI returns connection errors. All of this is a consequence of sanctions that cut entire countries off from the basic development infrastructure. If you are working from Iran or hiring Iranian specialists, this article will provide you with a concrete solution β without fluff and theory.
What exactly is blocked and why
U.S. sanctions against Iran extend not only to financial operations but also to technology services. Companies subject to U.S. jurisdiction (which includes almost the entire stack of modern development) are required to restrict access to users from sanctioned countries. As a result, Iranian developers face the following issues:
- GitHub β blocks accounts, repositories become inaccessible, Actions do not run, Copilot does not work.
- npm (npmjs.com) β attempting to install packages via
npm installresults in connection errors or outright access denial. - PyPI (pypi.org) β
pip installhangs or returns a 403 error. - Docker Hub β pulling images is blocked.
- Cloudflare, AWS, Azure, Google Cloud β some services are unavailable or unstable.
- Stack Overflow, JetBrains, VS Code Marketplace β periodic IP-level blocks.
Blocking occurs at the IP address level: if your IP belongs to an Iranian provider (AS numbers IRANCELL, Shatel, MCI, and others), the request is automatically rejected even before the account is checked. This is why using a VPN or a proxy with an IP from another country is not just a workaround, but the only effective way to access development infrastructure.
It is important to understand:
Proxies and VPNs solve the problem at different levels. A VPN redirects all system traffic β convenient for browsers, but inconvenient for command-line tools (git, npm, pip), where precise configuration is needed. A proxy allows you to configure bypassing sanctions only for a specific tool, without affecting other traffic.
Which type of proxy is suitable for development
For developer tasks β working with repositories, installing packages, CI/CD β connection stability, speed, and IP cleanliness are crucial. Let's examine three main types of proxies and how they fit specific scenarios.
Residential Proxies
Residential proxies use real IP addresses from home users in different countries. This is critically important for GitHub: the platform analyzes not only the geolocation of the IP but also its reputation. An IP from a data center raises suspicion, while a home IP from the U.S. or Europe is perceived as a regular user. Residential proxies are the most reliable option for working with GitHub accounts on a regular basis.
Data Center Proxies
Data center proxies are fast and cheap. They are well-suited for installing packages via npm and pip: PyPI and npmjs.com do not check IP reputation as strictly as GitHub. If you just need to download dependencies in a CI/CD pipeline, a data center proxy will do the job and be cheaper.
Mobile Proxies
Mobile proxies use IPs from mobile operators (4G/5G). This is the "cleanest" type of IP from the perspective of anti-fraud systems: thousands of real users are behind one mobile IP, making it unprofitable to block. Mobile proxies are relevant if you have already faced issues with your GitHub account being blocked and want to minimize the risk of re-blocking.
Setting up a proxy for GitHub
GitHub uses two protocols for working with repositories: HTTPS and SSH. The proxy setup is different for each. Let's consider both options.
Proxy for git over HTTPS
This is the most common way to work with GitHub. The setup is done through the git configuration. Open your terminal and execute:
# Setting up HTTP proxy for git (replace host, port, user, password with your details) git config --global http.proxy http://user:password@proxy-host:port git config --global https.proxy http://user:password@proxy-host:port # Checking the settings git config --global --get http.proxy # If the proxy does not require authentication: git config --global http.proxy http://proxy-host:port
After this setup, all commands git clone, git push, git pull will go through the proxy. If you need to set up the proxy only for GitHub and not for all repositories:
# Proxy only for github.com git config --global http.https://github.com.proxy http://user:password@proxy-host:port
Proxy for git over SSH
SSH connection to GitHub works through port 22 (or 443 as an alternative). To proxy SSH traffic, you can use the nc (netcat) or connect utility. Edit the ~/.ssh/config file:
Host github.com HostName github.com User git ProxyCommand nc -X connect -x proxy-host:port %h %p # Or for SOCKS5: # ProxyCommand nc -X 5 -x proxy-host:port %h %p
If you are using Windows, instead of nc, you can use connect.exe or set up ProxyCommand via PuTTY. On macOS and Linux, netcat is usually already installed.
Setting up environment variables
An alternative method is to use environment variables. They work not only for git but also for many other command-line tools:
# Linux / macOS β add to ~/.bashrc or ~/.zshrc export HTTP_PROXY="http://user:password@proxy-host:port" export HTTPS_PROXY="http://user:password@proxy-host:port" export NO_PROXY="localhost,127.0.0.1" # Windows (PowerShell) $env:HTTP_PROXY = "http://user:password@proxy-host:port" $env:HTTPS_PROXY = "http://user:password@proxy-host:port"
Setting up a proxy for npm and Node.js
npm has built-in support for proxies. The setup takes literally one command and is immediately applied to all package installation operations. This is especially important for Iranian developers working with the JavaScript/TypeScript stack: React, Vue, Angular, Next.js β all of them actively use npmjs.com.
# Setting up a proxy for npm npm config set proxy http://user:password@proxy-host:port npm config set https-proxy http://user:password@proxy-host:port # Checking the current configuration npm config get proxy npm config get https-proxy # Disabling the proxy (if you need to revert to a direct connection) npm config delete proxy npm config delete https-proxy
The settings are saved in the ~/.npmrc file. You can also edit this file directly:
# Contents of ~/.npmrc proxy=http://user:password@proxy-host:port https-proxy=http://user:password@proxy-host:port strict-ssl=false
Yarn and pnpm
If you are using Yarn or pnpm, the setup is similar:
# Yarn v1 yarn config set proxy http://user:password@proxy-host:port yarn config set https-proxy http://user:password@proxy-host:port # Yarn v2/v3 (Berry) β edit .yarnrc.yml # httpProxy: "http://user:password@proxy-host:port" # httpsProxy: "http://user:password@proxy-host:port" # pnpm pnpm config set proxy http://user:password@proxy-host:port pnpm config set https-proxy http://user:password@proxy-host:port
Tip for CI/CD:
If you are using GitHub Actions, GitLab CI, or another system, add the variables HTTP_PROXY and HTTPS_PROXY to the project secrets. This will allow all steps of the pipeline to automatically use the proxy.
Setting up a proxy for PyPI and pip
Python developers from Iran often face blocks on PyPI: pip uses HTTPS to download packages, and if the IP is blocked, the installation simply hangs or returns an error. There are several ways to set up a proxy for pip.
Method 1: --proxy flag during installation
# One-time installation via proxy pip install requests --proxy http://user:password@proxy-host:port # For pip3 pip3 install django --proxy http://user:password@proxy-host:port
Method 2: pip.conf configuration file
To avoid specifying the proxy with every command, add the settings to the pip configuration file:
# Linux/macOS: ~/.config/pip/pip.conf
# Windows: %APPDATA%\pip\pip.ini
[global]
proxy = http://user:password@proxy-host:port
trusted-host = pypi.org
pypi.python.org
files.pythonhosted.org
Method 3: Environment variables
# pip automatically picks up standard environment variables export HTTP_PROXY="http://user:password@proxy-host:port" export HTTPS_PROXY="http://user:password@proxy-host:port" # After this, a regular pip install works through the proxy pip install numpy pandas scikit-learn
Poetry and Conda
If you are using Poetry for dependency management, the proxy setup is done through environment variables β Poetry inherits HTTP_PROXY and HTTPS_PROXY automatically. For Conda, add to the ~/.condarc file:
# ~/.condarc proxy_servers: http: http://user:password@proxy-host:port https: http://user:password@proxy-host:port
Other Developer Tools: Docker, Composer, Maven
Blocks affect not only GitHub, npm, and PyPI. Let's consider setting up a proxy for other popular development tools that may also be inaccessible from Iran.
Docker
Docker Hub is blocked for Iranian IPs. To perform docker pull, configure the proxy in the Docker daemon configuration:
# Linux: create or edit /etc/docker/daemon.json
{
"proxies": {
"http-proxy": "http://user:password@proxy-host:port",
"https-proxy": "http://user:password@proxy-host:port",
"no-proxy": "localhost,127.0.0.1"
}
}
# Restart Docker
sudo systemctl restart docker
On macOS and Windows, the proxy setup for Docker Desktop is done through the graphical interface: Settings β Resources β Proxies.
Composer (PHP)
# Composer uses environment variables export HTTP_PROXY="http://user:password@proxy-host:port" export HTTPS_PROXY="http://user:password@proxy-host:port" # Or through Composer configuration composer config --global http-basic.repo.packagist.org user password
Maven (Java)
<!-- ~/.m2/settings.xml -->
<settings>
<proxies>
<proxy>
<id>my-proxy</id>
<active>true</active>
<protocol>http</protocol>
<host>proxy-host</host>
<port>port</port>
<username>user</username>
<password>password</password>
<nonProxyHosts>localhost|127.0.0.1</nonProxyHosts>
</proxy>
</proxies>
</settings>
Go modules
# Go uses GOPROXY to download modules # You can specify a mirror or configure a system proxy export GOPROXY="https://goproxy.io,direct" export HTTP_PROXY="http://user:password@proxy-host:port" export HTTPS_PROXY="http://user:password@proxy-host:port"
Security: how not to lose your GitHub account
Using a proxy solves the access problem but creates a new one: if you log into GitHub from different IP addresses (today from Iran, tomorrow through an American proxy, the day after tomorrow through a European one), GitHub's security system may block the account as suspicious. Hereβs how to avoid this.
IP Consistency Rule
Use the same proxy server for working with GitHub. If your proxy provider changes the IP with each connection (rotating proxies), this can raise suspicion. For GitHub, static proxies are the best fit β one IP that is assigned to you for a long period.
- Static residential proxy β one home IP from the U.S. or Europe assigned to you. Maximum reliability for GitHub.
- Rotating proxy β suitable for npm/pip (downloading packages) but not for logging into a GitHub account.
- Do not mix direct and proxy connections: either always use a proxy or never.
Two-Factor Authentication
Enable 2FA on GitHub β this will protect your account even if someone intercepts your credentials. Use an authenticator app (Google Authenticator, Authy) instead of SMS β SMS may be unavailable from Iran or work unreliably.
SSH Keys instead of Passwords
Set up SSH keys for working with GitHub instead of HTTPS password authentication. SSH keys are tied to the device rather than the IP, so changing the IP when using SSH is less critical for GitHub's security system.
Comparison of Proxy Types for Developers
Let's summarize in a table which type of proxy is best suited for specific tasks of an Iranian developer.
| Task | Residential | Data Center | Mobile |
|---|---|---|---|
| GitHub (account, push/pull) | β Excellent | β οΈ Risk of blocking | β Excellent |
| npm install (package installation) | β Good | β Excellent | β Good |
| pip install (PyPI) | β Good | β Excellent | β Good |
| Docker Hub (pulling images) | β Good | β Good | β οΈ Expensive |
| CI/CD pipelines (bulk requests) | β οΈ Expensive | β Excellent | β Not suitable |
| Connection speed | Average | High | Average |
| Risk of IP blocking | Low | Medium | Very low |
| Cost | Average | Low | High |
Recommended Strategy
Optimal scheme for a developer:
- For GitHub β a static residential proxy from the U.S. or Germany. One IP, always the same.
- For npm/pip/Docker β a data center proxy with good bandwidth. Speed is more important than IP reputation.
- For browsers and web services β the same residential proxy or a separate one.
Protocols: HTTP vs SOCKS5
Most development tools (git, npm, pip) support HTTP/HTTPS proxies. SOCKS5 is more versatile β it works at the TCP level and is suitable for any protocol, including SSH. If your proxy provider supports SOCKS5, use it for SSH connections to GitHub. For HTTP traffic (npm, pip), there is practically no difference.
Conclusion and Recommendations
Sanctions create real obstacles for Iranian developers, but they do not make work impossible. A properly configured proxy allows full access to GitHub, installation of packages via npm and pip, pulling images from Docker Hub β without losing accounts and without constant blocks.
Key takeaways from the article:
- For working with GitHub, use a static residential proxy β one permanent IP from the U.S. or Europe.
- For package installations (npm, pip, Composer), cheaper data center proxies with good speed will suffice.
- Set up the proxy at the tool level (
git config,npm config,pip.conf), not just at the system level. - Do not mix direct connections and proxies for one GitHub account.
- Enable 2FA and use SSH keys for maximum account security.
If you are looking for a reliable solution for continuous work with GitHub and other blocked services, we recommend considering residential proxies β they provide stable access through real home IP addresses, which are rarely subject to blocks by GitHub and other platforms.