The curl command in Linux is a versatile tool to transfer data to and from servers using URLs. It supports protocols like HTTP, HTTPS, FTP, and more. With curl, you can download files, test APIs, send headers, authenticate, follow redirects, and automate network tasks directly from the terminal with script friendly options.
If you work with Linux servers, web hosting, or APIs, learning the curl command in Linux is essential. It’s fast, scriptable, and perfect for troubleshooting websites, verifying SSL, and interacting with REST endpoints. In this guide, you’ll learn what curl is, how to install it, and real world curl examples used every day by sysadmins and developers.
What is the curl Command in Linux?
curl (Client URL) is a command line utility built on the libcurl library that transfers data using URLs. It supports HTTP/S, FTP/S, SFTP, SCP, SMTP, IMAP, and more.
Unlike browsers, curl runs non interactively, making it ideal for automation, API testing, CI/CD pipelines, and server diagnostics. It’s available on most Linux distributions by default.
How to Install curl on Linux
Most Linux distributions ship with curl. Check your version first:
curl --versionIf it’s missing, install using your package manager:
- Ubuntu/Debian:
sudo apt update && sudo apt install curl - RHEL/CentOS/Rocky/Alma:
sudo dnf install curlorsudo yuminstall curl - Fedora:
sudo dnf install curl - Arch:
sudo pacman -S curl - Alpine:
sudo apk add curl
Tip: On minimal servers, consider installing ca-certificates to avoid SSL errors with HTTPS URLs.
Basic curl Syntax and Common Options
General syntax:
curl [options] <URL>Useful curl options (memorize these first):
-I(or--head): Fetch only HTTP headers.-L: Follow redirects.-o file: Save to a file (custom name).-O: Save using the remote file name.-sand-S: Silent mode and show errors.-v/-vv: Verbose / extra verbose.-X: Specify HTTP method (GET, POST, PUT, DELETE).-H: Add custom header.--data/--data-raw/--data-binary: Send body data.-u: Basic auth (user:pass).--http2: Force HTTP/2.--compressed: Request compressed response.--retry: Retry transient failures.--max-time: Set a maximum total time for the transfer.
Essential curl Examples (Beginner to Intermediate)
1) Basic GET request
curl https://example.comThis prints the HTML body to the terminal.
2) Follow redirects
curl -L http://example.comUse -L when sites redirect from HTTP to HTTPS or to canonical URLs.
3) Download a file (save with same name)
curl -O https://example.com/file.zipUse uppercase -O to keep the server’s file name. Or specify your own:
curl -o backup.zip https://example.com/file.zip4) Resume an interrupted download
curl -C - -O https://example.com/large.isoThe -C - flag continues from where the previous download left off.
5) Show only response headers
curl -I https://example.comUseful for quickly checking HTTP status, cache headers, and server type.
6) Include request and response details (debug)
curl -v https://example.comUse -v or -vv for deeper troubleshooting, including SSL/TLS negotiation.
7) Send a custom header
curl -H "Accept: application/json" https://api.example.com/v1/statusMultiple headers can be added via multiple -H flags. This is common with REST APIs.
curl for APIs: JSON, POST, PUT, DELETE
Send JSON in a POST request
curl -X POST https://api.example.com/v1/users \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <TOKEN>" \
--data '{"name":"Alice","email":"alice@example.com"}'Use --data or --data-raw for JSON payloads. Always set Content-Type: application/json and authentication headers if required.
PUT (update) and DELETE examples
# Update a user
curl -X PUT https://api.example.com/v1/users/123 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <TOKEN>" \
--data '{"email":"new@example.com"}'
# Delete a user
curl -X DELETE https://api.example.com/v1/users/123 \
-H "Authorization: Bearer <TOKEN>"Form data and file uploads (multipart)
# Post form fields
curl -X POST https://example.com/form \
-H "Content-Type: application/x-www-form-urlencoded" \
--data "name=Alice&email=alice@example.com"
# Upload a file
curl -X POST https://api.example.com/v1/upload \
-H "Authorization: Bearer <TOKEN>" \
-F "file=@/path/to/report.pdf" \
-F "meta=quarterly"Use -F for multipart form uploads; curl automatically sets the correct boundary headers.
Authentication with curl (Basic, Bearer, Cookies)
HTTP Basic auth
curl -u "username:password" https://secure.example.com/endpointFor security, prefer tokens or environment variables rather than typing passwords directly. You can also use a .netrc file with proper permissions to store credentials.
Bearer tokens (API keys)
curl -H "Authorization: Bearer $API_TOKEN" https://api.example.com/v1/meSession cookies
# Save cookies during login
curl -c cookies.txt -X POST https://example.com/login \
-d "user=alice&pass=secret"
# Reuse cookies for subsequent requests
curl -b cookies.txt https://example.com/dashboardSSL/TLS, Certificates, and Proxies
curl performs certificate validation by default when using HTTPS. If you see SSL errors, ensure system CA bundles are installed or specify a custom CA.
# Use a custom CA certificate
curl --cacert /etc/ssl/certs/custom-ca.crt https://secure.example.com
# Client certificate (mutual TLS)
curl --cert client.crt --key client.key https://mtls.example.com
# Temporarily ignore certificate errors (not recommended)
curl -k https://self-signed.localProxy support is built-in:
# HTTP proxy
curl -x http://proxy.local:3128 https://example.com
# SOCKS5 proxy
curl -x socks5h://user:pass@proxy.local:1080 https://example.com-k (--insecure) is for temporary testing only. In production, fix trust chains rather than bypassing validation.
Advanced curl Tips for DevOps and Hosting
Set timeouts and retries (resilient scripts)
# Fail fast after 5 seconds total; retry up to 3 times on transient errors
curl --max-time 5 --retry 3 --retry-delay 2 --retry-connrefused https://api.example.com/healthCapture HTTP status and body separately
status=$(curl -s -o /tmp/body.txt -w "%{http_code}" https://example.com/health)
echo "Status: $status"
cat /tmp/body.txtThe -w (write-out) option exposes useful metrics like time, size, and protocol.
Measure performance
curl -o /dev/null -s -w "dns:%{time_namelookup} connect:%{time_connect} ttfb:%{time_starttransfer} total:%{time_total}\n" https://example.comDownload multiple files
# Brace expansion (if server path structure matches)
curl -O https://example.com/logs/2024-12-{01..31}.logFor large batches or parallelism, consider using GNU Parallel or xargs with curl.
Troubleshooting curl Errors
- Connection issues: Use
-vand check DNS, firewall, and proxy variables (http_proxy,https_proxy). - SSL errors: Install
ca-certificates, verify system time, or use--cacert. - Timeouts: Increase
--max-timeor set--connect-timeout. - HTTP 4xx/5xx: Inspect
-Iheaders, check authentication and payload, enable-v. - Rate limits: Add backoff with
--retry, and respect API quotas.
curl vs wget: When to Use Which?
- curl: Best for APIs, custom headers, authentication, granular protocols, fine-grained control. Rich request features.
- wget: Great for recursive website downloads and mirroring. Strong download features, simpler for bulk fetches.
- On servers, many admins install both. For REST testing and automation, curl is usually the first choice.
Security Best Practices with curl
- Avoid putting secrets in shell history; use environment variables or
.netrc(restrict permissions to 600). - Don’t rely on
-kin production; fix certificate trust chains. - Validate inputs if building scripts that interpolate URLs or headers.
- Use least privilege API tokens and rotate them regularly.
- Mask tokens in CI logs and prefer
--silentwith explicit error handling.
Real World Use Cases on Linux Servers
- Health checks: Query
/healthendpoints in cron or systemd units. - Deployment hooks: Notify webhooks (Slack, Git, CI) after releases.
- Backup verification: Validate object storage or CDN URLs post upload.
- SSL validation: Confirm certificate chains and expiration on staging before go-live.
- Content testing: Fetch headers to confirm cache status (e.g.,
Cache-Control,ETag).
At YouStable, our managed hosting engineers use curl daily to test uptime, verify HTTPS on new domains, and validate API integrations. If you prefer to focus on your app while we handle server level diagnostics and performance, our managed plans can help.
FAQ’s
1. What is curl used for in Linux?
curl is used to transfer data over URLs. Common tasks include downloading files, testing and debugging HTTP/HTTPS requests, sending headers, authenticating with APIs, uploading files, and automating network tasks in scripts or CI/CD pipelines.
2. How do I send headers with curl?
Use the -H flag. Example: curl -H "Accept: application/json" -H "Authorization: Bearer <TOKEN>" https://api.example.com/v1/data. Add one -H per header.
3. How do I send a POST request with curl?
Use -X POST with --data or -F for forms. For JSON: curl -X POST -H "Content-Type: application/json" --data '{"id":1}' https://api.example.com. For file uploads: curl -F "file=@/path/to/file.txt" https://api.example.com/upload.
4. How do I follow redirects in curl?
Use the -L option: curl -L http://example.com. This is helpful when a site redirects from HTTP to HTTPS or uses canonical redirect rules.
5. How can I fix SSL certificate errors with curl?
Install or update ca-certificates, ensure system time is correct, or specify a custom CA with --cacert. Avoid -k except for temporary testing; fix the certificate chain instead for production-grade security.
Conclusion
The curl command in Linux is a must have for developers, sysadmins, and site owners. With a few core options, you can download files, test APIs, manage headers, and automate workflows reliably. Bookmark the examples above, and integrate curl into your daily toolkit to speed up diagnostics and deployment tasks.
