Keep in mind you will have to install an SSL certificate on the Raspberry PI to download the GIT hub file and program. You have to copy the SSL file over to the pi by way of a USB drive and reconfigure your ca certificates for that, or just connect the pi to a non-proxied system to get your files after set it back. If you are like me you just add the certificate so you can access the proxy.
To add the firewalls certificate used with the proxy first download it directly from the firewall so you know it is yours.
after
sudo mkdir /media/usb
sudo mount /dev/sda2 /media/usb -o umask=000
cd /media/usb
#find your file from the flash drive lets call it CA-Cert.crt
#copy it to the locations is it needed at
sudo cp CA-Cert.crt /etc/ssl/certs
sudo cp CA-Cert.crt /usr/share/ca-certificates/
sudo cp CA-Cert.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
This should fix your certificate issue to use wget while in the proxy.
Final step we need to make sure that once inside the proxy that you can't call the wpad, meaning that the WPAD is a one-way ticket that the proxy or it's cache cannot access it for added security.
Add this to custom options on the Squid configuration, it is not really needed I add this for fear of container issues,
acl wpad urlpath_regex ^/wpad.dat$
acl wpad urlpath_regex ^/proxy.pac$
acl wpad urlpath_regex ^/wpad.da$
#deny_info 200:/etc/squid/wpad.dat wpad # this is if you manage wpad from squid not needed here
reply_header_access Content-Type deny wpad