The chef server normally keeps copies of the cookbooks loaded locally, and passes them out to the chef clients on request. It’s why in development environments, it can be really easy to load a testing cookbook on top of someone else’s cookbook and break the cookbook for other chef clients, and it’s why I try to test first with chef-solo before committing updated cookbooks anywhere else.
In your case, I think you’d be editing Berksfile, setting an authorized supermarket there for a designated set of cookbooks, and loading or updating the cookbooks from there to the chef server. A chef server does not normally communicate to the upstream cookbook repository. It normally gets cookbooks loaded by an authorized administrator from a locally installed cookbook, and these are locally downloaded and bundled with Berkshelf on the relevant server. That server can be and often is the chef server itself: it need not be, it can be done by any authorized administator with the knife upload.
I suggest that you be careful not to confuse the Berkshelf or otherwise managed copying of supermarket or local cookbooks to a local workspace with the upload to the chef server, and don’t confuse the upload to the chef server with the chef client downloads. They’re distinct stages, highly flexible and tunable.