-
Notifications
You must be signed in to change notification settings - Fork 10.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please provide channel creation arg to disable http proxying #11751
Comments
This will fix grpc#9989, grpc#11603, grpc#11751. no_proxy is typically comma separated list of hosts and or domains. Matching must be from the end of the uri to accomodate whole domain and subdomain whitelisting. This will work for well-formed no_proxy strings, but may fail if there are additional spaces.
The attached PR does not solve my problem, because no_proxy only lets you specify *.domain.com. we connect to IP/port which does not play nicely with no_proxy, so we'd still like a channel arg to explicitly disable proxy. |
Ping? This was a breaking change after 1.2 and makes it harder to use grpc client in the same application with other libraries that talk to outside world such as boto (http://boto3.readthedocs.io/en/latest/index.html) |
@nicolasnoble, @ctiller: what are your thoughts on this? |
Bouncing this one to @markdroth - this was mainly targeted at @ctiller, but wasn't reassigned properly when he left. |
Reassigning to @yashykt, who now owns the proxy mapper code. |
I don't get why the IP address can not be used in the no_proxy env variable. |
Given that we have existing ways to disable proxying, I don't see the need for this. (I don't see any restriction which says IP addresses cannot be added in no_proxy.) Feel free to reopen if I'm wrong. |
@yashykt yes, no_proxy can be used with an IP address, but it cannot be used with IP ranges as far as I know. (See also https://unix.stackexchange.com/questions/23452/set-a-network-range-in-the-no-proxy-environment-variable). If I am wrong about this point, please show me, I'd love a solution. Since we have a deployment of 50K+ machines, it is not feasible to specify no_proxy env variable that will whitelist them all. I don't see a way to reopen this issue from my end, perhaps your permissions are locked down. |
Reopened per reporter's request |
Another approach might have been to use separate processes, but it might be a good idea to have explicit channel arguments for http proxy. |
channel arg GRPC_ARG_ENABLE_HTTP_PROXY added for this purpose in #15699. Set it to zero to disable http proxy usage. |
Please answer these questions before submitting your issue.
Should this be an issue in the gRPC issue tracker?
Yes
What version of gRPC and what language are you using?
1.4 python
What operating system (Linux, Windows, …) and version?
linux
What did you do?
Set http_proxy +no_proxy env vars, run python code. Try to connect to grpc server running on localhost
What did you expect to see?
Connect to server
What did you see instead?
Connection fails because it gets proxied
Anything else we should know about your project / environment?
This used to work in 1.0 before http_proxy was implemented. We need http_proxy set in our env in order for a lot of other code to correctly proxy connections to the outside world. Even if no_proxy were supported so we could connect to localhost, we still don't want to proxy all other rpcs. Can you please implement a channel creation arg that says to ignore http_proxy?
The text was updated successfully, but these errors were encountered: